Virgin Media Virgin Media Community

ZHackH · ‎15-01-2023

Hey Ladies and gents. I have been a VM customer for about 13 years... The following is something I'll break down into two sections. The story/Proof and help/advice. Feel free to skip to the advice section if the long read is not for you.

The story/Proof

I've lived at my current address for about 8 years. My neighbour for the last 4. We've always been very polite and neighbourly. Hi and a smile. Most importantly, I've never heard him and his wife. which is ideal given we live in a terraced house. However, when the pandemic hit this guy lost his job and my assumption is that with our current economy things haven't improved. During the first lockdown this guy started to drink. I'd seem him stumbling outside or clearly intoxicated. Eventually, in 2022 he started crashing around his home late at night, shouting screaming etc etc. Politely I'd brought up the subject, not even in a direct way more so "I heard some strange noises" etc. He apologized profusely. But soon after, I'm talking within a few days, I started hearing something rubbing against the wall.

Side note: My living room wall is adjacent to his hallway/entrance and stairs

The sound, sounds exactly like someone rubbing their hands together. My initial thought was that the neighbour was doing painting and decorating, but this was followed by my connection dropping and reconnecting. Like someone turning a light switch on and off. My initial response was new LAN cables and a "new" router from VM. But this bought me a few days and this disconnect followed by an immediate reconnect resumed. The evidence that I this drop and reconnect was actually intentional came from my neighbours wife. He being drunk and his wife frustrated had a blow up where she specifically said "$*&%ing around with the neighbours internet." His drunken response was along the lines of "Who does he think he is." Just riddled with more expletives. None of which he said when we spoke face to face.

I took this info to my VM and they identified the drops but said they don't have the capabilities to stop it and that I would d need to I myself would need to ID the source ETC ETC. Long story short they can't do much without certain legal criteria being met beforehand. I plan to get this too them but obviously my first priority is stopping this attack.

Advice: VM suggested that I can put my router into router mode and use an external router. My research initially took me to VPN routers but eventually led me peplink routers which are built with enhanced security in mind. To be honest, router security beyond a long password that I change periodically, isn't something I am familiar with. However I am eager to learn. My hope is that using a router which is more secure is my first step and that Surf Soho/peplink can assist. I had no idea that VM routers were this vulnerable. But my question is will router mode help.

This is what the hack looks like: https://imgur.com/AwabF8c/embed?ref=https%3A%2F%2F

The above in recorded from my tv while playing a gaming console. I've edited the vid to show one instance but in practice happens several times per minute. On/off. I've been a gamer since the Super Nintendo. Before console were online and I've never experienced anything like that. I didn't even know what a ddos was until I realized it was intentional.I came here because most people suspect that DDOS on me as an individual isn't worthwhile. Assuming that one individual would need a multitude of machines, physically, at his address. Despite the fact that you can purchase DOS attacks online

Please advise.

Please help.

goslow · ‎15-01-2023

@ZHackH wrote:
Hey Ladies and gents. I have been a VM customer for about 13 years... The following is something I'll break down into two sections. The story/Proof and help/advice. Feel free to skip to the advice section if the long read is not for you. <snip>

Before travelling along the hacking/DDOS route, have you investigated more mundane explanations like the signal levels to the VM hub, set up a BQM to track your disconnections etc. etc. ?

There have certainly been some actual 'mad neighbour' topics on here in the past but they aren't that common.

ZHackH · ‎15-01-2023

Believe it or not, this suggestion is only the second helpful post I've had since posting about this since December. So first and foremost, thank you.

I will setup a BQM. I don't know what that is but will investigate how.

My wife was at first very sceptical until my neighbour and his wife had that blow up where she, in the heat of the argument, said what she said about him messing with our internet. As for the increase in "My mad neighbour" posts, although I'm new here and this is my second post. I believe the cost of living increase, on the back of a pandemic... Coupled with the government's statistics on the spike in mental health issues is probably a cause.

I am eager to know if modem mode/new router can help.

Again, thank you.

goslow · ‎15-01-2023

@ZHackH wrote:
Believe it or not, this suggestion is only the second helpful post I've had since posting about this since December. So first and foremost, thank you.

I will setup a BQM. I don't know what that is but will investigate how.

My wife was at first very sceptical until my neighbour and his wife had that blow up where she, in the heat of the argument, said what she said about him messing with our internet. As for the increase in "My mad neighbour" posts, although I'm new here and this is my second post. I believe the cost of living increase, on the back of a pandemic... Coupled with the government's statistics on the spike in mental health issues is probably a cause.

I am eager to know if modem mode/new router can help.

Again, thank you.

BQM is a broadband quality monitor

https://www.thinkbroadband.com/broadband/monitoring/quality

you will see it in the signatures of some of the community members. It is a way of monitoring your connection around the clock to try to identify any performance issues/outages.

If you log into your VM hub, you should be able to access a page showing 'Downstream' signal levels, 'Upstream' signal levels and 'Network Logs' if you copy/paste those on here (without posting any personal info) then some of the network experts on here will be able to tell you if the signal info is within expected ranges.

Also, if you put your VM hub into modem mode, and use that in conjunction with your own router, you will get a new public IP address. Many regulars on this forum do that anyway for better networking provision than the VM hubs offer. But before doing that checking the basics of your existing VM hub setup would be worthwhile.

ZHackH · ‎15-01-2023

These are the stats you asked for but I should note that while I don't know what they equate too. The DDOS/DOS happens when I'm gaming.

[img]https://i.imgur.com/I4tfh7g.png[/img]

[img]https://i.imgur.com/qDgwgjp.png[/img]

[img]https://i.imgur.com/JeIZAZo.png[/img]

[img]https://i.imgur.com/tiIw1ex.png[/img]

[img]https://i.imgur.com/1ROdwWJ.png[/img]

Also could someone give a step by step guid on how to monitor. I signed up at thinkbroadband but I'm not sure how to link my device to that site. Truly appreciate the help.

goslow · ‎15-01-2023

@ZHackH wrote:
These are the stats you asked for but I should note that while I don't know what they equate too. The DDOS/DOS happens when I'm gaming.
Also could someone give a step by step guid on how to monitor. I signed up at thinkbroadband but I'm not sure how to link my device to that site. Truly appreciate the help.

I can access your images and to my (untrained) eye, I can see one of your upstream channels is operating at 16 QAM. AIUI, they should all run at 64 QAM (normally). Someone who actually understands the stat's can give you the correct info.

You would be better off to copy/paste them from the VM hub screen onto the forum pages as text. I don't think the VM forum team can view links to outside image sites IIRC (although they will be able to view your hub stat's via their own systems).

You should also post up the info from the 'Network Log' tab as this will provide further info

Ref the BQM, you need to find your public IP (which you can do via whatismyip.com) You use the IP address from 'My Public IPv4 is' on the screen from that site to set up the BQM.

ZHackH · ‎15-01-2023

Down

Refresh data

Downstream bonded channels

Channel Frequency (Hz) Power (dBmV) SNR (dB) Modulation Channel ID

1	259000000	5.6	38	256 qam	16
2	251000000	5.8	38	256 qam	15
3	267000000	6.1	38	256 qam	17
4	275000000	6.1	38	256 qam	18
5	283000000	6	38	256 qam	19
6	291000000	6.3	38	256 qam	20
7	299000000	6	38	256 qam	21
8	307000000	5.6	38	256 qam	22
9	315000000	6	38	256 qam	23
10	323000000	5.9	37	256 qam	24
11	331000000	5.5	38	256 qam	25
12	339000000	6	37	256 qam	26
13	347000000	5.9	38	256 qam	27
14	355000000	5.5	38	256 qam	28
15	363000000	5.5	38	256 qam	29
16	371000000	4.8	37	256 qam	30
17	379000000	4	37	256 qam	31
18	387000000	4.3	37	256 qam	32
19	395000000	4.3	37	256 qam	33
20	403000000	4	38	256 qam	34
21	411000000	4.5	38	256 qam	35
22	419000000	4.5	38	256 qam	36
23	523000000	2.4	37	256 qam	37
24	531000000	2	37	256 qam	38

Downstream bonded channels

Channel Locked Status RxMER (dB) Pre RS Errors Post RS Errors

1	Locked	38.6	21
2	Locked	38.6	16
3	Locked	38.6	12
4	Locked	38.9	12
5	Locked	38.6	12
6	Locked	38.6	10
7	Locked	38.6	21
8	Locked	38.6	23
9	Locked	38.6	29
10	Locked	37.6	21
11	Locked	38.6	12
12	Locked	37.6	14
13	Locked	38.6	18
14	Locked	38.6	27
15	Locked	38.6	18
16	Locked	37.3	31
17	Locked	37.6	65
18	Locked	37.6	53
19	Locked	37.6	55
20	Locked	38.6	44
21	Locked	38.6	31
22	Locked	38.6	40
23	Locked	37.6	395
24	Locked	37.6	531

Up

Upstream bonded channels

Channel Frequency (Hz) Power (dBmV) Symbol Rate (ksps) Modulation Channel ID

1	30100199	37.5	5120	64 qam	4
2	23600130	37.3	5120	16 qam	5
3	49600025	38	5120	64 qam	1
4	43100320	37.8	5120	64 qam	2
5	36600185	37.8	5120	64 qam	3

Upstream bonded channels

Channel Channel Type T1 Timeouts T2 Timeouts T3 Timeouts T4 Timeouts

1	ATDMA	0	0	0	0
2	ATDMA	0	0	0	0
3	ATDMA	0	0	0	0
4	ATDMA	0	0	0	0
5	ATDMA	0	0	0	0

01/01/1970 00:01:41	critical	No Ranging Response received - T3 time-out;CM-MAC=:::::;CMTS-MAC=:::::;CM-QOS=1.1;CM-VER=3.0;
26/12/2022 06:50:30	Error	DHCP RENEW WARNING - Field invalid in response v4 option;CM-MAC=:::::;CMTS-MAC=:::::;CM-QOS=1.1;CM-VER=3.0;
25/12/2022 21:13:55	critical	No Ranging Response received - T3 time-out;CM-MAC=:::::;CMTS-MAC=:::::;CM-QOS=1.1;CM-VER=3.0;

08/12/2022 15:03:8	critical	No Ranging Response received - T3 time-out;CM-MAC=:::::;CMTS-MAC=:::::;CM-QOS=1.1;CM-VER=3.0;
06/12/2022 15:09:27	Warning!	RCS Partial Service;CM-MAC=:::::;CMTS-MAC=:::::;CM-QOS=1.1;CM-VER=3.0;
29/11/2022 03:15:55	critical	No Ranging Response received - T3 time-out;CM-MAC=:::::;CMTS-MAC=:::::;CM-QOS=1.1;CM-VER=3.0;

These are errors outside of my failed login attempts which i recognise. If there is any revealing info here please let a mod know as I cant edit my posts. Thanks

goslow · ‎15-01-2023

@ZHackH wrote:
<snip>
Also could someone give a step by step guid on how to monitor. I signed up at thinkbroadband but I'm not sure how to link my device to that site. Truly appreciate the help.

Set up your account for BQM
In the 'My Profile' section choose the 'Broadband Quality Monitor' button on the LHS at the top
Under the title 'Broadband Monitors' choose the link to 'create and new monitor'
In the next window, give the graph a name (without any personally identifiable info in the graph name)
In the IP/hostname it may already have populated that, if not use the address from whatismyip
Check your connection type (Cable broadband)
Leave out the postcode info
Untick 'Allow Trends' to opt out of showing your anonymised info.
Click create

Once you have the BQM running for a while it will collect data on your connection. You will be able to use the 'Share Live Graph' link to generate a URL to share your graph on the forum. You can also copy/paste screenshots but if you do that you need to remove your IP address from the images before posting otherwise the moderators will prevent the image from appearing.

ZHackH · ‎15-01-2023

MY apologies. I figured I needed to do some configure setting in my router to get a graph up and running. You'll have to excuse me as I'm a novice here.

Some questions...

The graph seems to be monitoring my laptop. The attack is device specific, my console which is connected to my router via a LAN cable. Secondly, the DDOS attack seems designed to disconnect me while gaming. It appears as a "flicker," as shown in my opening post. Will the graph catch that momentary disconnect.

Thanks again guys. I truly appreciate all the help.

goslow · ‎15-01-2023

@ZHackH wrote:
MY apologies. I figured I needed to do some configure setting in my router to get a graph up and running. You'll have to excuse me as I'm a novice here.

Some questions...
The graph seems to be monitoring my laptop. The attack is device specific, my console which is connected to my router via a LAN cable. Secondly, the DDOS attack seems designed to disconnect me while gaming. It appears as a "flicker," as shown in my opening post. Will the graph catch that momentary disconnect.

Thanks again guys. I truly appreciate all the help.

I don't think the BQM requires any setting changes on the VM hub (unless you are using a Superhub 2 or earlier). It will monitor your VM connection (to the hub), not your console or individual devices.

If you are saying that it is only your console that is affected then I would have a look at the LAN cable and the network socket on your console and the network socket on the VM hub for a loose/faulty connection. Try moving the cable/plug with the console plugged in and see if you get the same onscreen message. I read your initial post at #1 that you had already replaced the network cables.

Virgin Media Virgin Media Community

Virgin Media Virgin Media Community

DDOS/DOS Help

Downstream bonded channels

Downstream bonded channels

Upstream bonded channels

Upstream bonded channels