on 17-02-2021 11:49
Hi guys,
Hope you & your families are all in good health.
I have had 2 emails from virgin media over the past month stating that my home devices could be at risk.
Apparently it has something to do with 'Multicast DNS'. The first email was sent on the same day that I installed the 'Crunchyroll' app on my iPad. There is a feature to stream from the Ipad to other devices, however, I have disabled this but still received another email.
It is important to note that I have many TCP&UDP adjustments for PS5 NAT optimisation.
We have been with Virgin for well over 10 years and this is the first time we have received anything like this.
Would really appreciate any help, guys. Is it possible that this is some automated email that has puck up a false red flag?
*I should also mention that the Internet has been dropping out terribly over the past month, sometimes like 30 seconds off 30 seconds on then a steady few hours etc.*
Is it possible that I am getting some sort of DDOS attack? Then again, what would someone gain from a DDOS on me?
Kind regards,
Ben
Answered! Go to Answer
on 17-02-2021 15:00
on 17-02-2021 15:00
on 18-02-2021 10:34
Hi John,
Thank you 👍 I suspected as much because I've never had one of these emails before. Strange though because there's usually some sort of 'sign in here to fix the problem' link. No dodgy URL's, no diamond miner without funds for a pickaxe, nothing.
Connection is looking good this morning.
Many thanks & kind regards,
Ben
on 18-02-2021 14:37
Mods - Please mark this thread as closed, everything is fine now.
on 18-05-2021 10:57
Not quite................
I got an email too, but followed up with a letter with the same content as the email.
Mine stated "your home network has been identified as having a potential open NetBIOS vulnerability".
It quoted VM's IP: [MOD EDIT: REMOVED] and the date.
Although I replied to the email (it didn't bounce), I got no reply.
If these warnings are valid ones, it would help if VM elaborated more on the possible causes.
[MOD EDIT: Personal and private information has been removed from this post. Please do not post personal or private information in your public posts. Please review the Forum Guidelines]
on 18-05-2021 12:54
Hi @wm29,
Thank you for getting in touch with us about this!
From looking a the email you have described here, it looks to be from our Internet Security team, and would not be a scam or phising attempt.
We would advise to follow the steps listed on the letter - if you have any issues with that or need more assistance, please let us know.
You can take a look here for more information about emails from our Internet Security team here.
We're more than happy to help.
Thanks!
on 19-05-2021 06:10
Apologies to Mod.
Didn't realise that VM's IP address would fall into the realm of personal or private info.
Sorry.
07-07-2021 07:46 - edited 07-07-2021 07:48
I've had two more of these incidents, all at random times, and am still no further in isolating the origin of them. My home network is more complex the average and I'm at a loss as to know where to start.
My main router is a DrayTek Vigor 2927 - a dual WAN job - bought to facilitate having two broadband feeds to our home. One is Virgin Media via cable and the other is Plusnet via BT phone line. Although outages are rare here, they do happen, and usually first thing in the morning. Working from home is dependent on having a working broadband service and this seemed to be the simplest way to go. I did consider (and try) using a mobile internet service as my second feed.
WAN 1 has a VM Hub 3 in modem mode. WAN 2 has the Plusnet VDSL feed coming via a DrayTek Vigor 130. VM is the only one informing me of these incidents. Perhaps Plusnet might not be logging them and informing me.
I chose a 'non-wireless' main router as I use BT Whole Home mesh setup. I endeavour to use wired Ethernet connections where possible, but some devices are WiFi only: e.g. printers and Google Nest stuff.
I do have Fire TV sticks connected to our two TVs. These are supplied as WiFi only. I bought these https://www.amazon.co.uk/gp/product/B07W8ZQJL9/ref=ppx_yo_dt_b_asin_title_o00_s01?ie=UTF8&psc=1 to connect them to our network.
These are not 'approved' items and I am suspicious of of one them and eventually removed it as my gut feel was telling me this could be the culprit.
Time will tell. Any suggestions as to an action plan if I get another 'incident'?
on 07-07-2021 15:15
Good afternoon @wm29
Welcome back to the forums and thank you for taking the time to post.
I am sorry to hear that you have had some issues with these email alerts.
I have taken a look over things and can see that our internet security have sent these to you.
I have emailed internet security team and asked them to advise further. They haven't specified the device that is causing this issue,
However they have let me know what is causing the issue - NetBIOS, they have provided me with this following information NetBIOS is used to share files and folders across a local network. Other applications can use NetBIOS to map a network, allowing them to send messages to destination computers. Ports commonly used by NetBIOS can be exploited to commit abuse when exposed to the wider Internet.
The following link has all the information regarding NetBIOS
Kind regards,
Zak_M