Menu
Reply
  • 2
  • 0
  • 0
WideScience
Joining in
247 Views
Message 1 of 3
Flag for a moderator

Potential SSDP vulnerability (letter from VM) - how can I fix it?

Hi All

just received a letter from VM telling me I have a potential SSDP vulnerability in a device connected to my home network.

I followed the link to the VM help/support pages and have tried to follow the advice on how to fix the issue (block external UPnP) by configuring the VM Firewall (Virgin Media Super Hub 2ac) to block port 1900.

However, for the final steps (red text in the bullets below) there are NO rules specified in my hub settings, so I can't tick the delete box next to any rules that will keep port 1900 open. Consequently, this fix doesn't apply to my situation, and VM's advice doesn't give any other solutions, so how can I fix this potential vulnerability?

I've also checked the DMZ and this is unticked/deactivated, so I'm at a loss. VM tell me there's a problem, but not how to fix it....and you'd need a degree in Comp Sci to understand the jargon on the Shadowserver website.

I'd be really grateful if someone could please point me in the right direction for a fix.

Many thanks!

W

Virgin Media Super Hub

To close the vulnerable port on the Super Hub 1 or 2’s firewall:

  • Access your Hub's configuration page - default web address: 192.168.0.1
  • Login with your username and password, default will be shown on the Hub itself
  • SelectAdvanced Settings and accept the prompt
  • Scroll down to theSecurity section
  • Select thePort Forwarding option
  • Tick theDelete box next to any rules that will keep port 1900 open
  • Click theApply option
  • Select thePort Triggering option
  • Tick theDelete box next to any rules that will keep port 1900 open

Click the Apply option

0 Kudos
Reply

Helpful Answers
  • 3.51K
  • 203
  • 982
Sololobo
Wise owl
429 Views
Message 2 of 3
Flag for a moderator
Helpful Answer

Re: Potential SSDP vulnerability (letter from VM) - how can I fix it?

This post from ravenstar68 will give you more assistance: http://community.virginmedia.com/t5/Security-matters/mDNS-and-SSDP-vulnerabilities-a-suggestion-for-...

 




It's What I Do.
I Drink and I
Remember Things.

All Replies
  • 3.51K
  • 203
  • 982
Sololobo
Wise owl
430 Views
Message 2 of 3
Flag for a moderator
Helpful Answer

Re: Potential SSDP vulnerability (letter from VM) - how can I fix it?

This post from ravenstar68 will give you more assistance: http://community.virginmedia.com/t5/Security-matters/mDNS-and-SSDP-vulnerabilities-a-suggestion-for-...

 




It's What I Do.
I Drink and I
Remember Things.
  • 2
  • 0
  • 0
WideScience
Joining in
190 Views
Message 3 of 3
Flag for a moderator

Re: Potential SSDP vulnerability (letter from VM) - how can I fix it?

Hi Wise Owl

Thanks very much for your reply - much appreciated - and apologies for my tardiness in getting back to you.

Before I try ravenstar68's fix, a bit more context info would be really helpful....Does the SSDP vulnerability definitely lie within the settings of my Virgin Super-Hub 2ac, or could it result from firewall settings elsewhere (e.g., my desktop PC runs BitDefender anti-virus with firewall settings), or, vulnerabilities in devices attached via wireless to the Super-Hub (we currently have three Android tablets connected - one is a re-conditioned tablet that was connected for the first time around the same time that we got the letter from VM).

I'm just trying to pinpoint the most likely source of the problem, but since I don't know much about SSDP, DDOS, ports, etc., it'd be good to confirm that the Super-Hub is definitely the source of the problem, if that's correct?

Thanks again for any advice.

Cheers

W

0 Kudos
Reply