Virgin Media Virgin Media Community

tb46uk · ‎19-05-2022

Hi,

A strange series of events. On the day of the VirginMedia engineer visit to replace the Hub, I am warned by VM that a device on my network that has been configured as a Virtual Network Computing (VNC) server, making it accessible from outside your home network. Now I was offline before his visit that day and mainly off-line following the visit as the issue wasn't fixed (further engineer visits followed).

In parallel, on the logs of my Netgear Router, I have noticed increasing incidents of DoS Attacks. Below is a snapshot of yesterday's harvest. I am a bit overwhelmed by the scale of all this. The VM letter advises to post here for support and that's what the second engineer told me to do.

I read the relevant cases I could find in the forum, but I am not clear about the risk I am exposed to hear, and a little disappointed that VM is kind of kicking this to me to sort out when I hardly understand what the acronyms mean. It would be nice if a member of staff with security knowledge could have been assigned to liaise with me about this. There is more to this but not sure how much i can post here. Anyway, can folk please advise?

Is this nothing to worry about or to be taken seriously (whatever seriously may mean). Can VM change my IP to protect my account? Is my IP always the same unless I change the hardware? And what hardware is that, the Hub 4 which I use in Modem mode or the router?

Thanks

[DoS Attack: ACK Scan] from source: 52.57.38.165, port 8883, Wednesday, May 18, 2022 20:20:34

[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:20:16

[DoS Attack: ACK Scan] from source: 3.120.92.134, port 8883, Wednesday, May 18, 2022 20:19:55

[DoS Attack: ACK Scan] from source: 52.57.38.165, port 8883, Wednesday, May 18, 2022 20:19:54

[DoS Attack: ACK Scan] from source: 17.248.209.34, port 443, Wednesday, May 18, 2022 20:19:38

[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:19:36

[DoS Attack: ACK Scan] from source: 3.120.92.134, port 8883, Wednesday, May 18, 2022 20:19:35

[DoS Attack: ACK Scan] from source: 17.248.248.202, port 443, Wednesday, May 18, 2022 20:19:16

[DoS Attack: ACK Scan] from source: 52.57.38.165, port 8883, Wednesday, May 18, 2022 20:18:59

[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:18:56

[DoS Attack: ACK Scan] from source: 52.98.207.165, port 32375, Wednesday, May 18, 2022 20:18:47

[DoS Attack: ACK Scan] from source: 17.248.248.202, port 443, Wednesday, May 18, 2022 20:18:46

[DoS Attack: ACK Scan] from source: 52.98.207.165, port 32375, Wednesday, May 18, 2022 20:18:45

[DoS Attack: ACK Scan] from source: 52.98.207.165, port 32375, Wednesday, May 18, 2022 20:18:42

[DoS Attack: ACK Scan] from source: 52.98.207.165, port 32375, Wednesday, May 18, 2022 20:18:39

[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:37

[DoS Attack: SYN/ACK Scan] from source: 65.108.67.115, port 53, Wednesday, May 18, 2022 20:18:36

[DoS Attack: ACK Scan] from source: 52.57.38.165, port 8883, Wednesday, May 18, 2022 20:18:36

[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:32

[DoS Attack: ACK Scan] from source: 17.248.248.202, port 443, Wednesday, May 18, 2022 20:18:31

[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:30

[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:29

[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:28

[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:27

[DoS Attack: ACK Scan] from source: 54.220.151.155, port 443, Wednesday, May 18, 2022 20:18:05

[DoS Attack: ACK Scan] from source: 17.248.209.35, port 443, Wednesday, May 18, 2022 20:17:32

[DoS Attack: ACK Scan] from source: 54.220.151.155, port 443, Wednesday, May 18, 2022 20:17:25

[DoS Attack: ACK Scan] from source: 17.248.145.134, port 443, Wednesday, May 18, 2022 20:17:23

[DoS Attack: ACK Scan] from source: 52.98.207.165, port 52637, Wednesday, May 18, 2022 20:13:39

[DoS Attack: ACK Scan] from source: 220.79.238.99, port 18383, Wednesday, May 18, 2022 20:13:37

[DoS Attack: ACK Scan] from source: 52.97.211.133, port 45648, Wednesday, May 18, 2022 20:07:49

[DoS Attack: ACK Scan] from source: 212.54.56.51, port 993, Wednesday, May 18, 2022 20:07:44

[DoS Attack: ACK Scan] from source: 212.54.56.51, port 993, Wednesday, May 18, 2022 20:06:55

[DoS Attack: ACK Scan] from source: 212.54.56.51, port 993, Wednesday, May 18, 2022 20:05:51

[DoS Attack: ACK Scan] from source: 162.125.19.131, port 443, Wednesday, May 18, 2022 20:05:04

[DoS Attack: ACK Scan] from source: 162.125.19.9, port 443, Wednesday, May 18, 2022 20:05:03

[DoS Attack: ACK Scan] from source: 18.235.195.121, port 443, Wednesday, May 18, 2022 20:05:03

[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:04:53

[DoS Attack: ACK Scan] from source: 18.235.195.121, port 443, Wednesday, May 18, 2022 20:04:48

[DoS Attack: ACK Scan] from source: 17.248.248.43, port 443, Wednesday, May 18, 2022 20:04:35

[DoS Attack: ACK Scan] from source: 17.248.248.228, port 443, Wednesday, May 18, 2022 20:04:33

[DoS Attack: ACK Scan] from source: 18.235.195.121, port 443, Wednesday, May 18, 2022 20:04:33

[DoS Attack: ACK Scan] from source: 172.253.120.128, port 443, Wednesday, May 18, 2022 20:04:31

[DoS Attack: ACK Scan] from source: 18.235.195.121, port 443, Wednesday, May 18, 2022 20:04:18

[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:04:13

[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:03:33

[DoS Attack: ACK Scan] from source: 18.235.195.121, port 443, Wednesday, May 18, 2022 20:03:33

[DoS Attack: ACK Scan] from source: 40.99.201.245, port 50868, Wednesday, May 18, 2022 20:00:32

[DoS Attack: SYN/ACK Scan] from source: 195.149.70.33, port 443, Wednesday, May 18, 2022 19:54:02

[DoS Attack: ACK Scan] from source: 40.99.151.149, port 44916, Wednesday, May 18, 2022 19:47:51

[DoS Attack: ACK Scan] from source: 40.99.201.245, port 50341, Wednesday, May 18, 2022 19:37:51

[DoS Attack: ACK Scan] from source: 40.99.201.245, port 48757, Wednesday, May 18, 2022 19:37:21

[DoS Attack: SYN/ACK Scan] from source: 185.41.251.179, port 443, Wednesday, May 18, 2022 19:37:13

[DoS Attack: ACK Scan] from source: 52.97.211.181, port 39777, Wednesday, May 18, 2022 19:32:21

Ashleigh_C · ‎20-05-2022

Hi there @tb46uk

Thank you so much for your post and welcome back to our community forums!

I'm so sorry to see that you are facing this issue! Please do follow all the steps from the communications with us, with the best advise being to run up to date virus scans on any systems within the internal network and close any unnecessary open services or ports on the router.

The most commonly used services are:

NTP Mode 6

NTP Monlist

Open DNS

Please let us know how you get on with this!

Thank you

Tudor · ‎20-05-2022

I think your problem has been caused by your IP address changing when you received the new hub. The only way I can see of changing your IP to another is to get your own router or mesh system.

Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2

tb46uk · ‎22-11-2022

Thank you. A couple of questions:

1. NTP Mode 6 : How do I 'run' the command ntpq -c rv [IP]? I tried on the Command prompt but the command was not recognised.

2. How do I close ports and port 123 specifically?

Theo

tb46uk · ‎22-11-2022

I have my own router. I am using the Hub in Modem mode.

Kain_W · ‎23-11-2022

Hi tb46uk,

Welcome back to the community on this.

To clarify are you receiving any error codes?

Also is this from the link provided?
Let us know,

Kain

Virgin Media Virgin Media Community

Virgin Media Virgin Media Community

DoS Attack series after VMC Warning from VirginMedia