Do not use hub default passwords always change them for both settings page and wifi makes hacking more difficult.
Tried my old tp-link router today and and it had so many vulnerabilities -9 that the virgin hub 3 is more secure and updated regularly with firmware.
I looked at ports on my laptops using the netstat command and was amazed at how many ports were connected so have reset the windows firewall to default settings, many connections were unknown and strange.
Regarding open port 7547 I would hope virgin would themselves monitor/test the port for security implications and some members do have concerns.
All other ports connecting from the hub to the internet are filtered by virgin so secure.
A hacker can try to connect to every computer connection in the uk in one day, and other equipment that is connected like printers, tv's etc
Security is easily compromised , had some malware today but got rid of it with windows defender.
to take advantage of open ports hackers need to find a vulnerability in a programme, not sure if this would apply to the virgin open port 7547, depends what it is doing and software used and if is not up to date/having a vulnerability
How the hacker can make use of an open port relies completely on there being an insecure program on your computer. For example if a packet arrives destined for port 99, and there is an application listening for communication on port 99 and that application can be taken over by sending it certain information - then a hacker that knows about this vulnerability (or using a tool that knows about it) can take over that program.
firewalls can normally be setup to block any chosen port but hub firewalls depends if the router is isp or own router and is the first line of defence but not as good as expensive hardware firewalls that companies use which can cost £1000's
not sure how to do that -forward port-and what ip could it be sent to, would this then protect computers connected to hub
would forwarding port 7547 prevent updates of hub/firmware and normal operation.
the port 7547 remains open for operational reason (same as bt hubs) and is not filtered or closed after updates but is listening 24/7
my port 7547 may have been "closed", if infected hackers "close" the port 7547 to stop listening hackers can then open port 80, rebooting opens port 7547 clearing the infection until it is re-infected. That is why I detected port 7547 recently after re-boots, not noticed it before on router checks, but it is not a common port so most port scanners do not test his port, I found it using a router check app on android which displayed a vulnerability.
I came across this today, not because I'm directly affected but a previous Virgin Media IP address I had was being monitored by shodan.io, my IP changed recently, in what looks like some recent network segmentation changes. My old IP that was still being monitored as I hadn't changed it, is now showing 7547 TCP as open now, which I know is CWMP/TR-069. I've never seen it directly open before, but I've not used router mode for years on any Virgin Media router/modem device, so it could be the fact I've been modem mode for many years I could have never noticed.
Is this something that's been common with router mode?
OP mentioned their area reference was 30, I'm the same, so I found that interesting.
my ip address switched a week ago, the old ip address is still active and with same location.
following the switch I had strange behaviour on saturday with my wifi connection reading open (no password for a few minutes)
I also lost access to the hub settings page and had to reboot, all these event happened after my ip address changed.
I then did some checks and found the open port 7547, not seen this before on my old ip address
Regarding modem mode I am unsure if port 7547 still functions but may be used when switching back to router mode.
shodan - not used this before but requites registration so have not tried this, it can be used to search for internet connections and equipment and is very useful for hackers.
I am using router mode at the moment, my own tp-link router is outdated so stopped using modem mode and rely on the hub3 now.
If a do port 7547 check, it is now open on both my new and old ip address both in same location.
Even more interesting-
old ip addresses I have had via virgin-checked all to see status of port 7547 (router or modem mode used both) all tested 21/10/2020 Yougetsignal
(note that I kept a record of my old ip addreses)
my town- new ip address 17/10/2020 port 7547 open (new) me
my town- old ip address re-allocated port 7547 now open (was closed) 17/10/2020 another customer given my old ip
my town- old ip address re-allocated port 7547 closed another customer
my town- old ip address re-allocated port 7547 closed another customer
my old ip address walthamstow re-allocated port 7547 closed another customer
my old ip address rotherham re-allocated port 7547 open another customer
my old ip address shrewsbury re-allocated port 7547 closed another customer
my old ip address portsmouth re-allocated port 7547 open another customer
The port 7547 used for CWMP/TR-069 can be either closed or open depending on the virgin ip address
Virgin have mentioned this is standard port used for their updates, diagnostics and back office. (listening port)
That been the case why do some customers have a closed port 7547 and some have an open port 7547 ??????
Is this because some are in modem mode so port 7547 not used, or could the port 7547 be open for some customers and closed for others.
I only notice the port was open on Saturday, I do a router check which I have been doing for a year, but it did not show as an open port but as a vulnerability a port used for TR-069 protocol which and commonly found (usual), I then tested the port and found it open to the internet which means it could be hacked if someone had the skill to do that, any open port is a target.
I presume James that your new IP address port 7547 is closed, does it still show in modem mode as a closed/open or filtered port in a port scan.
Normal port scans ignore this port 7547, a scan require an individual port scan, I used Yougetsignal
I have never seen TCP 7547 open before, but my long time use of modem mode may be why. Under modem mode TCP 7547 isn't open on LAN side or WAN but as the Hub3 isn't handling NAT and such, that would be why. I find it strange though, because I know VM can log into the modem in modem mode as I've seen it done, so they can access the management side when it's under the 10.0.0.0/8 subnet. It seems odd to have 7547 exposed to all on the WAN. Of course, it looks like there are restrictions in place when you try and query the port, but if there is a vulnerability found, good luck. You'd think perhaps the port being open would be restricted to Virgin Media's management systems under a select set of IP ranges, rather than all, but the port being open, doesn't necessarily mean you can do anything.
However the random nature of some being open and some not is interesting. My parent has a VM connection in the same area as me, they are using the Hub3 in router mode, port 7547 is not open on their IP. I use shodan to monitor IPs and it has never pinged any listening service for CWMP, so it's not consistent.
Shodan basically probes anything that's on the internet and maps it, sure it's useful for hackers but it's also a useful project for security researchers and other non criminal purposes too. I didn't realise you couldn't see the data as I do have a registered account and paid plan, for my work, but I can tell you as of right now, the count of TCP 7547 being open found by Shodan is now 421,932 (at the time of querying), yesterday this was around 235,000 and was increasing every few minutes. If this was happening before, you'd expect the number to be significantly higher given the amount of VM customers.