Hi there RightraxDH,

Thanks for your post and welcome to the community.

Can I ask is this the first letter received on the matter?

Also from following the instructions on the letter, was anything found?

Thanks,

Hello Kain

I was alarmed to have received the DOS letter. I have been a VM customer for many years and have never had anything like this. I would not know how to carry out a DOS attack.

I followed the letters  advice  on the day I received the  letter so I

• Reset my hub 3 as per the letter
• Set all web safe settings as per the letter
• I have bit defender installed and Malwarebytes no issues all systems clean
• I have run a Virgin media hub3 traceroute record
• I have downloaded a 3rd party traceroute app and found nothing untoward
• I have run GRC shields up and GRC leak test and my PC did not respond to external port scans

I have  a traceroute log done this morning and there are no unusual programs listed ( they are all well known)and its something I wanted to email VM but cant so will print and post.

I don’t know what else I can do or what VM  expects from me. VM letter starts off by saying don’t worry then goes on to be threatening saying its my responsibility to sort this out with potential disconnection of service under fair use policy.

I have been on the forum and others are in a similar situation

My bank holiday has been ruined through worry having seen the letter VM sent and I have spent all this time thoroughly investigating something I feel VM IT experts should spend the time and knowledge doing and not me. VM have  provided little if no information other than mentioning a third party complaint leaving me unable to investigate any more than I have done as shown above.

I have compiled a letter which appears to be the only way to contact VM since they dont provide email links anymore.

VM has a duty of care to your customers complaint but VM  also have a duty of care to this customer in helping resolve this problem not of my doing.

I have disconnected everything connected to the hub 3 other than

• This PC
• My Roku for media access
• My own local media server

Regards

Rightrax DH

Hi RightraxDH, 

Thanks for coming back to us on this one and apologies to hear the wording of the letter left you feeling threatened. This is certainly not what was meant. I will pass on your feedback regarding the wording to the relevant teams. 

As long as you have followed the instructions in the letter then there really is no need to worry. 

If you have any further issues, pop back to us and let us know. 

Thanks, 

Virgin, the way you treat customers is a disgrace. You *cannot* ask us to investigate DDOS *without* giving us the tools to do so, and then on top we are threatened with service disruption or disconnection. To email or send a letter to your customers, to say that a DDOS attack originated from our IP address 7 days ago is plainly idiotic (I've had one to be sure).

The letter/email contains *no* detail as to what happened (ports, protocols, destination), nor when it happened. Knowing the day is not helpful, you need to provide details down to the minute if you are serious about this.

The router has *no* ability to provide traffic flow logs, e.g. when was bandwidth high, and which internal device was it. Additionally, the router whilst CPE, belongs to Virgin, and as such, Virgin should have provisioned for monitoring bandwidth use from private IP addresses, at least in cases where the customer has not set the router up as a bridge.

So forgive me, how on earth can the customer help here? This is ridiculous.

Hi Jepper, thank you for returning to this thread. 

Sincerest apologies again for any frustration caused by the letter, we have fed back internally your concerns regarding the wording. 

Our systems are able to identify an attack, however there is limited detail on what has triggered this. An attack can take place across any device on your network, and multiple things can trigger the system, including Viruses, software and dodgy apps which can hide on your devices.  Anything that can send background ping to the network has the ability to trigger the alarm system.  

As we would not be able to keep a log of every piece of software or app installed across all pieces of equipment on your network we would be unable to advise of exactly what triggered the system. We are just advised of a vulnerability on a device on your network, which we can then report to you. 

The letter is sent from an automated system with the intention of protecting your network, devices and service. As mentioned in the last response from Kath above as long as you have followed the advice in the letter there should be no cause for concern. 

You mentioned in an earlier post you have performed all steps advised in the letter, thanks again for confirming this!

If there is anything further that you would like our advice or support with please let us know. 

All the best. 

Ok well then stop asking us to investigate, unless *your* network can handle a pathetic 10MBit upstream... Frankly, all broadband in UK including Virgins in beyond pathetic. I'm sitting in Denmark, at my old friends house, not an IT guy. He just has 400Mbit up AND down. I have 100/10, and that's considered fast for non FTTP deployments. No, stop harassing us with stupid emails. If there's a god damn problem with my broadband, email me *immediately* *when* the problem occurs, not 3 days after. Forgive, but I am struggling to contain my tone here. Why has noone got in touch? This forum is also a complete joke, I've yet, after how many years, to come across any reply from Virgin that was even remotely addressing actual issues from expert level users. I'm not talking about silly issues, I'm talking about this type of stuff, or the pathetic wireless chipset on your superhubs (I have ubiquiti APs which are way better in terms of ability serve distance and converge to higher power transmit) - hard to set up to be fair). What about the "Superhubs" that stopped serving DNS yet still able to route traffic (this was an issue for years)??? Where are the answers? Why am I forced to use alternative DNS solutions to get a stable setup?

Hi jepper

Sorry to hear you feel this way about our services, this is very disappointing to hear. As mentioned we have fed back internally your concerns of the wording of the letter you received. 

We appreciate your feedback over the concerns you have with our equipment, we are always looking for ways to improve our customer's journey and experience with us. Glad to hear you have an in home set up that works for you. Please let us know if you are having any further issues or have any questions at all. We'll be here to help on the community forums if needed. 

All the best,

So right now, Sat evening, I'm getting 20Mbit out of my usual 110Mbit using Ookla speedtest from a wired Linux box (as in cat6 Gbit to the router).

Server: Kubbur - London (id = 47380)
ISP: Virgin Media
Latency: 9.74 ms (2.64 ms jitter)
Download: 15.42 Mbps (data used: 22.1 MB)
Upload: 9.30 Mbps (data used: 4.4 MB)
Packet Loss: 0.0%
Result URL: https://www.speedtest.net/result/c/b532028a-6410-45d5-85d6-22bed9b729cf

I'll be unsurprised if I receive another snotty email about my participation in a DDOS attack in a few days. Which I can affirmatively say that I'm not. 1) look at the upstream, yeah, my entire nearly shock and awe 10Mbit up is there. Well done Virgin in 2021 (pathetic up speed, come on VM, are we still in 1999?).

2) The only wired devices are running Linux. All my wireless (some Windows, some Android, some Macs) devices can be seen explicitly on my Unifi console, none using more than 0.2Mbit.