Menu
Reply
newberypm
  • 2
  • 0
  • 0
Joining in
664 Views
Message 1 of 6
Flag for a moderator

Banging ones head against a wall

On my home network I have Microsoft Windows Server 2019.  As part of its many roles one of them is DNS.

I constantly receive stupid letters and emails from Virgin telling me i have "openddns" installed on my network and I need to run a malware scan etc to get rid of it.

So the idiot on twitter who went round in circles and didn't read what i put was no help.

I don't need letters warning me of running a DNS server when I know I am.  I have informed virgin over the phone that i'm running a windows server.  

Equally if I was to follow the link and follow the instructions they aren't aimed at a windows server but a windows home computer.

Please virgin stop wasting paper, stop employing people who can't read.  

0 Kudos
Reply
用心棒
  • 7.62K
  • 839
  • 2.54K
Very Insightful Person
Very Insightful Person
594 Views
Message 2 of 6
Flag for a moderator

Re: Banging ones head against a wall

The notifications warn of the potential risk of your publicly accessible DNS being abused in an amplification attack. Fixing this security vulnerability should result in these notification ceasing.

FYI: the trusted third-party notifying Virgin Media to the risk is Shadowserver who detail their scanning methodology as follows:


Methodology

We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 53/udp with a request for the "A" record of "dnsscan.shadowserver.org" (this host), capturing the response from the DNS server and parsing the result. …

If you would like to test your own device to see if it supports open recursion, try using the command: "dig +short @[IP] dnsscan.shadowserver.org" from computer that does *not* use the IP listed in the command as it's authorative DNS server. If the device does support open recursion, you should see the IP address of dnsscan.shadowserver.org returned as the result.



I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click helpful.jpeg Mark as Helpful Answer and solved, or use thanks.jpeg Kudos to say thanks

0 Kudos
Reply
Zak_M
  • 6.12K
  • 315
  • 545
Forum Team (Retired)
Forum Team (Retired)
581 Views
Message 3 of 6
Flag for a moderator

Re: Banging ones head against a wall

Good evening @newberypm

 

Welcome to the forums and thank you for taking the time to post. 

 

I am sorry to hear that you have had some issues with your services. 

 

Please can you provide me with your twitter feed as the departments are run within the same department, we can pass the feedback on.

 

Regarding the DNS, this isn't something we are able to support from a residential account & there for it triggers internet security to send the letters. 

 

Kind regards,

Zak_M

 

0 Kudos
Reply
Tudor
  • 12.85K
  • 999
  • 2.56K
Very Insightful Person
Very Insightful Person
569 Views
Message 4 of 6
Flag for a moderator

Re: Banging ones head against a wall

I think you are confusing local DNS servers with WAN DNS servers. You should not have your local DNS server open to the WAN, but should have an upstream DNS server defined on the WAN, one like 1.1.1.1 or 8.8.8.8.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
newberypm
  • 2
  • 0
  • 0
Joining in
428 Views
Message 5 of 6
Flag for a moderator

Re: Banging ones head against a wall

I would think when the exploration of what i do hasn't happened its difficult to then assume why I have my system the way I do.  I also get countless letters/emails about my TFTP server.  

No amount of telling Virgin I'm completely aware of how my network runs seems to stop this - there should be an option in these emails to reply/mark as understood and prevent the continuing spam

0 Kudos
Reply
jem101
  • 4.22K
  • 433
  • 1.8K
Community elder
422 Views
Message 6 of 6
Flag for a moderator

Re: Banging ones head against a wall


@newberypm wrote:

I would think when the exploration of what i do hasn't happened its difficult to then assume why I have my system the way I do.  I also get countless letters/emails about my TFTP server.  

No amount of telling Virgin I'm completely aware of how my network runs seems to stop this - there should be an option in these emails to reply/mark as understood and prevent the continuing spam


Yes but, alas, irrelevant to a large, monolithic company with ‘policies and procedures’ to follow which would require at least 25 meetings and 7 focus groups to think about before they could possibly update the procedures!

Incidentally, why is your DNS server accessible from the internet? Now of course, you may have a perfectly understandable reason for it to be so, just don’t expect VM’s systems to understand and accommodate it!

0 Kudos
Reply