Menu
Reply
paulwarwicker
  • 10
  • 0
  • 4
Tuning in
873 Views
Message 1 of 10
Flag for a moderator

Report of an open DNS resolver

I have been sent an email and a letter stating that I have an open DNS resolver.

I have verified that this is not the case using two web-based checks and also by using dig on two independent systems. I have also been in touch with shadowserver.org to discuss the false positive. They have confirmed that VM is a subscriber to their reports and that they have never reported my IP address.

Can you please explain why this was reported to me?

Thank you
-paul

kreid4
  • 166
  • 6
  • 44
Superfast
739 Views
Message 2 of 10
Flag for a moderator

Re: Report of an open DNS resolver

Same applies to me.

I can find no evidence of an open DNS server when I conduct independant external test.  

Why are VM sending these letters without factual evidence? The letters are alarmist and misleading.

Thank you

Regards

Kreid4

0 Kudos
Reply
用心棒
  • 5.8K
  • 652
  • 2.01K
Very Insightful Person
Very Insightful Person
704 Views
Message 3 of 10
Flag for a moderator

Re: Report of an open DNS resolver


@paulwarwicker wrote:

I have been sent an email and a letter stating that I have an open DNS resolver.

I have verified that this is not the case using two web-based checks and also by using dig on two independent systems. I have also been in touch with shadowserver.org to discuss the false positive. They have confirmed that VM is a subscriber to their reports and that they have never reported my IP address.

Can you please explain why this was reported to me?


Is it possible your public IP Address changed between the reported detection date and receipt of the Open Resolver Scanning Project notice?

 

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

  Use Kudos to say thanks

  Mark as Helpful Answer if I've helped

0 Kudos
Reply
用心棒
  • 5.8K
  • 652
  • 2.01K
Very Insightful Person
Very Insightful Person
701 Views
Message 4 of 10
Flag for a moderator

Re: Report of an open DNS resolver


@kreid4 wrote:

Same applies to me.

I can find no evidence of an open DNS server when I conduct independant external test.  

Why are VM sending these letters without factual evidence? The letters are alarmist and misleading.


Have Shadowserver confirmed to you that your IP Address was not reported to Virgin Media?

 

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

  Use Kudos to say thanks

  Mark as Helpful Answer if I've helped

0 Kudos
Reply
paulwarwicker
  • 10
  • 0
  • 4
Tuning in
599 Views
Message 5 of 10
Flag for a moderator

Re: Report of an open DNS resolver

Sorry. I had missed that you had commented.

No. I have been on the same IP address for months. Probably even for more than a year.

Thanks
-paul

0 Kudos
Reply
paulwarwicker
  • 10
  • 0
  • 4
Tuning in
592 Views
Message 6 of 10
Flag for a moderator

Re: Report of an open DNS resolver

@Virgin Media. Can I have a reply, please?

Shadowserver has contacted me on at least 5 times already regarding this, which is welcome. I mentioned that you have been totally silent over this. They said:

"They are usually very good in terms of managing our reports so hopefully they will come back to you."

What is disappointing is that we are trying to do the responsible thing here, but you are not co-operating when there is an issue.

Thanks
-paul

0 Kudos
Reply
Anonymous
Not applicable
589 Views
Message 7 of 10
Flag for a moderator

Re: Report of an open DNS resolver

what are you expecting VM to be able to tell you.

The 3rd party sent them a list of IP addresses. They will know nothing else other then your IP was on a list from Shadowserver.

Its shadow server that will have any detection info
0 Kudos
Reply
paulwarwicker
  • 10
  • 0
  • 4
Tuning in
586 Views
Message 8 of 10
Flag for a moderator

Re: Report of an open DNS resolver

They will know who had that IP address at that time. As I stated in the original post, Shadowserver has never flagged that IP as having an Open DNS Resolver. They knew exactly what ports I had open because they told me.

Acknowledging that there could possibly be an issue or even a PM from them rather than silence would be appreciated. You can look back in the forums and there are a few reports of false positives.

-paul

0 Kudos
Reply
Anonymous
Not applicable
583 Views
Message 9 of 10
Flag for a moderator

Re: Report of an open DNS resolver

but you said you have had the IP address for ages. so you had the IP address. Don't think you will get any useful info. Just ignore it and move on. False positives happen
0 Kudos
Reply
paulwarwicker
  • 10
  • 0
  • 4
Tuning in
556 Views
Message 10 of 10
Flag for a moderator

Re: Report of an open DNS resolver

> Just ignore it and move on. False positives happen

I could, and quite easily. We could also ignore the fact that VM will probably go on making similar mistakes. That is my gripe.

Once I had checked that I had no unexpected open ports, to be honest, I wasn't particularly bothered, just curious.

As you say, false positives happen. And out of the no doubt millions of correct outcomes, I'm only asking where exactly did that information come from? I don't think that is much to ask. If VM aggregate the information from multiple sources, then maybe they could explain their sources rather than allowing us to just assume that it is Shadowserver which created the false positive. It is apparent that this did not happen in my case.

Cheers
-paul

0 Kudos
Reply