on 15-01-2023 17:34
Hey Ladies and gents. I have been a VM customer for about 13 years... The following is something I'll break down into two sections. The story/Proof and help/advice. Feel free to skip to the advice section if the long read is not for you.
The story/Proof
I've lived at my current address for about 8 years. My neighbour for the last 4. We've always been very polite and neighbourly. Hi and a smile. Most importantly, I've never heard him and his wife. which is ideal given we live in a terraced house. However, when the pandemic hit this guy lost his job and my assumption is that with our current economy things haven't improved. During the first lockdown this guy started to drink. I'd seem him stumbling outside or clearly intoxicated. Eventually, in 2022 he started crashing around his home late at night, shouting screaming etc etc. Politely I'd brought up the subject, not even in a direct way more so "I heard some strange noises" etc. He apologized profusely. But soon after, I'm talking within a few days, I started hearing something rubbing against the wall.
Side note: My living room wall is adjacent to his hallway/entrance and stairs
The sound, sounds exactly like someone rubbing their hands together. My initial thought was that the neighbour was doing painting and decorating, but this was followed by my connection dropping and reconnecting. Like someone turning a light switch on and off. My initial response was new LAN cables and a "new" router from VM. But this bought me a few days and this disconnect followed by an immediate reconnect resumed. The evidence that I this drop and reconnect was actually intentional came from my neighbours wife. He being drunk and his wife frustrated had a blow up where she specifically said "$*&%ing around with the neighbours internet." His drunken response was along the lines of "Who does he think he is." Just riddled with more expletives. None of which he said when we spoke face to face.
I took this info to my VM and they identified the drops but said they don't have the capabilities to stop it and that I would d need to I myself would need to ID the source ETC ETC. Long story short they can't do much without certain legal criteria being met beforehand. I plan to get this too them but obviously my first priority is stopping this attack.
Advice: VM suggested that I can put my router into router mode and use an external router. My research initially took me to VPN routers but eventually led me peplink routers which are built with enhanced security in mind. To be honest, router security beyond a long password that I change periodically, isn't something I am familiar with. However I am eager to learn. My hope is that using a router which is more secure is my first step and that Surf Soho/peplink can assist. I had no idea that VM routers were this vulnerable. But my question is will router mode help.
This is what the hack looks like: https://imgur.com/AwabF8c/embed?ref=https%3A%2F%2F
The above in recorded from my tv while playing a gaming console. I've edited the vid to show one instance but in practice happens several times per minute. On/off. I've been a gamer since the Super Nintendo. Before console were online and I've never experienced anything like that. I didn't even know what a ddos was until I realized it was intentional.I came here because most people suspect that DDOS on me as an individual isn't worthwhile. Assuming that one individual would need a multitude of machines, physically, at his address. Despite the fact that you can purchase DOS attacks online
Please advise.
Please help.
on 15-01-2023 23:18
Hey goslow
The cables have been changed 3 times. Twice by myself and once by VM. Also a change in router which bought me a few days before the disconnect started again relentlessly. My Console, never moved. neither did either router and the cables being brand new...
Coupled with the admission from my neighbours wife and my experience as a gamer, I'm pretty certain the intention is malicious.
That aside, when the next attack happens what should I do. Check the BQM or post a setting/result found within the router.
So much respect and appreciation for taking the time.
15-01-2023 23:35 - edited 15-01-2023 23:58
@ZHackH wrote:Hey goslow
The cables have been changed 3 times. Twice by myself and once by VM. Also a change in router which bought me a few days before the disconnect started again relentlessly. My Console, never moved. neither did either router and the cables being brand new...
<snip>
If that is so, I'd suggest that your VM connection needs further investigation based on the upstream stat's and the entries in the network log. Read the info here
on 'RCS Partial Service' and T3 timeouts which appear in your network logs. You also have the 1970 date stamp in your network log which is also mentioned in the help topic in regard to noise issues. Is that all of your network log or have you edited the contents? There is not much in it if that's everything in it from end of November.
I don't think you are being attacked by your neighbour (or have been). I think you have a connection issue.
If VM has swapped your hub, I would expect your new hub would get a different IP address so any previous attack (if there ever was one) would be on the old IP address and your neighbour would not know the new one for a new hub.
In addition, just before Xmas, I had to look at the connection of a friend who was experiencing numerous disconnections and requiring a regular reboot of the hub. His upstream stat's were the same as yours (one channel on 16 QAM). VM swapped the hub, various cables and splitters and the problem went away but the upstream error still showed in his hub stat's. My friend is certainly not a gamer (web browsing only) and I guess VM's changes made sufficient improvement for him but without actually curing the problem. Gaming requires a good upstream and downstream connection so I am guessing that this is why you are experiencing the problem on your console.
If you have got the BQM running, just let it do its thing and let it run through a period when you experience the issue and the BQM should capture the disconnection (if it is your VM connection which is being affected).
You'll need some of the regular tech experts on here to advise further once you have a BQM to look at as well, alongside the hub stat's. They'll be able to add to (or correct!) what I have already suggested about your issue. Once you have got some BQM data crossing a time period in which you are disconnected, post that BQM graph for further comment and suggestions.
on 16-01-2023 11:36
on 16-01-2023 14:32
It happened again today twice between 11 ant 12:30 but on my console. Is there a way to monitor the targeted device.
on 16-01-2023 15:46
@ZHackH wrote:
It happened again today twice between 11 ant 12:30 but on my console. Is there a way to monitor the targeted device.
Your BQM is showing a small amount of packet loss at approx 00:00, 08:45 and 11:00 today (this is to your VM hub, not individually to your console).
Post up another set of your Downstream, Upstream and Network Logs.
You'll then need someone on here to comment who has a good knowledge of the stat's and the BQM graphs to advise if the info gives any clues as to whether they are the cause of the disconnections on your console.
on 16-01-2023 16:44
This is obviously several hours after the loss of service so I'm not sure how relevant but as you asked.
Channel Frequency (Hz) Power (dBmV) SNR (dB) Modulation Channel ID
1 | 259000000 | 5.6 | 38 | 256 qam | 16 |
2 | 251000000 | 5.5 | 38 | 256 qam | 15 |
3 | 267000000 | 6.1 | 38 | 256 qam | 17 |
4 | 275000000 | 6 | 38 | 256 qam | 18 |
5 | 283000000 | 6 | 38 | 256 qam | 19 |
6 | 291000000 | 6.1 | 38 | 256 qam | 20 |
7 | 299000000 | 6 | 38 | 256 qam | 21 |
8 | 307000000 | 5.5 | 38 | 256 qam | 22 |
9 | 315000000 | 5.9 | 38 | 256 qam | 23 |
10 | 323000000 | 5.8 | 37 | 256 qam | 24 |
11 | 331000000 | 5.5 | 38 | 256 qam | 25 |
12 | 339000000 | 6 | 37 | 256 qam | 26 |
13 | 347000000 | 5.8 | 38 | 256 qam | 27 |
14 | 355000000 | 5.4 | 38 | 256 qam | 28 |
15 | 363000000 | 5.4 | 38 | 256 qam | 29 |
16 | 371000000 | 4.6 | 37 | 256 qam | 30 |
17 | 379000000 | 3.9 | 37 | 256 qam | 31 |
18 | 387000000 | 4.1 | 37 | 256 qam | 32 |
19 | 395000000 | 4.3 | 37 | 256 qam | 33 |
20 | 403000000 | 4 | 38 | 256 qam | 34 |
21 | 411000000 | 4.4 | 37 | 256 qam | 35 |
22 | 419000000 | 4.5 | 38 | 256 qam | 36 |
23 | 523000000 | 2.4 | 37 | 256 qam | 37 |
24 | 531000000 | 2 | 37 | 256 qam | 38 |
Channel Locked Status RxMER (dB) Pre RS Errors Post RS Errors
1 | Locked | 38.6 | 16 | 0 |
2 | Locked | 38.6 | 12 | 0 |
3 | Locked | 38.6 | 6 | 0 |
4 | Locked | 38.9 | 8 | 0 |
5 | Locked | 38.6 | 6 | 0 |
6 | Locked | 38.9 | 5 | 0 |
7 | Locked | 38.6 | 5 | 0 |
8 | Locked | 38.6 | 7 | 0 |
9 | Locked | 38.6 | 7 | 0 |
10 | Locked | 37.6 | 7 | 0 |
11 | Locked | 38.6 | 1 | 0 |
12 | Locked | 37.6 | 5 | 0 |
13 | Locked | 38.6 | 5 | 0 |
14 | Locked | 38.6 | 8 | 0 |
15 | Locked | 38.6 | 5 | 0 |
16 | Locked | 37.6 | 15 | 0 |
17 | Locked | 37.3 | 2 | 0 |
18 | Locked | 37.6 | 5 | 0 |
19 | Locked | 37.6 | 5 | 0 |
20 | Locked | 38.6 | 2 | 0 |
21 | Locked | 37.6 | 8 | 0 |
22 | Locked | 38.6 | 10 | 0 |
23 | Locked | 37.3 | 351 | 0 |
24 | Locked | 37.6 | 450 | 0 |
Channel Frequency (Hz) Power (dBmV) Symbol Rate (ksps) Modulation Channel ID
1 | 30100005 | 37.5 | 5120 | 64 qam | 4 |
2 | 23600203 | 37.3 | 5120 | 16 qam | 5 |
3 | 49600268 | 38 | 5120 | 64 qam | 1 |
4 | 43099927 | 37.8 | 5120 | 64 qam | 2 |
5 | 36600044 | 37.8 | 5120 | 64 qam | 3 |
Channel Channel Type T1 Timeouts T2 Timeouts T3 Timeouts T4 Timeouts
1 | ATDMA | 0 | 0 | 0 | 0 |
2 | ATDMA | 0 | 0 | 0 | 0 |
3 | ATDMA | 0 | 0 | 0 | 0 |
4 | ATDMA | 0 | 0 | 0 | 0 |
5 | ATDMA | 0 | 0 | 0 | 0 |
16-01-2023 16:57 - edited 16-01-2023 16:58
@ZHackH wrote:This is obviously several hours after the loss of service so I'm not sure how relevant but as you asked.
Just seeking to confirm your stat's are unchanged since yesterday. You still have 16 QAM on one of your upstream channels and it looks as if your hub has restarted since yesterday as well.
Post up your full 'Network Log' to see what is recorded when you experienced the disconnections today at 08:45, 11:00 and 12:00. Post the full log, don't edit bits out of it.
After that I'll have reached the limit of my tech skills to try to help further but others on here should be able to put the pieces together and advise on what is going on.
My thinking is along the lines that you are getting some sort of short disconnections which are knocking your console offline during gaming but without affecting your other online activities.
I am surprised no one else has dived in here with further info/advice. It's all very interesting, unusual neighbour behaviour, threats of internet tampering, one device being knocked offline ... wish I knew more about the tech side to join the dots for you.
on 16-01-2023 17:09
ZhackH: What's the BQM tracking? It doesn't look like a Virgin Media connection, which looks like this:
I must say I'm with goslow here - never attribute to malice that which can be attributed to other stuff. As noted your upstream modulation looks unreliable which could cause problems for a latency sensitive uses, but also notice the downstream pre-RS errors show a dodgy pattern. Pre-RS errors don't actually cause a problem as they're corrected by the hub, but assuming from the numbers of errors on other channels that you rebooted the hub recently, then the pre-RS counts on the highest channels might be accompanied over time by post-RS errors, and they certainly will cause issues unless at very low levels.
The other thought is, is the problem connection over wifi? There's lots of things (esp in terraced houses) that can cause momentary loss of a wifi connection. As one example of many, any recent Panasonic microwave is a very effective wifi-denial weapon.
on 16-01-2023 17:24
The folks next door affecting the connection is a exceedingly remote chance, they would have to figure
out your IP address and a DOS attack would raise a huge range of red flags to VM's platform monitoring,
a DDOS attack is a costly thing to perform.
So turning to the Hub logs, there is 1 noise degraded channel at 16 qam
and then there are 4 normal channels at 64 qam.
If we ignore the 1 degraded channel, the 4 x 64 qam channel represent a total of 108Mb/s of upstream bandwidth,
that could be over 3 times the Upstream subscription rate. The reason for having 5 channels is to be a bit more
robust there there is a noise issue.
on 16-01-2023 18:10
Hey Goslow
I did disconnect my router for about 20 minutes this morning. I do that in attempts to change the ip and the only other bit of help I recieved. The network logs do not show any other entries beyond the ones I posted earlier. As for the BQM, the disconnects happened between 11:30 -12:30. I myself took the router offline.
@Andrew
The BQM is tracking my router. I'm using a VPN. The attack as we call it is device specific. It targets the console and knocks me offline. The console is unmoved, untouched apart from a duster. IF you're seeing something one the BQM that doesn't make sense please share. I am using the router / Lan connection with my console.
@client
I'm almost ashamed to say that I don't get what a noise issue is
I'd like to add this nugget of info. Before the attacks started, they'd always follow my neighbour rubbing up against the wall. My wife who was initially skeptical and wanted to rationalise it as something else, saw/heard the pattern. I could game, right up until, my neighbour starts caressing the wall. After that stopped, you could set your watch to it. The disconnects would start. And I understand that the chances are remote but seeing it in practice is a different thing. I say that with every ouce of all due respect.
The disconnects happen on the console only. I'm guessing latency and buffering make streaming/tv less of a target. They knock the console off and immediately reconnect as seen in the link in my opening post.
That being said, is there a way to monitor the console as a device or will the BQM capture everything. Also and equally as important. Are there settings I can change in the modem to make DDOS/DOS attacks less successful?
As always I really appreciate the help and guidance. I'm sure this can reach a successful conclusion. So again, thanks.