cancel
Showing results for 
Search instead for 
Did you mean: 

Banging ones head against a wall

newberypm
Joining in

On my home network I have Microsoft Windows Server 2019.  As part of its many roles one of them is DNS.

I constantly receive stupid letters and emails from Virgin telling me i have "openddns" installed on my network and I need to run a malware scan etc to get rid of it.

So the idiot on twitter who went round in circles and didn't read what i put was no help.

I don't need letters warning me of running a DNS server when I know I am.  I have informed virgin over the phone that i'm running a windows server.  

Equally if I was to follow the link and follow the instructions they aren't aimed at a windows server but a windows home computer.

Please virgin stop wasting paper, stop employing people who can't read.  

6 REPLIES 6

用心棒
Very Insightful Person
Very Insightful Person

The notifications warn of the potential risk of your publicly accessible DNS being abused in an amplification attack. Fixing this security vulnerability should result in these notification ceasing.

FYI: the trusted third-party notifying Virgin Media to the risk is Shadowserver who detail their scanning methodology as follows:


Methodology

We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 53/udp with a request for the "A" record of "dnsscan.shadowserver.org" (this host), capturing the response from the DNS server and parsing the result. …

If you would like to test your own device to see if it supports open recursion, try using the command: "dig +short @[IP] dnsscan.shadowserver.org" from computer that does *not* use the IP listed in the command as it's authorative DNS server. If the device does support open recursion, you should see the IP address of dnsscan.shadowserver.org returned as the result.



I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click helpful.jpeg Mark as Helpful Answer and solved, or use thanks.jpeg Kudos to say thanks

Zak_M
Forum Team (Retired)
Forum Team (Retired)

Good evening @newberypm

 

Welcome to the forums and thank you for taking the time to post. 

 

I am sorry to hear that you have had some issues with your services. 

 

Please can you provide me with your twitter feed as the departments are run within the same department, we can pass the feedback on.

 

Regarding the DNS, this isn't something we are able to support from a residential account & there for it triggers internet security to send the letters. 

 

Kind regards,

Zak_M

 

Tudor
Very Insightful Person
Very Insightful Person

I think you are confusing local DNS servers with WAN DNS servers. You should not have your local DNS server open to the WAN, but should have an upstream DNS server defined on the WAN, one like 1.1.1.1 or 8.8.8.8.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2

I would think when the exploration of what i do hasn't happened its difficult to then assume why I have my system the way I do.  I also get countless letters/emails about my TFTP server.  

No amount of telling Virgin I'm completely aware of how my network runs seems to stop this - there should be an option in these emails to reply/mark as understood and prevent the continuing spam


@newberypm wrote:

I would think when the exploration of what i do hasn't happened its difficult to then assume why I have my system the way I do.  I also get countless letters/emails about my TFTP server.  

No amount of telling Virgin I'm completely aware of how my network runs seems to stop this - there should be an option in these emails to reply/mark as understood and prevent the continuing spam


Yes but, alas, irrelevant to a large, monolithic company with ‘policies and procedures’ to follow which would require at least 25 meetings and 7 focus groups to think about before they could possibly update the procedures!

Incidentally, why is your DNS server accessible from the internet? Now of course, you may have a perfectly understandable reason for it to be so, just don’t expect VM’s systems to understand and accommodate it!

phil557
Tuning in
I'm having a similar idiotic runaround. Except AFAICT my local DNS is firewalled off, confirmed unreachable from outside (checking from external servers), so I'm really struggling to see how they think there's a problem.
I'm sick of being told to call 0345-whatever when it will be a waste of time. Is there actually a technical team who can resolve such queries?

For the benefit of VM, if you tell someone there's a problem of this type, you should be able to evidence it.