cancel
Showing results for 
Search instead for 
Did you mean: 

Virgin Email about PortMapper Vulnerability

ChrisJL_2005
Joining in

I've had the following email at 16.00 today - partially extracted text:

------------------------------------------------------------------------------

Your Virgin Media account number: 30 - XXXXXXXXX (THIS IS MY ACCOUNT NUMBER SO BLANKED BY ME)
Our Reference: VMIS70-Portmapper-F010813545

Dear Mr Land,

Your home devices could be at risk

We're writing to let you know that a device connected to your home network has been identified as having a potential Portmapper vulnerability.

A Portmapper vulnerability is a security issue whereby a 3rd party can use this protocol to gain unauthorised access to your network/devices for malicious purposes. If a 3rd party has access to your network/devices they will be able to perform a Distributed Denial of Service (DDoS) attack.

It is therefore important that you follow the advice in this letter.

What has happened?

We suspect the device may have been misconfigured by you, someone in your household or without your knowledge. If the settings are left unchanged they can be exploited to unwittingly participate in malicious activities, for example a Distributed Denial of Service (DDoS) attack.

Details:

IP: (MY VIRGIN IP ADDRESS SO BLANKED BY ME)
Date: 10 July 2023

How can this issue be resolved?

To fix this problem please visit virginmedia.com/portmapper for guidance on how to secure your network.

------------------------------------------

Is this valid?

If so I cannot find anything specific in my TP-Link Deco app (my Virgin Hub is in modem mode) to allow me to to carry out the instructions to block any relevant port as per this on Virgin Security site:

Portmapper (also known as RPC Bind or RPC Portmap) is a service used by computer systems to assist with networking tasks. Unfortunately, Portmapper currently has a bug that can allow remote third-party attackers to gain unauthorised access and perform Distributed Denial of Service (DDoS) attacks against target machines. A remote attacker can take advantage of this bug by sending a specially crafted request to an affected Portmapper server.

Block external Portmapper traffic

The easiest way to fix an open Portmapper vulnerability is to set your firewall to block UDP port 111.

My firewall is on on both my Router and my NAS (which is set to block external attacks on is external ports.)

I recently added a new Canon printer. Is this the risk?

Thanks for any advice.

Chris

 

5 REPLIES 5

Adri_G
Forum Team (Retired)
Forum Team (Retired)

Hi there ChrisJL_2005, thanks for reaching our forum team and for joining the VM community.
Great to have you on board! 🙂

We're sorry to see there's an online security issue raised and you've received this message above, our security team may send such alerts when suspicious activity is detected so we make sure your data and sensitive info remains safe.

Can we ask if you've attempted to change your password since you've received this or took any other actions related to our advice on this page?

Also, you said your hub is currently on modem mode, have you tried our suggested steps with your hub on router mode and the Wi Fi switched on / 3rd party equipment removed?

Let us know more and we're eager to assist further.

Adri
Forum Team

New around here? Check out the do's and don'ts, in our Community FAQs


Omadawn
Up to speed
<snip>

I recently added a new Canon printer. Is this the risk?

Thanks for any advice.

Chris

 


Possibly yes, it is, often devices try to ‘help’ by using uPnP to open ports on the firewall.

What I would suggest is this, you say you are in modem mode with your own router, good, which router is it? Can you log into it and disable uPnP, it is often on by default but really shouldn’t be. Depending on how sophisticated it is, you could also try blocking port 111 traffic both inbound and outbound.

Ultimately, though, these ‘warnings’ are a bit of a blunt instrument, generated by a third party acting on VM’s behalf. If you have made reasonable attempts to find out why they have sent the messages to you, and come up empty, then just ignore it - despite apocalyptic sounding messages threatening all sorts, in reality, absolutely nothing will happen. 

Thanks for the response.

As I read the advice (https://www.virginmedia.com/help/security/network-vulnerability-alerts) the Super Hub 3 when in modem mode allows everything through to the router (in my case a TP-Link Deco mesh wi-fi router) which then handles all the relevant functionality. If I revert the SH3 to modem/router then I can block any port settings therein. However, that is useless to me when I revert to modem mode as all that functionality is then turned off and is handled by the Deco.

The SH3 is inadequate on its own, as a wireless router, to service the whole house with fast wi-fi.

As i said I'm running a firewall on the router and on my DiskStation NAS and on my PC (and other PCs in the house).

What i'm struggling to find is access to to advanced port forwarding rules in the Deco X-20 itself.

And I havn't changed my password yet.

Chris.

Thanks for your comments.

What i'm struggling to find is access to to advanced port forwarding rules in the Deco X-20 itself.

My NAS has previously created any port forwarding rules (I have a Synology Diskstation) so I can access it remotely from say my iPad, but I cannot see the Canon being able to access that to write a rule which then ends up on the Deco X-20.

Chris

用心棒
Very Insightful Person
Very Insightful Person

@ChrisJL_2005 wrote:

What i'm struggling to find is access to to advanced port forwarding rules in the Deco X-20 itself.

Is this article of any help, How to set up Port Forwarding feature on the Deco | TP-Link United Kingdom

-- 
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click helpful.jpeg Mark as Helpful Answer and solved, or use thanks.jpeg Kudos to say thanks