Menu
Reply
tb46uk
  • 12
  • 0
  • 0
Tuning in
624 Views
Message 1 of 6
Flag for a moderator

DoS Attack series after VMC Warning from VirginMedia

Hi,

A strange series of events.  On the day of the VirginMedia engineer visit to replace the Hub, I am warned by VM that a  device on my network that has been configured as a Virtual Network Computing (VNC) server, making it accessible from outside your home network.  Now I was offline before his visit that day and mainly off-line following the visit as the issue wasn't fixed (further engineer visits followed).  

In parallel, on the logs of my Netgear Router, I have noticed increasing incidents of DoS Attacks.  Below is a snapshot of yesterday's harvest.  I am a bit overwhelmed by the scale of all this.  The VM letter advises to post here for support and that's what the second engineer told me to do.  

I read the relevant cases I could find in the forum, but I am not clear about the risk I am exposed to hear, and a little disappointed that VM is kind of kicking this to me to sort out when I hardly understand what the acronyms mean.  It would be nice if a member of staff with security knowledge could have been assigned to liaise with me about this.  There is more to this but not sure how much i can post here.  Anyway, can folk please advise?  

Is this nothing to worry about or to be taken seriously (whatever seriously may mean).  Can VM change my IP to protect my account? Is my IP always the same unless I change the hardware? And what hardware is that, the Hub 4 which I use in Modem mode or the router?

 

Thanks

[DoS Attack: ACK Scan] from source: 52.57.38.165, port 8883, Wednesday, May 18, 2022 20:20:34
[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:20:16
[DoS Attack: ACK Scan] from source: 3.120.92.134, port 8883, Wednesday, May 18, 2022 20:19:55
[DoS Attack: ACK Scan] from source: 52.57.38.165, port 8883, Wednesday, May 18, 2022 20:19:54
[DoS Attack: ACK Scan] from source: 17.248.209.34, port 443, Wednesday, May 18, 2022 20:19:38
[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:19:36
[DoS Attack: ACK Scan] from source: 3.120.92.134, port 8883, Wednesday, May 18, 2022 20:19:35
[DoS Attack: ACK Scan] from source: 17.248.248.202, port 443, Wednesday, May 18, 2022 20:19:16
[DoS Attack: ACK Scan] from source: 52.57.38.165, port 8883, Wednesday, May 18, 2022 20:18:59
[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:18:56
[DoS Attack: ACK Scan] from source: 52.98.207.165, port 32375, Wednesday, May 18, 2022 20:18:47
[DoS Attack: ACK Scan] from source: 17.248.248.202, port 443, Wednesday, May 18, 2022 20:18:46
[DoS Attack: ACK Scan] from source: 52.98.207.165, port 32375, Wednesday, May 18, 2022 20:18:45
[DoS Attack: ACK Scan] from source: 52.98.207.165, port 32375, Wednesday, May 18, 2022 20:18:42
[DoS Attack: ACK Scan] from source: 52.98.207.165, port 32375, Wednesday, May 18, 2022 20:18:39
[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:37
[DoS Attack: SYN/ACK Scan] from source: 65.108.67.115, port 53, Wednesday, May 18, 2022 20:18:36
[DoS Attack: ACK Scan] from source: 52.57.38.165, port 8883, Wednesday, May 18, 2022 20:18:36
[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:32
[DoS Attack: ACK Scan] from source: 17.248.248.202, port 443, Wednesday, May 18, 2022 20:18:31
[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:30
[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:30
[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:29
[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:28
[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:28
[DoS Attack: ACK Scan] from source: 72.21.91.29, port 80, Wednesday, May 18, 2022 20:18:27
[DoS Attack: ACK Scan] from source: 54.220.151.155, port 443, Wednesday, May 18, 2022 20:18:05
[DoS Attack: ACK Scan] from source: 17.248.209.35, port 443, Wednesday, May 18, 2022 20:17:32
[DoS Attack: ACK Scan] from source: 54.220.151.155, port 443, Wednesday, May 18, 2022 20:17:25
[DoS Attack: ACK Scan] from source: 17.248.145.134, port 443, Wednesday, May 18, 2022 20:17:23
[DoS Attack: ACK Scan] from source: 52.98.207.165, port 52637, Wednesday, May 18, 2022 20:13:39
[DoS Attack: ACK Scan] from source: 220.79.238.99, port 18383, Wednesday, May 18, 2022 20:13:37
[DoS Attack: ACK Scan] from source: 52.97.211.133, port 45648, Wednesday, May 18, 2022 20:07:49
[DoS Attack: ACK Scan] from source: 212.54.56.51, port 993, Wednesday, May 18, 2022 20:07:44
[DoS Attack: ACK Scan] from source: 212.54.56.51, port 993, Wednesday, May 18, 2022 20:06:55
[DoS Attack: ACK Scan] from source: 212.54.56.51, port 993, Wednesday, May 18, 2022 20:05:51
[DoS Attack: ACK Scan] from source: 162.125.19.131, port 443, Wednesday, May 18, 2022 20:05:04
[DoS Attack: ACK Scan] from source: 162.125.19.9, port 443, Wednesday, May 18, 2022 20:05:03
[DoS Attack: ACK Scan] from source: 18.235.195.121, port 443, Wednesday, May 18, 2022 20:05:03
[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:04:53
[DoS Attack: ACK Scan] from source: 18.235.195.121, port 443, Wednesday, May 18, 2022 20:04:48
[DoS Attack: ACK Scan] from source: 17.248.248.43, port 443, Wednesday, May 18, 2022 20:04:35
[DoS Attack: ACK Scan] from source: 17.248.248.228, port 443, Wednesday, May 18, 2022 20:04:33
[DoS Attack: ACK Scan] from source: 18.235.195.121, port 443, Wednesday, May 18, 2022 20:04:33
[DoS Attack: ACK Scan] from source: 172.253.120.128, port 443, Wednesday, May 18, 2022 20:04:31
[DoS Attack: ACK Scan] from source: 18.235.195.121, port 443, Wednesday, May 18, 2022 20:04:18
[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:04:13
[DoS Attack: ACK Scan] from source: 18.200.177.60, port 443, Wednesday, May 18, 2022 20:03:33
[DoS Attack: ACK Scan] from source: 18.235.195.121, port 443, Wednesday, May 18, 2022 20:03:33
[DoS Attack: ACK Scan] from source: 40.99.201.245, port 50868, Wednesday, May 18, 2022 20:00:32
[DoS Attack: SYN/ACK Scan] from source: 195.149.70.33, port 443, Wednesday, May 18, 2022 19:54:02
[DoS Attack: ACK Scan] from source: 40.99.151.149, port 44916, Wednesday, May 18, 2022 19:47:51
[DoS Attack: ACK Scan] from source: 40.99.201.245, port 50341, Wednesday, May 18, 2022 19:37:51
[DoS Attack: ACK Scan] from source: 40.99.201.245, port 48757, Wednesday, May 18, 2022 19:37:21
[DoS Attack: SYN/ACK Scan] from source: 185.41.251.179, port 443, Wednesday, May 18, 2022 19:37:13
[DoS Attack: ACK Scan] from source: 52.97.211.181, port 39777, Wednesday, May 18, 2022 19:32:21
Tags (2)
0 Kudos
Reply
Ashleigh_C
  • 5.24K
  • 191
  • 386
Forum Team
Forum Team
512 Views
Message 2 of 6
Flag for a moderator

Re: DoS Attack series after VMC Warning from VirginMedia

Hi there @tb46uk

 

Thank you so much for your post and welcome back to our community forums! 

 

I'm so sorry to see that you are facing this issue! Please do follow all the steps from the communications with us, with the best advise being to run up to date virus scans on any systems within the internal network and close any unnecessary open services or ports on the router. 

 

The most commonly used services are: 

NTP Mode 6

NTP Monlist 

Open DNS

 

Please let us know how you get on with this! 

 

Thank you 

Ash_C
Forum Team



New around here? To find out more about the Community check out our Getting Started guide


0 Kudos
Reply
Tudor
  • 13.82K
  • 1.07K
  • 2.8K
Very Insightful Person
Very Insightful Person
502 Views
Message 3 of 6
Flag for a moderator

Re: DoS Attack series after VMC Warning from VirginMedia

I think your problem has been caused by your IP address changing when you received the new hub. The only way I can see of changing your IP to another is to get your own router or mesh system.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos
Reply
tb46uk
  • 12
  • 0
  • 0
Tuning in
251 Views
Message 4 of 6
Flag for a moderator

Re: DoS Attack series after VMC Warning from VirginMedia

Thank you.  A couple of questions:

 

1. NTP Mode 6 : How do I 'run' the command ntpq -c rv [IP]? I tried on the Command prompt but the command was not recognised.

 

2. How do I close ports and port 123 specifically?

 

Theo

0 Kudos
Reply
tb46uk
  • 12
  • 0
  • 0
Tuning in
250 Views
Message 5 of 6
Flag for a moderator

Re: DoS Attack series after VMC Warning from VirginMedia

I have my own router.  I am using the Hub in Modem mode.

0 Kudos
Reply
Kain_W
  • 3.69K
  • 102
  • 263
Forum Team
Forum Team
201 Views
Message 6 of 6
Flag for a moderator

Re: DoS Attack series after VMC Warning from VirginMedia

Hi tb46uk,

Welcome back to the community on this.

To clarify are you receiving any error codes?

Also is this from the link provided?
Let us know,

Kain
0 Kudos
Reply