Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

DDOS warning email

drjaking
Tuning in

on ‎17-03-2022 06:40

I received an email from Virgin saying a device on my network was reported as a DDOS participant. Any advice on whether this is for real, and how to find that device if it is?

0 Kudos
7 REPLIES 7

Zach_R
Forum Team
Forum Team

on ‎21-03-2022 10:00

Hi @drjaking,

Thank you for your post and welcome back to our community forums. We're here to help.

I can confirm the the DDOS warning email you've received would be legitimate. Apologies for any confusion or upset caused. Have you followed the advice and steps outlined in the email yet?

Thanks,
 


Zach - Forum Team
New around here? To find out more about the Community Forums, take a look at our FAQs!


0 Kudos

Anonymous
Not applicable

on ‎21-03-2022 11:39

There is an explainer here https://www.virginmedia.com/help/security/denial-of-service-attacks

0 Kudos

drjaking
Tuning in
In response to Zach_R

on ‎21-03-2022 12:53

I have but really all it says is make sure you are running antimalware software on devices. They are Windows and Android mostly, and the former are in their default update/defender setup so ought to be fine. The router doesn't have any ports open. I've set up a PiHole to monitor traffice but that only looks at DNS requests.

Is there any info I could get about when this is meant to have happened? Is it at all validated, or do Virgin just accept reports as true?
0 Kudos

legacy1
Alessandro Volta
In response to drjaking

on ‎21-03-2022 13:44

Because of NAT and the limited way the hub is its going to be hard to find the device.

Only a firewall router or switch with port mirroring your whole network might you find the device and only when its active.
---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

0 Kudos

drjaking
Tuning in
In response to legacy1

on ‎21-03-2022 17:12

Thanks. Would OpenWRT or DD-WRT be able to do this? My router can be flashed with either of these.
0 Kudos

legacy1
Alessandro Volta
In response to drjaking

‎21-03-2022 17:21 - edited ‎21-03-2022 17:21

It might? but I use Zyxel that can do Anomaly Detection and Prevention on say a LAN with logging to log the IP doing a flooding.

There are many ways you can go about this but it can take time.

One good thing depending on the DoS if its not that smart with the hub not doing QoS/BWM on the upstream is you can setup a BQM to see when your connection spikes.

---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

0 Kudos

drjaking
Tuning in
In response to legacy1

on ‎21-03-2022 17:45

Good idea, I'll try the BQM. I have no open ports atm (according to GRC Shields Up) but I do have UPNP enabled.

I was thinking of using this:

https://wiki.dd-wrt.com/wiki/index.php/Network_traffic_analysis_with_netflow_and_ntop
0 Kudos
Top