Blocked internet ports on the Virgin Media network
In order to protect our customers and our network, a number of ports on the Virgin Media network are blocked.
Ports on the Internet are like virtual doors that data can pass through. All internet traffic passes through ports to get to and from systems and services across the Internet.
When a certain port is known to be subject to security vulnerabilities, we sometimes block that port on our network.
These ports are blocked at network-level. Traffic over these ports within your home network will continue to operate as normal, but will be inaccessible to devices outside your network.
TCP & UDP ports 135, 137, 138, 139 – Used by the NetBIOS service
NetBIOS services allow file sharing over a local network. When exposed to the Internet, it can be exploited to carry out malicious activities such as Distributed Denial of Service (DDoS) attacks or to gain unauthorised access to systems on a local network.
TCP & UDP port 445 – Used by the SMB protocol
Port 445 is vulnerable to a number of attacks which target vulnerabilities in systems running file-sharing services. This port is used by various malware strains to gain entry to a network, namely the WannaCry and Nimda malware variants.
Frequently asked questions
Can the blocking of these ports cause issues to my broadband service? Can the blocking of these ports cause issues to my broadband service?
In most cases no, you will only encounter a problem if you need to access a service that you run on your home network via one of the ports that are blocked on our network.
If this doesn’t sound familiar then you’re very unlikely to be affected, as it is generally only specific to advanced home networks that have been manually configured.
Can I run an application or service that uses a blocked port? Can I run an application or service that uses a blocked port?
The ports blocked on our network are used by services that are generally not designed for use on the Internet. They can be used on a local network but should not be exposed to the wider Internet.
What should I do if I can’t run a publicly accessible Samba share because port 445 is blocked? What should I do if I can’t run a publicly accessible Samba share because port 445 is blocked?
Using Samba as a file-sharing service for accessing or transferring files to and from devices outside of your local network is unsecure, as there is a risk of your data being intercepted by third parties.
Alongside this, there are a number of known vulnerabilities with services that use port 445 - these can be exploited by third parties to gain unauthorised access to a device.
We recommend using an alternate file-transfer protocol such as the widely used SFTP (SSH File Transfer Protocol).
What should I do if I run a server that I’ve configured to run on a blocked port What should I do if I run a server that I’ve configured to run on a blocked port
If you’ve configured a server on your network to run on a port number you’ve chosen yourself, and the port is listed in the Blocked Ports list above, then you will need to reconfigure your system to run on a port that isn’t on the block list shown above.
We also recommend you choose a port number that is not used by a widely used service, as this may cause issues with your server’s connectivity.
A list of ports and the services they’re used by is available at Wikipedia’s List of TCP and UDP port numbers page.
* Links to external sites are provided as a courtesy and we are not responsible for the content of these sites or any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.