Menu
Reply
  • 16
  • 0
  • 0
lin1971
Joining in
3,649 Views
Message 1 of 40
Flag for a moderator

Multicast DNS vulnerability

Hi there.

This morning i received a letter telling me about a potential multicast DNS vulnerability.

I have read the letter and tried to follow the directions to deal with it but when i try to log into my router its telling me the password on the bottom of the router is wrong. I now dont know what to do. Any help would be received greatly.

0 Kudos
Reply
  • 34
  • 0
  • 10
monkehfu
On our wavelength
3,628 Views
Message 2 of 40
Flag for a moderator

Re: Multicast DNS vulnerability

Details here on how to reset your router/password

http://help.virginmedia.com/system/selfservice.controller?CMD=VIEW_ARTICLE&ARTICLE_ID=13722&CURRENT_...

Regards the multicast issue, it's regarding port 5353 UDP being open on the router.

- Alas, you can't block the individual port via the firewall due to the shoddy implementation by VM
- It's specifically related to TiVo, unless you're a Mac user, then also applies to AppleTV, Bonjour and AirPlay.
- The information VM give isn't useful and after contacting them, they haven't the foggiest what it means.
- TiVo requires unrestricted access to 5353TCP/UDP to function properly

I had my first letter about this last week. This is the first time in 8 years as a VM customer that I've ever had anything like this and can only assume that they changed something recently on their network either related to how the new V6 box works or how the IPBill is being implemented.

You won't get much help from ShadowServer either. Have been in contact with them frequently about this and they have come to a similar conclusion that it's TiVo related.

Hope that helps?

  • 16
  • 0
  • 0
lin1971
Joining in
3,626 Views
Message 3 of 40
Flag for a moderator

Re: Multicast DNS vulnerability

Thank you monkehfu i will have a go.
I only have broadband with virgin but i noticed last night my router had a green flashing traffic light. Funny you should mention apple tv we originally left virgin a few years ago as we couldnt use any iphones or ipads with virgin. I did dread ringing virgin after reading a few posts on here about them not having a clue.
0 Kudos
Reply
  • 25
  • 2
  • 6
TimmyMallett
On our wavelength
3,618 Views
Message 4 of 40
Flag for a moderator

Re: Multicast DNS vulnerability

I recvieved pone of these today and it's not particularly helpful.

 

It claims a device on my network with an IP address I dont recognise has a vulnerabilty and tells me to come here to this subforum for information.

 

Lo and behold, no information. Brilliant. 

 

The letter itself is worded so technically detailed that anyone without some semblance of networking knowledge is going to look at it and throw it in the bin. It tells me to go to the shadowserver.org website. Given I have no desire to disseminate technical information because Virgin say I'm at risk, then offer no real help (the guide online only refers to non AC superhub instructions by the looks of things) and it just says 'in the IP section, put in the address of the servers you access remotely'  The IP address starts 82, but all mine are internal .192?

 

Helpful, as I dont access any remote servers so i have absolutely no idea what this is about? Can anyone help?

 

 

 

 

Ref the green flashing light, I have an AC router and I was under the impression this was a firmware issue, i have it to, but a restart sorts it. Temporarily.

0 Kudos
Reply
  • 34
  • 0
  • 10
monkehfu
On our wavelength
3,615 Views
Message 5 of 40
Flag for a moderator

Re: Multicast DNS vulnerability

The IP address starting 82. is your external IP address of the router, what's displayed to the outside world.
Click this link and it will confirm your IP address http://www.whatsmyip.org.

192. are internal network addresses. 192.168.0.1 is usually home by default, everything starting 192.168.*.* will be the devices connected.

 

0 Kudos
Reply
  • 25
  • 2
  • 6
TimmyMallett
On our wavelength
3,609 Views
Message 6 of 40
Flag for a moderator

Re: Multicast DNS vulnerability

So how do I resolve the external ip address that virgin see to an internal device without a mac address?

 

I suspect it's either Sonos streaming Spotify or a single IP camera as I dont have Virgin TV, but as both have been in place for over 6 months, I suspedt it's always been the case and Virgin have started now reporting to customers about vulnerabilities in 'Multicast' devices. Either way, there's nothing i can do about it as I'm not about to stop using either.

0 Kudos
Reply
  • 2
  • 0
  • 0
John29
Joining in
3,597 Views
Message 7 of 40
Flag for a moderator

Re: Multicast DNS vulnerability

I got one of those letters today as well.  I went to the virginmedia.com/mdns page and the instructions for resolving the issue don't apply to my router as far as I can see - mine is a Hub 3.0.  According to the letter, someone has made a change to the router settings. I recently put my PS4 into the DMZ on a static IP to reduce lag on Battlefield 1. Didn't help much so I turned off DMZ just now.  Maybe that was something to do with it?

I also notice the letter seems to be trying to sell me a security app.  If that is what this is all about, I'll start looking into getting another ISP.

I think I'll go back to the shop tomorrow and show them the letter as I don't see any phone numbers to ring for advice.  

 

 

 

 

 

 

 

 

0 Kudos
Reply
  • 34
  • 0
  • 10
monkehfu
On our wavelength
3,571 Views
Message 8 of 40
Flag for a moderator

Re: Multicast DNS vulnerability

It'll be the Sonos according to Sonos' port information.
0 Kudos
Reply
  • 16
  • 0
  • 0
lin1971
Joining in
3,569 Views
Message 9 of 40
Flag for a moderator

Re: Multicast DNS vulnerability

I managed to reset my router and tried the firewall solution the only thing that mine differed from was m firewall was set to low. Looking through the posts this evening it's possible then it might be my sonos
0 Kudos
Reply
  • 3
  • 0
  • 2
namcouk
Tuning in
3,533 Views
Message 10 of 40
Flag for a moderator

Re: Multicast DNS vulnerability

I too got one of these letters yesterday.  I have my own router and have recently put my PS4 in the DMZ to try and resolve NAT issues when playing Call of Duty.  The reason for this is we have 2 PS4's connected to the router so having one in the DMZ seems to resolve NAT Issues.  With someone else posting they also have done this recently I'm thinking it's down to this and I'm no longer worried.

0 Kudos
Reply