Network Vulnerability Alerts

Multicast DNS is commonly used to share music and video streaming services between devices on your home network. When exposed to the wider internet, it can be misused by third parties.

Block Multicast DNS traffic

The easiest way to deal with a Multicast DNS vulnerability is to configure your firewall to block port 5353.

Unfortunately, NTP servers have a design flaw that can allow attackers to perform Distributed Denial of Service (DDoS) attacks against target machines. A remote attacker can leverage this flaw by sending a specially crafted request to an affected NTP server.

You can run the following command to check your server for the NTP Mode 6 & open NTP monlist vulnerabilities:

ntpq -c rv [IP]

If you see a response, your server may be used in attacks.

How to solve an NTP Mode 6 vulnerability

The easiest way to deal with the NTP vulnerability is to configure your firewall to block port 123. You should also upgrade your software to NTP-4.2.7p26 or later.

NetBIOS is used to share files and folders across a local network. Applications can also use NetBIOS to map a network, allowing messages to be sent to destination computers. Ports commonly used by NetBIOS can be exploited for abuse when exposed to the wider Internet.

Block NetBIOS traffic:

To deal with the NTP vulnerability, configure your firewall to block port 135, 137 & 139.

NTP servers have a design flaw that can allow attackers to perform Distributed Denial of Service (DDoS) attacks against target machines. A remote attacker can take advantage of this flaw by sending a specially crafted request to an affected NTP server.

Block NTP traffic

The easiest way to deal with the NTP vulnerability is to configure your firewall to block port 123.

A Domain Name System (DNS) is used by computers to convert domain names to an IP address. An open recursive DNS Resolver is a DNS server that has been opened to answer DNS queries from any computer system on the Internet. If configured incorrectly, these servers can be exploited to unwittingly participate in malicious activities.

Block DNS queries

The easiest way to deal with an Open DNS resolver is to set your firewall to block port 53 and prevent DNS queries from outside your home network.

If you must have a DNS resolver that answers to queries from the Internet, make sure your server is set to only accept traffic from IP addresses that need to use the server.

Quote of the Day (QOTD) is a computer service that does what it says on the tin – it provides a quote of the day to other devices. How this works is a device is configured to act as the QOTD server, responding to requests from other devices with the quotation. If a QOTD server is exposed to the internet, it might be flagged as a vulnerability alert since it can be used to participate in online abuse.

Block external QOTD traffic

The easiest way to deal with a Quote of the Day vulnerability is to set your firewall to block port 17.

Memcached is a distributed memory object caching system, often used with web servers to alleviate database load. If configured incorrectly, it can be accessed by unauthorised third parties who may be able to access the data stored on the server and commit other abuse.

Block external Memcached traffic

An open Memcached vulnerability can be resolved by setting your firewall to block the port the server is configured to use – this is usually UDP/TCP port 11211.

Portmapper (also known as RPC Bind or RPC Portmap) is a service used by computer systems to assist with networking tasks. Unfortunately, Portmapper currently has a bug that can allow remote third-party attackers to gain unauthorised access and perform Distributed Denial of Service (DDoS) attacks against target machines. A remote attacker can take advantage of this bug by sending a specially crafted request to an affected Portmapper server.

Block external Portmapper traffic

The easiest way to fix an open Portmapper vulnerability is to set your firewall to block UDP port 111.

Chargen (Character Generator Protocol) is intended for testing purposes. A system set up to act as a Chargen server responds to queries over port 19 by sending arbitrary characters to the connecting host and continues until the host closes the connection.

If the Chargen service is left enabled, it can be used to participate in online abuse.

Block external Chargen traffic

The easiest way to fix an open Chargen vulnerability is to set your firewall to block UDP port 19.

TFTP is a service that allows for other devices on a network to remotely access files and folders on a device running the service without entering in login credentials. This service is designed only to be used on a small local network, such as your home, but when exposed to the wider Internet it can be misused by third parties to commit abuse.

Block TFTP traffic

You can resolve a TFTP vulnerability by configuring your firewall to block UDP port 69.

The Simple Service Discovery Protocol (SSDP) is often used for discovery of Plug & Play (UPnP) devices on a local network. This is commonly used by streaming services and games consoles to cast content between devices.

If you have an SSDP vulnerability, that means a third-party could use this protocol to gain unauthorized access to your network/devices for malicious purposes, such as Distributed Denial of Service (DDoS) attacks.

Block SSDP traffic

The easiest way to resolve a SSDP vulnerability is to configure your firewall to block port 1900.

An SNMP (Simple Network Management Protocol) are generally used to access or manage a device remotely on a computer network. If configured incorrectly, third parties may be able to use this protocol to gain unauthorised access to your network or devices for malicious purposes.

Block SNMP traffic

The easiest way to deal with SNMP threats and vulnerabilities is to set your firewall to block UDP ports 161 and 162.

Microsoft SQL is a database management system, and devices can use its Service Resolution Service to request details on the MS-SQL server running on a network. When exposed to the wider Internet, the Server Resolution Service can be used by a third party to commit abuse.

Block MS-SQL traffic

The easiest way to deal with an open MS-SQL vulnerability is to configure your firewall to block UDP port 1434

If you’ve received a Virtual Network Computing Server Notification, it means one of your devices might be running a Virtual Network Computing server that’s exposed to the wider internet. Because it’s not making use of encryption, that means any information being passed to and from your device could be accessed by a third party.

To resolve this issue, you can do one of the following:

• Encrypt your Virtual Network Computing server
• Block ports 5900 or 5800 using your firewall

Remote Desktop Protocol is a screen sharing system that allows computers to be accessed remotely from another device on the internet.

If you’ve received one of these notifications, a device on your network might be running a Remote Desktop Protocol server that’s exposed to the wider internet. Older versions of the protocol don’t use encryption, so any information being passed to and from your device could be accessed by a third party.

To fix this issue, you can do one of the following:

• Update your Remote Desktop Protocol server
• Block port 3389 using your firewall

Most security vulnerabilities can be solved by simply blocking certain ports. To block traffic to specific port, do the following.

Make sure all devices are protected by a firewall

There are a few ways you can protect yourself from network vulnerabilities using the Hub’s firewall. You can check these out below:

Ensure Hub’s firewall is on: It is important to make sure all your devices are protected by a firewall. Usually, your router will have an in-built firewall – this is the case with the Virgin Media Super Hub and Hub 3. If you have specifically disabled the router’s Firewall, you’ll need activate and configure it so it blocks the vulnerable port.

Modem Mode: If your Hub is set to Modem Only mode, it’ll operate without a firewall, making your network much easier to access. When using this mode, you should make sure any device or router that’s connected to the Hub is protected by an active firewall of its own.

DMZ: The DMZ option feature allows a device using a specific local IP address on your home network bypass your Firewall settings. This might be necessary if you are using a device that has its own firewall configured. If you have a device configured in your firewall's DMZ that does not use its own firewall, you’ll need to disable this option immediately. Computers operating without a firewall are extremely vulnerable to attack as all ports are exposed to the wider internet.

To check if a device is configured in the DMZ on your Virgin Media Super Hub 1 or 2:

1. Access your Hub's configuration page by entering 192.168.0.1 into your browser’s address bar
2. Login with your username and password – you can find the default login details on the Hub itself
3. Select Advanced Settings
4. Select DMZ
5. To remove a device from the DMZ, uncheck the tick box at the top of the page
   
   To check if a device is configured in the DMZ on your Virgin Media Hub 3:
   
6. Access your Hub's configuration page by entering 192.168.0.1 into your browser’s address bar
7. Login with your username and password – you can find the default login details on the Hub itself
8. Select Security on the left side of the page
9. Select DMZ
10. To remove a device from the DMZ, tick the Disable box
    #### How to block traffic to ports

Usually, to resolve a network vulnerability you’ll need to block a specific port. You can find out which port you need to block by finding your network vulnerability type from the options above.

Blocking a vulnerable port will only stop traffic leaving or entering your home network through this port. Services that only use your internal home network should continue to work as normal.

When you know the affected port, you can block traffic to it by doing the following:

On the Hub 3

To close the vulnerable port on the Virgin Media Hub 3:

1. Access your Hub's configuration page by entering 192.168.0.1 into your browser’s address bar
2. Login with your username and password – you can find the default login details on the Hub itself
3. Select Security on the left side of the page
4. Select Port Forwarding
5. Remove any rules that keep the vulnerable port open
6. Select Port Triggering
7. Remove any rules that keep the vulnerable port open
   
   On the Virgin Media Super Hub
   
   To close the vulnerable port on the Super Hub 1 or 2’s firewall:
   
8. Access your Hub's configuration page by entering 192.168.0.1 into your browser’s address bar
9. Login with your username and password – you can find the default login details on the Hub itself
10. Select Advanced Settings and accept the prompt
11. Scroll down to the Security section
12. Select Port Forwarding
13. Tick the Delete box next to any rules that keep the vulnerable port open
14. Click Apply
15. Select Port Triggering
16. Tick the Delete box next to any rules that keep the vulnerable port open
17. Click Apply
    
    

Third party routers

If you use a third-party router with the Virgin Media Super Hub or Hub 3, you’ll need to set your router's firewall so the vulnerable port can’t be accessed from outside of your local network. You can do this by blocking the port. If you need help blocking the port, check out the device’s manual or visit the manufacturer's support site.

The easiest way to check your device for viruses is using a virus scanner or online security package. You’ll simply need to run a full scan and the software will do the rest.

If you don’t have one already, why not sign up to Virgin Media Internet Security? You’ll pay nothing for 3 months then just £3 a month after that.

To get Virgin Media Internet Security, simply do the following:

1. Sign in to My Virgin Media
2. Select Virgin Media Internet Security from My apps
3. Follow the instructions on the screen
   What is anti-virus software?
   #### Remove unwanted applications Check what applications are installed on your devices. If there are any programs that have been installed without your knowledge, uninstall them. Look out for any ‘Remote Access’ or ‘Proxy’ applications. #### Get your computer professionally repaired If you’re still unable to clear the malware, we recommend you take your device to be professionally repaired. They may need to perform a deeper clean, such as restoring your device to factory defaults.

If you’ve configured a Virtual Network Computing server on your device, we recommend you look for alternative solutions that have encryption, so your information is better protected. Or, you can take steps to ensure any traffic is sent over the Virtual Network Computing is encrypted.

While Virtual Network Computing does encrypt login credentials, all information after logging in is passed across in plain text. This means a malicious third party could access this data quite easily.

If you’ve configured a Remote Desktop Protocol server on a device in your home yourself, we suggest you update it to the latest version. This should include support for encryption. If you’re using the RDP server that comes with the Windows operating system, update to the latest version of Windows.

There’s lots you can do to protect your devices and network from vulnerabilities. Learn how to protect your computer. Or, get the latest on online security by visiting our blog.