Virgin Media Virgin Media Community

ZHackH · ‎15-01-2023

Hey Ladies and gents. I have been a VM customer for about 13 years... The following is something I'll break down into two sections. The story/Proof and help/advice. Feel free to skip to the advice section if the long read is not for you.

The story/Proof

I've lived at my current address for about 8 years. My neighbour for the last 4. We've always been very polite and neighbourly. Hi and a smile. Most importantly, I've never heard him and his wife. which is ideal given we live in a terraced house. However, when the pandemic hit this guy lost his job and my assumption is that with our current economy things haven't improved. During the first lockdown this guy started to drink. I'd seem him stumbling outside or clearly intoxicated. Eventually, in 2022 he started crashing around his home late at night, shouting screaming etc etc. Politely I'd brought up the subject, not even in a direct way more so "I heard some strange noises" etc. He apologized profusely. But soon after, I'm talking within a few days, I started hearing something rubbing against the wall.

Side note: My living room wall is adjacent to his hallway/entrance and stairs

The sound, sounds exactly like someone rubbing their hands together. My initial thought was that the neighbour was doing painting and decorating, but this was followed by my connection dropping and reconnecting. Like someone turning a light switch on and off. My initial response was new LAN cables and a "new" router from VM. But this bought me a few days and this disconnect followed by an immediate reconnect resumed. The evidence that I this drop and reconnect was actually intentional came from my neighbours wife. He being drunk and his wife frustrated had a blow up where she specifically said "$*&%ing around with the neighbours internet." His drunken response was along the lines of "Who does he think he is." Just riddled with more expletives. None of which he said when we spoke face to face.

I took this info to my VM and they identified the drops but said they don't have the capabilities to stop it and that I would d need to I myself would need to ID the source ETC ETC. Long story short they can't do much without certain legal criteria being met beforehand. I plan to get this too them but obviously my first priority is stopping this attack.

Advice: VM suggested that I can put my router into router mode and use an external router. My research initially took me to VPN routers but eventually led me peplink routers which are built with enhanced security in mind. To be honest, router security beyond a long password that I change periodically, isn't something I am familiar with. However I am eager to learn. My hope is that using a router which is more secure is my first step and that Surf Soho/peplink can assist. I had no idea that VM routers were this vulnerable. But my question is will router mode help.

This is what the hack looks like: https://imgur.com/AwabF8c/embed?ref=https%3A%2F%2F

The above in recorded from my tv while playing a gaming console. I've edited the vid to show one instance but in practice happens several times per minute. On/off. I've been a gamer since the Super Nintendo. Before console were online and I've never experienced anything like that. I didn't even know what a ddos was until I realized it was intentional.I came here because most people suspect that DDOS on me as an individual isn't worthwhile. Assuming that one individual would need a multitude of machines, physically, at his address. Despite the fact that you can purchase DOS attacks online

Please advise.

Please help.

goslow · ‎25-01-2023

@ZHackH wrote:
@goslow any thoughts on the graph/chart?

Hey ipfreely. I only game with friends and never with randoms. I mainly play single player games, I haven't actually had any disruption to my online gaming in terms of interruptions, because of single player games. Whoever is behind it simply made me aware they could do it.

Final post from me on this topic (after a request from the OP via PM to comment). I had deliberately not commented further in the hope that some of the regular tech experts might be able to put the pieces of this story together into an explanation of what was going on but ...

From the info you have posted, your BQM at #28 to my (untrained) eye looks healthy. If you were experiencing disconnections to your hub between 21:00 and 22:00/23:00 then they are not showing on that BQM.

Your downstream/upstream levels seem to be within what I understand to be normal ranges. IPFreely at #29 advises the upstream channel at 16QAM could be a normal configuration (beyond my tech level/knowledge on that aspect) and Andrew-G at #18 comments that 2 channels on the downstream have higher error rates than the other downstream channels. Others on here may be able to read into the fine detail of the figures and see more (if there is more to see).

legacy1 at #13 mentions interference with VM's cable connection. Past neighbour-related topics usually feature neighbours cutting or unplugging connections outside but there does not seem to be evidence of that kind of disconnection here.

Final bit of info you could post would be the full network logs from the VM hub across time period matching the BQM image 21:00 and 22:00/23:00 when you say you were disconnected to see if anything in the network logs appears.

Can't add any more than that. Hope someone else can comment and offer some more suggestions for you. VM forum team may be able to see further info on their end to do with your connection status. Hope you can find an explanation for the issue.

ZHackH · ‎26-01-2023

I'm not sure what to make of this. Elsewhere they're calling it proof but I'm not sure what you guys will make of it. After failing to ID the DDOS on a the graph I was told by another community to find the ip of my console and monitor that device specifically. However, once I located and attempted to add a monitor I was given this message.

My consoles IP is already being tracked. Now, I haven't added my IP anywhere on the internet. But somehow the IP of the device being targetted is already being tracked. Does anyone have a logical explanation as to why?

I have contacted the team and my hope is that they'll assist in identifying "whoever" it is that is monitoring my device.

Tudor · ‎26-01-2023

"My consoles IP is already being tracked" do you really mean your WAN IP. Anyone can set up a BQM on any IP address, it’s possible that the person that had your WAN IP address previously had set up a BQM and not deleted it.

Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2

ZHackH · ‎26-01-2023

Hi Tudor.

The great advice from goslow first introduced me to the BQM. I mistakenly used the address of the VPN I have, a service I signed upto once my suspicions were raised. I then used my isp with the router turned off but that didn't show any results. I was advised that if this indeed was a DOS attack then I should trying monitoring the consoles address as they could be targetting that specifically.

Please bear in mind that I have never known my consoles or looked it up prior to this suggestion. The BQM rejected my request because the consoles IP, the target of the attack, is already being monitored. For good measure I added another address of a device in my home and that was accepted.

So for some strange reason... A BQM has already been set up on my console which is unqiue and as many have stressed, difficult for just anybody to find.

ZHackH · ‎26-01-2023

"I then used my isp with the VPN turned off"

Sorry for the error here I'm unable to edit my posts

Virgin Media Virgin Media Community

Virgin Media Virgin Media Community

DDOS/DOS Help