What is the Multicast DNS vulnerability alert?
You may have recently received a letter and/or email from Virgin Media explaining that we have been notified that a device on your network has a vulnerability known as an open Multicast DNS. If you have received such a communication from us, please follow the advice given on this page to resolve the issue.
Multicast DNS is used to resolve host names to IP address on a small computer network. It is commonly used to share music and video streaming services between devices on your home network. When exposed to the wider Internet, it can be misused by 3rd parties in order to commit abuse.
What has happened?
We work with a number of not-for-profit organisations across the banking industry and security sectors that collate information on devices across the Internet that appear to be compromised or misconfigured. This means that your compromised or misconfigured device is publicly accessible on the Internet, and therefore the scanning that is performed by these organisations is not within your private network.
We suspect a device connected to your home network may have an open Multicast DNS vulnerability.
For more information on these reports please visit mdns.shadowserver.org*
If the settings are left open they can be exploited to unwittingly participate in malicious activities, for example, a Distributed Denial of Service (DDoS) attack.
It is therefore important that you follow the advice in this article. **
How can the issue be fixed?
Where can I find further information and advice?
If you’d like further advice then our forum community will be happy to help. Just visit virginmedia.com/community and join the conversation on our Security Matters board.
You can find general security advice and articles on other vulnerabilities by checking Security Hub at virginmedia.com/securityhub
*These links to external sites are provided as a courtesy and we are not responsible for the content of these sites or any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.
** These fixes are provided as a courtesy and we are not responsible for any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.