How to deal with denial of service attacks

Learn all about Denial-of-Service (DoS) attacks and what you can do to protect against them.



What is a Denial-of-Service attack

This is a form of malicious attack that attempts to make a machine, network resource or website unavailable by overloading the target system with traffic. There are 2 types of malicious attack that fit the category:

  • A Denial-of-Service (DoS) attempts to overload the target system with traffic from a single IP address.

  • A Distributed Denial of Service (DDoS) attack involves thousands of users generating traffic from multiple IP addresses at the same time to overload the target.


Types of DDOS attacks

There are three main types of DDoS attack: Volume-based attacks overwhelm a server or website with massive amounts of bogus traffic. Protocol or network-layer attacks target network infrastructure with large numbers of packets, or slow or malformed pings. Application-layer attacks target apps directly, rather than the underlying infrastructure, by flooding it with maliciously crafted requests.


How do I know if I'm being DDOS?

DDoS attacks can cause the victim to experience slow speeds or a loss of Internet connection, but can also cause entire websites, apps or businesses to go offline.


What can I do if I’m a victim of a DOS attack?

If you are the victim of a Denial-of-Service attack, you should raise a complaint with the Internet Service Provider (ISP) that owns the IP addresses the attacks are being made from. To find the ISP, you’ll need to look through the Hub’s Firewall and Network logs and pick out the IP addresses that have sent excessive traffic your way. To identify the ISP you need to contact, you can use Whois (and Ping.eu can help too). Simply enter and search the IP addresses that have been sending the excessive requests, and the site will tell you which Internet Service Provider owns them. In most cases, a Whois search will also provide the ISP’s contact details. You can then get in contact directly and raise a complaint.


Denial of Service attacks alert

You might have received a letter or email from Virgin Media about malicious traffic that has originated from a device on your home broadband connection. If you have, there’s no need to worry. The advice on this page should help sort things out.

You’ll received one of these letters if it appears a device on your home network has participated in a Denial-of-Service attack. We take these attacks very seriously, so when we think a customer of ours has a security issue on their network, we send them an alert with advice on what to do next.

We’ll have received a report that suggests malicious traffic is originating from a device on your home network. We realise this is unlikely to be your fault, but this kind of abuse is against our Acceptable Use Policy. If the abuse continues, we may have to suspend or cancel your broadband service.

For this reason, it’s important you follow the advice in this article.


How to prevent or stop Denial-of-Service attacks

If you have a basic knowledge of computers and connected devices, there are some steps you can take to secure your email inbox and home network. Please follow the steps below*: Check your routers firewall settings The most common cause of this type of problem is through a misconfiguration in your router’s firewall settings. To check the firewall rules, find your broadband router from the options below and follow the steps:

To check for open ports on the Virgin Media Hub 3:

  1. Access your Hub's configuration page (default web address: 192.168.0.1)

  2. Login with your username and password (default will be shown on the Hub itself)

  3. Select Security on the left side of the page

  4. Select the Port Forwarding option

  5. Remove any rules for ports that you don’t specifically need open. If you are not running any servers then you most likely do not need any ports open.

To check for open ports on the Super Hub 1 or 2’s firewall:

  1. Access your Hub's configuration page (default web address: 192.168.0.1)

  2. Login with your username and password (default will be shown on the Hub itself)

  3. Select Advanced Settings and accept the prompt

  4. Scroll down to the Security section

  5. Select the Port Forwarding option

  6. Remove any rules for ports that you don’t specifically need open. If you are not running any servers then you most likely do not need any ports open.

If you are using a 3rd party router along with the Virgin Media Super Hub or Hub 3, your router's firewall will need to be configured so only the ports that specifically need to be exposed to the Internet are open. If you are not running any servers on your home network, then you most likely do not need any ports open at all.

Check out the router’s manual or the manufacturer’s support site for more information.

Make sure all your devices are protected by a firewall It is important to check all your devices sit behind a firewall. In most cases your firewall is configured as a part of your router – and this is the case with the Virgin Media Super Hub and Hub 3. If you have specifically disabled the Firewall in your router, it is crucial that you configure your device so it is protected by a firewall.

If you are using your Virgin Media Super Hub or Hub 3 in Modem Only mode, it is essential that you use a firewall on any device or router that is plugged directly into the Hub. When in Modem Only mode, your Hub does not operate with a firewall.

Most firewalls, including the one provided with the Virgin Media Super Hub and Hub 3 include a DMZ option. This feature allows for a device using a specific local IP address on your home network (e.g. 192.168.0.2) to bypass your firewall settings. This is occasionally necessary if you are using a device that has its own firewall configured.

If you have a device configured in your firewall's DMZ that does not use its own firewall, it is crucial that you disable this option immediately. Computers operating without a firewall are extremely vulnerable to attack as all ports are exposed to the wider Internet.

Check your device for viruses If you have not identified any issues through the firewall steps, then it is likely that a device on your home network is infected with malware that is participating in online abusive activity. We recommend running anti-virus scans across all your devices to detect and remove any infections. If you have an existing security package installed, please consult the instructions on how to remove infections from your device. If you do not have an existing anti-virus, virgin media internet security can help protect your devices from malicious software. Get up-to-date software Keep your operating system and application software up-to-date and install software patches so attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.


Denial-of-Service attacks FAQ

Need more help with Denial-of-Service attacks? Check out our FAQs below:

No, we cannot change IP addresses for individual customers. If you are using a Super Hub or Hub 3.0 you could boot it into Modem Only mode until the attacks stop – this will provide you with a different IP address while you are in Modem Only mode.

Modem Only mode on a Superhub only provides an Internet connection over one Ethernet port, and wireless access will not work. If you have one, you can attach a 3rd party router to the Superhub to use its wireless function instead. You should also make sure any device you connect to the router while in Modem Only mode is protected by a firewall.

Incidents of Denial-of-Service attacks originating from an IP address belonging to Virgin Media should be reported via our Abuse Reporting Form.


Where can I find more help and support with DoS or DDoS attacks

If you’d like further advice, then our forum community will be happy to help. Just visit our online community and join the conversation on our Security Matters board. You can also find general security advice and articles on other vulnerabilities by checking out the Security Hub. If you want to learn more about staying safe online, browse our online security articles. *These fixes are provided as a courtesy and we are not responsible for any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.