The notifications warn of the potential risk of your publicly accessible DNS being abused in an amplification attack. Fixing this security vulnerability should result in these notification ceasing.
FYI: the trusted third-party notifying Virgin Media to the risk is Shadowserver who detail their scanning methodology as follows:
We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 53/udp with a request for the "A" record of "dnsscan.shadowserver.org" (this host), capturing the response from the DNS server and parsing the result. … ⋮ If you would like to test your own device to see if it supports open recursion, try using the command: "dig +short @[IP] dnsscan.shadowserver.org" from computer that does *not* use the IP listed in the command as it's authorative DNS server. If the device does support open recursion, you should see the IP address of dnsscan.shadowserver.org returned as the result. ⋮
― I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more Have I helped? Click Mark as Helpful Answer and solved, or use Kudos to say thanks
I think you are confusing local DNS servers with WAN DNS servers. You should not have your local DNS server open to the WAN, but should have an upstream DNS server defined on the WAN, one like 188.8.131.52 or 184.108.40.206.
Tudor There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
I would think when the exploration of what i do hasn't happened its difficult to then assume why I have my system the way I do. I also get countless letters/emails about my TFTP server.
No amount of telling Virgin I'm completely aware of how my network runs seems to stop this - there should be an option in these emails to reply/mark as understood and prevent the continuing spam
Yes but, alas, irrelevant to a large, monolithic company with ‘policies and procedures’ to follow which would require at least 25 meetings and 7 focus groups to think about before they could possibly update the procedures!
Incidentally, why is your DNS server accessible from the internet? Now of course, you may have a perfectly understandable reason for it to be so, just don’t expect VM’s systems to understand and accommodate it!