Menu
Reply
Highlighted
  • 7
  • 0
  • 1
Tuning in
1,198 Views
Message 1 of 11
Flag for a moderator

SNMP Vulnerability

I have had a few notices recently saying one of my devices may have an SNMP vulnerability. I have checked for rules in the hub 3 settings to delete that use ports 161/2 but the only one there does not allow me to delete it. The IP address that has automatically created it is from my CCTV system which I assume is to allow me to view remotely. I cannot see anything in the CCTV settings where port 161 is mentioned to change it. Is there a way I can block the port completely to stop getting more notices through? Thanks

0 Kudos
Reply
Highlighted
  • 5.91K
  • 1.12K
  • 1.56K
Very Insightful Person
Very Insightful Person
1,189 Views
Message 2 of 11
Flag for a moderator

Re: SNMP Vulnerability

Hello

As long as the hub doesn't have a forwarded port in your case 161/162, then nothing from the internet can access that device.

Where is this message coming up, do you have a screenshot of it ?

Regards Mike

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 7
  • 0
  • 1
Tuning in
1,180 Views
Message 3 of 11
Flag for a moderator

Re: SNMP Vulnerability

it is an email from internet-security@virginmedia.com

Please take action now: your home devices could be at risk

 

We have been alerted on four separate occasions that a device connected to your home network may have an SNMP vulnerability

 

Thanks Mike 🙂

0 Kudos
Reply
Highlighted
  • 5.91K
  • 1.12K
  • 1.56K
Very Insightful Person
Very Insightful Person
1,176 Views
Message 4 of 11
Flag for a moderator

Re: SNMP Vulnerability

Hello

Thanks for getting back to me, it is something on your home network, so here is the instruction from virginmedia - https://www.virginmedia.com/help/snmp-vulnerability-alert one other thing that isnt mentioned make sure any computer you have on your home network are up to date.

 

Regards Mike

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 7
  • 0
  • 1
Tuning in
1,169 Views
Message 5 of 11
Flag for a moderator

Re: SNMP Vulnerability

I have done all of that but there are no rules I can delete. As in my original post the only thing that mentions port 161 is an automatic rule generated from an IP that is my CCTV system - there is nothing in my CCTV settings that shows port 161 being required so cannot remove it there either. Stumped!

0 Kudos
Reply
Highlighted
  • 5.91K
  • 1.12K
  • 1.56K
Very Insightful Person
Very Insightful Person
1,165 Views
Message 6 of 11
Flag for a moderator

Re: SNMP Vulnerability

Hello

So it looks like the CCTV is setting that up which is why you getting the messages. As you have done everything on your side and the hub the next point off call would be the manufacture of the CCTV system as from what you have said it is basically phoning home.

I have a good look around and cannot find anything else that could stop it, maybe a VM staff member would like to comment.

Regards Mike

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 7
  • 0
  • 1
Tuning in
1,163 Views
Message 7 of 11
Flag for a moderator

Re: SNMP Vulnerability

Thanks Mike 😊

0 Kudos
Reply
Highlighted
  • 4
  • 1
  • 0
Tuning in
904 Views
Message 8 of 11
Flag for a moderator
Helpful Answer

Re: SNMP Vulnerability

I have been experiencing the same issue and I was perplexed to see that there was no apparent way of disabling the 161.  Like you I noticed that there was an automatic rule referencing the port which which was automatically applied by something called UPnP.  I later found out that this is a reference to universal plug and play and all the security websites I visited suggested that this should be disabled immediately as this was a source of vulnerability.  I went down to the UPnP tab and disabled this.  All automatic rules then disappeared including the rule applying to port 161 so I am assuming that this port has been disabled.

Be warned, I have absolutely no idea what I am doing and just hope that I have not disabled something important. So far so good.

0 Kudos
Reply
Highlighted
  • 1.43K
  • 202
  • 672
Very Insightful Person
Very Insightful Person
890 Views
Message 9 of 11
Flag for a moderator
Helpful Answer

Re: SNMP Vulnerability

Ah yes the delights (and security implications) of UPnP!

The logic behind it is this, you have a CCTV camera which you might want to view from outside your home network, that's a real problem because the firewall in the Hub blocks any incoming traffic from the outside getting into your internal network unless it has been started by a device already in the inside - that's a bit of a massive oversimplification, I'm afraid.

So what you need to do is to make 'holes' in the firewall specifically to allow traffic in from the outside but only if it is a specific 'type' and if so forward it to a specific device on your network. This is referred to as port forwarding and to do it manually, you need the required information all to hand, the skill to know how to do it and frankly the VM Hub makes hard work of doing it at the best of times!

Introducing UPnP; which is a sort of industry standard for devices to automatically configure the firewall and basically say to them, my IP address is a.b.c.d, and I'd like you to allow any incoming traffic on these specific port numbers and forward it to me - thank you very much. And if UPnP is enabled then the firewall sets itself up accordingly.

You don't need to be a genius to work out what a massive potential security flaw this can be, it's all nice and convenient for you but you now have no idea what your devices are doing or what is being allowed in. I hate UPnP with a passion and kill it whenever I come across it on domestic equipment.

By turning it off, what you have probably done is to block access to your CCTV camera from the outside - if you want to get that working again, you'll need to consult the documentation for the camera to see what ports are required to be opened and secondly you will need to know the private IP address of the camera (ie the address that the Hub has allocated to it). And if you get stuck then come back here, there are plenty of posters who will be able to walk your through setting it all up or at least point you in the right direction.

Highlighted
  • 7
  • 0
  • 1
Tuning in
866 Views
Message 10 of 11
Flag for a moderator

Re: SNMP Vulnerability

Thanks guys. I have taken another look at the CCTV settings and found it in UPnP so turned it off. No more mentions in the hub settings so hopefully no more emails about vulnerability. CCTV remote app still workin too!