This morning i received a letter telling me about a potential multicast DNS vulnerability.
I have read the letter and tried to follow the directions to deal with it but when i try to log into my router its telling me the password on the bottom of the router is wrong. I now dont know what to do. Any help would be received greatly.
Regards the multicast issue, it's regarding port 5353 UDP being open on the router.
- Alas, you can't block the individual port via the firewall due to the shoddy implementation by VM - It's specifically related to TiVo, unless you're a Mac user, then also applies to AppleTV, Bonjour and AirPlay. - The information VM give isn't useful and after contacting them, they haven't the foggiest what it means. - TiVo requires unrestricted access to 5353TCP/UDP to function properly
I had my first letter about this last week. This is the first time in 8 years as a VM customer that I've ever had anything like this and can only assume that they changed something recently on their network either related to how the new V6 box works or how the IPBill is being implemented.
You won't get much help from ShadowServer either. Have been in contact with them frequently about this and they have come to a similar conclusion that it's TiVo related.
Thank you monkehfu i will have a go. I only have broadband with virgin but i noticed last night my router had a green flashing traffic light. Funny you should mention apple tv we originally left virgin a few years ago as we couldnt use any iphones or ipads with virgin. I did dread ringing virgin after reading a few posts on here about them not having a clue.
I recvieved pone of these today and it's not particularly helpful.
It claims a device on my network with an IP address I dont recognise has a vulnerabilty and tells me to come here to this subforum for information.
Lo and behold, no information. Brilliant.
The letter itself is worded so technically detailed that anyone without some semblance of networking knowledge is going to look at it and throw it in the bin. It tells me to go to the shadowserver.org website. Given I have no desire to disseminate technical information because Virgin say I'm at risk, then offer no real help (the guide online only refers to non AC superhub instructions by the looks of things) and it just says 'in the IP section, put in the address of the servers you access remotely' The IP address starts 82, but all mine are internal .192?
Helpful, as I dont access any remote servers so i have absolutely no idea what this is about? Can anyone help?
Ref the green flashing light, I have an AC router and I was under the impression this was a firmware issue, i have it to, but a restart sorts it. Temporarily.
So how do I resolve the external ip address that virgin see to an internal device without a mac address?
I suspect it's either Sonos streaming Spotify or a single IP camera as I dont have Virgin TV, but as both have been in place for over 6 months, I suspedt it's always been the case and Virgin have started now reporting to customers about vulnerabilities in 'Multicast' devices. Either way, there's nothing i can do about it as I'm not about to stop using either.
I got one of those letters today as well. I went to the virginmedia.com/mdns page and the instructions for resolving the issue don't apply to my router as far as I can see - mine is a Hub 3.0. According to the letter, someone has made a change to the router settings. I recently put my PS4 into the DMZ on a static IP to reduce lag on Battlefield 1. Didn't help much so I turned off DMZ just now. Maybe that was something to do with it?
I also notice the letter seems to be trying to sell me a security app. If that is what this is all about, I'll start looking into getting another ISP.
I think I'll go back to the shop tomorrow and show them the letter as I don't see any phone numbers to ring for advice.
I managed to reset my router and tried the firewall solution the only thing that mine differed from was m firewall was set to low. Looking through the posts this evening it's possible then it might be my sonos
I too got one of these letters yesterday. I have my own router and have recently put my PS4 in the DMZ to try and resolve NAT issues when playing Call of Duty. The reason for this is we have 2 PS4's connected to the router so having one in the DMZ seems to resolve NAT Issues. With someone else posting they also have done this recently I'm thinking it's down to this and I'm no longer worried.