Menu
Reply
aaron1996
  • 11
  • 0
  • 1
Tuning in
829 Views
Message 1 of 8
Flag for a moderator

Told home devices are at risk - How do I find out which one?

I recently got an email from virgin media telling me that a device connected to my home network is at risk of a DDoS attack. I am quite unfamiliar with these sort of things but the IP listed in the email begins with an 82 while on my hub it begins with 192... so I don't understand what it is specifically talking about really.

I recently port forwarded to open my Nat type on my PS4, could that be the reason why I am getting this email? Does it mean all my other devices on another IP are still safe? Is there a way to find out which one it is by calling virgin media? Thanks a lot as I'm really concerned about my security right now.

0 Kudos
Reply
用心棒
  • 6.26K
  • 701
  • 2.17K
Very Insightful Person
Very Insightful Person
785 Views
Message 2 of 8
Flag for a moderator

Re: Told home devices are at risk - How do I find out which one?

The IP Address referred to is your public IP Address and this can be found by search for the phrase IP in a search engine, for example on DuckDuckGo reports Your IP address.

Did the email notice direct you to Denial of Service attacks alert or similar help page?

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
aaron1996
  • 11
  • 0
  • 1
Tuning in
703 Views
Message 3 of 8
Flag for a moderator

Re: Told home devices are at risk - How do I find out which one?

Yes it gave me a warning about DDoS, and told me to come onto the security matters board to ask questions. Will they be able to help me with a call?

0 Kudos
Reply
aaron1996
  • 11
  • 0
  • 1
Tuning in
686 Views
Message 4 of 8
Flag for a moderator

Re: Told home devices are at risk - How do I find out which one?

I have just spoken to virgin media and the guy said it may be due to a DDoS attack. Another topic of my call to virgin was that my Playstation was experiencing a lot of lag spikes, the ping is jumping between 60 and 150. I recently port forwarded on the IP of my playstation so the guy is saying I may have had a DDoS attack done on my Playstation, and that its perhaps causing my frustrating connectivity issues. (I did a speed test and its 50mbps + Nat type 2 so I dont get what is causing the issues).

Can you please help me find out the issue and fix it.

0 Kudos
Reply
用心棒
  • 6.26K
  • 701
  • 2.17K
Very Insightful Person
Very Insightful Person
679 Views
Message 5 of 8
Flag for a moderator

Re: Told home devices are at risk - How do I find out which one?

These are separate issue; consider raising the lag issue on the Gaming Support forum.

The DDOS notice concerns a vulnerability within your home network that a miscreant could utilise for a DDOS attack against others; i,e, you are not the victim of DDOS but an unwilling partner in its perpetration. Did the notice mention protocols, ports, amplification?

0 Kudos
Reply
aaron1996
  • 11
  • 0
  • 1
Tuning in
674 Views
Message 6 of 8
Flag for a moderator

Re: Told home devices are at risk - How do I find out which one?

It said that a device connected to my network is having a Multicast DNS vulnerability. They also said that they think that I may have misconfigured my device and could therefore be exploited if not tended to and can cause a DDoS attack on me. Dated 7th Jan.

0 Kudos
Reply
用心棒
  • 6.26K
  • 701
  • 2.17K
Very Insightful Person
Very Insightful Person
666 Views
Message 7 of 8
Flag for a moderator

Re: Told home devices are at risk - How do I find out which one?

Please read this post  mDNS and SSDP vulnerabilities a suggestion for devices in the DMZ where Multicast DNS (mDNS) network traffic is dropped by forwarding it to an unassigned IP Address within your home network.

0 Kudos
Reply
aaron1996
  • 11
  • 0
  • 1
Tuning in
665 Views
Message 8 of 8
Flag for a moderator

Re: Told home devices are at risk - How do I find out which one?

I just realised that the buzzword was the Multicast DNS. I opened the virgin media page which attempts to solve this. It told me to remove any rules that may keep port 5353 open. I have no ports open for that number. Another point was this:

"Virgin Media Super Hub and Hub 3 include a DMZ option. This feature allows for a device using a specific local IP address on your home network (e.g. 192.168.0.2) to bypass your Firewall settings. This is occasionally necessary if you are using a device that has its own firewall configured. If you have a device configured in your firewall's DMZ that does not use its own firewall, it is crucial that you disable this option immediately."

I noticed that the IP for my PS4 had the DMZ enabled. Is that my issue? Do PS4s not have firewalls? I have disabled it.

0 Kudos
Reply