Remote Desktop Protocol server notification

You may have received an email from us recently explaining that we’ve been notified of a device on your network that’s been configured as a Remote Desktop Protocol (RDP) server. This means the device can be accessed from outside your home network.

This notification is simply to make sure you’re aware of this and what it means. Once you’ve finished reading, you only need to take action if you think it’s needed. *

What has happened?  

Remote Desktop Protocol is a screen sharing system that allows computers to be accessed remotely from another device on the internet.

For your safety, we work with a number of not-for-profit banking and security organisations that collect information on devices across the internet that appear to be misconfigured and/or at risk.

A device on your network has shown signs of running a Remote Desktop Protocol server exposed to the wider internet. By default, older versions of the protocol don’t make use of encryption, meaning information being passed to and from your device could be accessed by a third party.

For more information on these reports please visit rdpscan.shadowserver.org **

What can I do about it?

Choose the option below that best fits your situation:

If you’ve purposely configured a Remote Desktop Protocol server on a device in your home, we suggest ensuring it is updated to the latest version, which includes support for encryption. If you’re using the RDP server that comes with the Windows operating system, then updating Windows to the latest version will do this for you.

If you’re aware of the risks involved in using Remote Desktop Protocol over the internet, or you’ve taken steps to ensure the traffic is encrypted, then you may decide no further action is needed.

It’s possible that a Remote Desktop Protocol has been enabled on a device using your internet connection by default, or that the setting has been switched on accidentally.

If you don’t need any of your devices to be accessible outside of your local network, then we recommend closing the ports that Remote Desktop Protocol uses in your Super Hub or router’s configuration. There are instructions below to guide you through this.

It’s worth noting that blocking this port will stop traffic leaving or entering your home network over this port only. Remote Desktop Protocol access within your home should continue to work as normal. All other services involving your home network will also remain unaffected by this change.

Ensure the RDP port is closed on your router’s firewall

Hub 3
To close the vulnerable port on the Hub 3:
  • Access your Hub's configuration page – default web address: 192.168.0.1
  • Log in with your username and password, shown on the Hub itself
  • Select Security on the left side of the page
  • Select the Port Forwarding option
  • Remove any rules that will keep port 3389 open
  • Select the Port Triggering option
  • Remove any rules that will keep port 3389 open
Super Hub

To close the vulnerable port on the Super Hub 1 or 2’s firewall:

  • Access your Hub's configuration page – default web address: 192.168.0.1
  • Log in with your username and password, default will be shown on the Hub itself
  • Select Advanced Settings and accept the prompt
  • Scroll down to the Security section
  • Select the Port Forwarding option
  • Tick the Delete box next to any rules that will keep port 3389 open
  • Click the Apply option
  • Select the Port Triggering option
  • Tick the Delete box next to any rules that will keep port 3389 open
  • Click the Apply option
Third party routers

If you use a third party router along with your Virgin Media Hub, your router's firewall will need to be configured to ensure port 3389 is not accessible outside of your local network. This is done by blocking the port or removing any Port Forwarding rules. To find out how to do this, refer to the documents that came with your device or the manufacturer's website.

Ensure all devices on your network are protected by a firewall

It’s important to check all your devices are covered by a firewall. In most cases your firewall is configured as a part of your router – this is the case with the Hub 3 and Super Hub. If you’ve disabled the firewall in your router, it’s crucial that you configure your devices to sit behind a firewall that’s blocking port 3389. If this doesn’t apply to you, you can move onto the next step.

Modem Mode – If you’re using your Super Hub or Hub 3 in Modem Only mode, it’s essential that you’re using a firewall on any device or router that’s plugged directly into the Hub. That’s because when in Modem Only mode, your Hub doesn’t operate with a firewall. If this doesn’t apply to you, you can move onto the next step.

Demilitarized Zones (DMZ) – Most firewalls, including the one provided with the Super Hub and Hub 3 include a Demilitarized Zone option. This feature allows devices using a specific local IP address on your home network (e.g. 192.168.0.2) to bypass your firewall settings. Sometimes this is necessary if you’re using a device that has its own firewall configured.

If you have a device configured in your firewall's Demilitarized Zone that doesn’t use its own firewall, it’s crucial you disable this option straight away. Computers operating without a firewall are extremely vulnerable to attack as all ports are exposed to the wider internet.

To check if a device is configured in the Demilitarized Zone on your Hub 3:

    Access your Hub's configuration page – default web address: 192.168.0.1

    Log in with your username and password, shown on the Hub itself

    Select Security on the left side of the page

    Select the DMZ option

    To remove a device from the DMZ, tick the Disable box

To check if a device is configured in the Demilitarized Zone on your Super Hub 1 or 2:

    Access your Hub's configuration page – default web address: 192.168.0.1

    Log in with your username and password, shown on the Hub itself

    Select Advanced Settings

    Select DMZ

    To remove a device from the DMZ, uncheck the tick box at the top of the page

Where can I find further information and advice?

If you’d like further advice then our forum community will be happy to help. Just visit virginmedia.com/community and join the conversation on our Security Matters board.

You can find general security advice and articles on other vulnerabilities by checking Security Hub at virginmedia.com/securityhub


*Note: This article is intended to provide advice. Virgin Media is not responsible for any issues encountered in the course of resolving the issue and is not able to provide any technical support for such problems.

**Links to external sites are provided as a courtesy and virgin media is not responsible for the content of these sites or any issues encountered as a result of  applying information from these sites. Virgin media are not able to provide any technical support for such problems.


Need more help


    Ask our community

  • Helpful, friendly forums
  • Packed with tips and advice
  • Staffed by Virgin Media

   


    Contact us

  • Get in touch with our friendly team
  • Waiting times may vary
  • Free from Virgin Media phones or mobile