cancel
Showing results for 
Search instead for 
Did you mean: 

Letter received regarding DOS attack generated from my network / PC etc

RightraxDH
Joining in

Hello everyone

 

I have today received a letter as many others on the forum have eluded to regarding a Denial of Service attack emanating from my setup? How do I investigate this? I have followed the letter advice to the letter and followed their process about dont worry  and it probably isnt "your fault" but then threatens disconnection under fair use policy if I dont resolve it??

 

I have got bit defender, malware bytes and zone alarm on my machine and none have found an issue of any type. ( I know that there can be conflicts with different packages and dont believe this is an issue casing me this grief.

I have made sure there are no rules on port forwarding 

they then basically say you sort it without providing any help on how this should be done other than standard letter descriptions I have already done.

 

it leaves you worried about what they will choose to do thats not your fault. Any comments welcomed

 

regards to all of you

 

13 REPLIES 13

Kain_W
Forum Team (Retired)
Forum Team (Retired)

Hi there RightraxDH,

Thanks for your post and welcome to the community.

Can I ask is this the first letter received on the matter?

Also from following the instructions on the letter, was anything found?

Thanks,

Kain

Hello Kain

I was alarmed to have received the DOS letter. I have been a VM customer for many years and have never had anything like this. I would not know how to carry out a DOS attack.

I followed the letters  advice  on the day I received the  letter so I

  • Reset my hub 3 as per the letter
  • Set all web safe settings as per the letter
  • I have bit defender installed and Malwarebytes no issues all systems clean
  • I have run a Virgin media hub3 traceroute record
  • I have downloaded a 3rd party traceroute app and found nothing untoward
  • I have run GRC shields up and GRC leak test and my PC did not respond to external port scans

I have  a traceroute log done this morning and there are no unusual programs listed ( they are all well known)and its something I wanted to email VM but cant so will print and post.

I don’t know what else I can do or what VM  expects from me. VM letter starts off by saying don’t worry then goes on to be threatening saying its my responsibility to sort this out with potential disconnection of service under fair use policy.

I have been on the forum and others are in a similar situation

My bank holiday has been ruined through worry having seen the letter VM sent and I have spent all this time thoroughly investigating something I feel VM IT experts should spend the time and knowledge doing and not me. VM have  provided little if no information other than mentioning a third party complaint leaving me unable to investigate any more than I have done as shown above.

I have compiled a letter which appears to be the only way to contact VM since they dont provide email links anymore.

VM has a duty of care to your customers complaint but VM  also have a duty of care to this customer in helping resolve this problem not of my doing.

I have disconnected everything connected to the hub 3 other than

  • This PC
  • My Roku for media access
  • My own local media server

Regards

 

Rightrax DH

Hi RightraxDH, 

Thanks for coming back to us on this one and apologies to hear the wording of the letter left you feeling threatened. This is certainly not what was meant. I will pass on your feedback regarding the wording to the relevant teams. 

As long as you have followed the instructions in the letter then there really is no need to worry. 

If you have any further issues, pop back to us and let us know. 

Thanks, 

Kath_F
Forum Team

New around here? Check out the do's and don'ts, in our Community FAQs


Virgin, the way you treat customers is a disgrace. You *cannot* ask us to investigate DDOS *without* giving us the tools to do so, and then on top we are threatened with service disruption or disconnection. To email or send a letter to your customers, to say that a DDOS attack originated from our IP address 7 days ago is plainly idiotic (I've had one to be sure).

The letter/email contains *no* detail as to what happened (ports, protocols, destination), nor when it happened. Knowing the day is not helpful, you need to provide details down to the minute if you are serious about this.

The router has *no* ability to provide traffic flow logs, e.g. when was bandwidth high, and which internal device was it. Additionally, the router whilst CPE, belongs to Virgin, and as such, Virgin should have provisioned for monitoring bandwidth use from private IP addresses, at least in cases where the customer has not set the router up as a bridge.

So forgive me, how on earth can the customer help here? This is ridiculous.

Hi Jepper, thank you for returning to this thread. 

Sincerest apologies again for any frustration caused by the letter, we have fed back internally your concerns regarding the wording. 

Our systems are able to identify an attack, however there is limited detail on what has triggered this. An attack can take place across any device on your network, and multiple things can trigger the system, including Viruses, software and dodgy apps which can hide on your devices.  Anything that can send background ping to the network has the ability to trigger the alarm system.  

As we would not be able to keep a log of every piece of software or app installed across all pieces of equipment on your network we would be unable to advise of exactly what triggered the system. We are just advised of a vulnerability on a device on your network, which we can then report to you. 

The letter is sent from an automated system with the intention of protecting your network, devices and service. As mentioned in the last response from Kath above as long as you have followed the advice in the letter there should be no cause for concern. 

You mentioned in an earlier post you have performed all steps advised in the letter, thanks again for confirming this!

If there is anything further that you would like our advice or support with please let us know. 

All the best. 

 

Molly

legacy1
Alessandro Volta
VM makes this more possible with router mode which adds to the fire the problem is like many drivers for a car one driver can be a bad and the police are not around.

VM are not going to add traffic flow logs to the hub this will add to the cost of the hub make it slow and buggy.
---------------------------------------------------------------

Ok well then stop asking us to investigate, unless *your* network can handle a pathetic 10MBit upstream... Frankly, all broadband in UK including Virgins in beyond pathetic. I'm sitting in Denmark, at my old friends house, not an IT guy. He just has 400Mbit up AND down. I have 100/10, and that's considered fast for non FTTP deployments. No, stop harassing us with stupid emails. If there's a god damn problem with my broadband, email me *immediately* *when* the problem occurs, not 3 days after. Forgive, but I am struggling to contain my tone here. Why has noone got in touch? This forum is also a complete joke, I've yet, after how many years, to come across any reply from Virgin that was even remotely addressing actual issues from expert level users. I'm not talking about silly issues, I'm talking about this type of stuff, or the pathetic wireless chipset on your superhubs (I have ubiquiti APs which are way better in terms of ability serve distance and converge to higher power transmit) - hard to set up to be fair). What about the "Superhubs" that stopped serving DNS yet still able to route traffic (this was an issue for years)??? Where are the answers? Why am I forced to use alternative DNS solutions to get a stable setup?

Hi jepper

Sorry to hear you feel this way about our services, this is very disappointing to hear. As mentioned we have fed back internally your concerns of the wording of the letter you received. 

We appreciate your feedback over the concerns you have with our equipment, we are always looking for ways to improve our customer's journey and experience with us. Glad to hear you have an in home set up that works for you. Please let us know if you are having any further issues or have any questions at all. We'll be here to help on the community forums if needed. 

All the best,

Here to help 🙂
Virgin Media Forums Agent
Carley

So right now, Sat evening, I'm getting 20Mbit out of my usual 110Mbit using Ookla speedtest from a wired Linux box (as in cat6 Gbit to the router).

Server: Kubbur - London (id = 47380)
ISP: Virgin Media
Latency: 9.74 ms (2.64 ms jitter)
Download: 15.42 Mbps (data used: 22.1 MB)
Upload: 9.30 Mbps (data used: 4.4 MB)
Packet Loss: 0.0%
Result URL: https://www.speedtest.net/result/c/b532028a-6410-45d5-85d6-22bed9b729cf

I'll be unsurprised if I receive another snotty email about my participation in a DDOS attack in a few days. Which I can affirmatively say that I'm not. 1) look at the upstream, yeah, my entire nearly shock and awe 10Mbit up is there. Well done Virgin in 2021 (pathetic up speed, come on VM, are we still in 1999?).

2) The only wired devices are running Linux. All my wireless (some Windows, some Android, some Macs) devices can be seen explicitly on my Unifi console, none using more than 0.2Mbit.