ContributionsMost RecentMost LikesSolutionsRe: Received email from VM open DNS vulnerability Great thanks that confirms it that i had set up the interface incorrectly. from external network it now times out. from internal it doesn't. Re: Received email from VM open DNS vulnerability Thanks for your reply. I believe the issue is down to NAT having incorrectly been set to forward request from Interface WAN to 127.0.01 rather than LAN. I've made the change and firewall logs look alot better however i'm not getting any timeouts when running your command as above. Received email from VM open DNS vulnerability I received the email from VM Security that a device has an ODNSR vulnerability. We're writing to let you know that a device connected to your home network has been identified as having a potential Open DNS Resolver (ODNSR) vulnerability. I operate an OPNsense firewall/router with all LAN traffic passing through Unbound DNS configured as the primary resolver. This system has been running for several months, but I recently rebuilt it (earlier this week) to refine its configuration and date it was rebuilt coincides with the date of the scan. The OPNsense device operates on a dedicated subnet, separate from the subnet managed by my Virgin Media Hub 5. I’ve retained the Hub 5 primarily as a Wi-Fi failover/redundancy solution to ensure uninterrupted wireless connectivity in case the OPNsense system requires maintenance or encounters issues. I have checked all configuration again and only thing i forgot to tick was to enable DNSSEC Support, i've now done this. Is there any way this could this be a false positive, how can i get VM to scan again to see if the vulnerability is still present? Re: High Pre RS Errors, is this ok? Thanks for your help, engineer came out and swapped cables and hub. Re: High Pre RS Errors, is this ok? Thanks @Adduxi, Full stat below: 3.0 Downstream channels Channel Frequency (Hz) Power (dBmV) SNR (dB) Modulation Channel ID 1 563000000 10.5 39 QAM 256 20 2 411000000 10.6 39 QAM 256 1 3 419000000 10.6 39 QAM 256 2 4 427000000 10.7 39 QAM 256 3 5 435000000 10.9 39 QAM 256 4 6 443000000 10.8 39 QAM 256 5 7 451000000 11.1 40 QAM 256 6 8 459000000 11.4 40 QAM 256 7 9 467000000 11.6 40 QAM 256 8 10 475000000 11.9 40 QAM 256 9 11 483000000 11.9 40 QAM 256 10 12 491000000 11.7 39 QAM 256 11 13 499000000 11.3 39 QAM 256 12 14 507000000 10.4 39 QAM 256 13 15 515000000 10 39 QAM 256 14 16 523000000 10.2 39 QAM 256 15 17 531000000 10.4 39 QAM 256 16 18 539000000 10.4 39 QAM 256 17 19 547000000 10.4 39 QAM 256 18 20 555000000 10.4 39 QAM 256 19 21 571000000 10.6 39 QAM 256 21 22 579000000 10.6 39 QAM 256 22 23 587000000 10.9 39 QAM 256 23 24 595000000 11.2 39 QAM 256 24 25 603000000 11 39 QAM 256 25 26 611000000 10.7 39 QAM 256 26 27 619000000 10.5 39 QAM 256 27 28 627000000 10.4 39 QAM 256 28 29 635000000 10.1 39 QAM 256 29 30 643000000 10.1 39 QAM 256 30 31 651000000 10.6 39 QAM 256 31 32 659000000 10.9 39 QAM 256 32 3.0 Downstream channels Channel Locked Status RxMER (dB) Pre RS Errors Post RS Errors 1 Locked 39 333 0 2 Locked 39 35 0 3 Locked 39 48 0 4 Locked 39 41 0 5 Locked 39 46 0 6 Locked 39 51 0 7 Locked 40 98 0 8 Locked 40 77 0 9 Locked 40 89 0 10 Locked 40 102 0 11 Locked 40 121 0 12 Locked 39 126 0 13 Locked 39 135 0 14 Locked 39 177 0 15 Locked 39 264 0 16 Locked 39 206 0 17 Locked 39 225 0 18 Locked 39 251 0 19 Locked 39 228 0 20 Locked 39 282 0 21 Locked 39 263 0 22 Locked 39 293 0 23 Locked 39 308 0 24 Locked 39 249 0 25 Locked 39 222 0 26 Locked 39 275 0 27 Locked 39 355 0 28 Locked 39 373 0 29 Locked 39 367 0 30 Locked 39 320 0 31 Locked 39 208 0 32 Locked 39 152 0 3.1 Downstream channels Channel Channel Width (MHz) FFT Type Number of Active Subcarriers Modulation (Active Profile) First Active Subcarrier (Hz) 159 94 4K 1840 QAM 4096 1108 3.1 Downstream channels Channel ID Locked Status RxMER Data (dB) PLC Power (dBmV) Corrected errors (Active Profile) Uncorrectable errors (Active Profile) 159 Locked 41 13.7 3690154867 0 3.0 Upstream channels Channel Frequency (Hz) Power (dBmV) Symbol Rate (ksps) Modulation Channel ID 0 49600000 41.3 5120 QAM 64 1 1 43100000 40.8 5120 QAM 64 2 2 36600000 40.8 5120 QAM 64 3 3 30100000 40.8 5120 QAM 64 4 4 23600000 40.5 5120 QAM 64 5 3.0 Upstream channels Channel Channel Type T1 Timeouts T2 Timeouts T3 Timeouts T4 Timeouts 0 ATDMA 0 0 0 0 1 ATDMA 0 0 0 0 2 ATDMA 0 0 0 0 3 ATDMA 0 0 1 0 4 ATDMA 0 0 0 0 3.1 Upstream channels Channel Channel Width (MHz) Power (dBmV) FFT Type Modulation 6 10 35.0 2K QAM 256 3.1 Upstream channels Channel Channel Type Number of Active Subcarriers First Active Subcarrier (Hz) T3 Timeouts T4 Timeouts 6 OFDMA 200 74000000 0 0 High Pre RS Errors, is this ok? I'm concerned about the number of Pre-RS Errors I'm seeing on my modem. I rebooted the device and allowed it to run for slightly more than a day. Could you please advise whether the current error rate is within acceptable limits? Channel Locked Status RxMER (dB) Pre RS Errors Post RS Errors 1 Locked 39 329 0 2 Locked 40 35 0 3 Locked 39 46 0 4 Locked 39 41 0 5 Locked 40 46 0 6 Locked 40 50 0 7 Locked 39 97 0 8 Locked 39 76 0 9 Locked 39 87 0 10 Locked 40 102 0 11 Locked 40 120 0 12 Locked 40 123 0 13 Locked 39 132 0 14 Locked 39 174 0 15 Locked 39 257 0 16 Locked 39 203 0 17 Locked 39 224 0 18 Locked 39 249 0 19 Locked 39 226 0 20 Locked 39 282 0 21 Locked 39 260 0 22 Locked 39 290 0 23 Locked 39 307 0 24 Locked 39 245 0 25 Locked 39 219 0 26 Locked 39 273 0 27 Locked 39 351 0 28 Locked 39 365 0 29 Locked 39 360 0 30 Locked 39 314 0 31 Locked 39 204 0 32 Locked 39 150 0 Channel ID Locked Status RxMER Data (dB) PLC Power (dBmV) Corrected errors (Active Profile) Uncorrectable errors (Active Profile) 159 Locked 41 13.2 3532591473 0 Solved