• Help
  • Security
  • Recieving a Virtual Network Computing Server notification

Virtual Network Computing Server notification


You may have received an email from us recently explaining that we’ve been notified of a device on your network that’s been configured as a Virtual Network Computing (VNC) server. This means the device can be accessed from outside your home network.

This notification is simply to make sure you’re aware of this and what it means. Once you’ve finished reading, you only need to take action if you think it’s needed.*

What has happened?

Virtual Network Computing is a screen sharing system that allows computers to be accessed remotely from another device on the internet.

 

For your safety, we work with a number of not-for-profit banking and security organisations that collect information on devices across the internet that appear to be misconfigured and/or at risk.

A device on your network has shown signs of running a Virtual Network Computing server exposed to the wider internet. By default, it doesn’t make use of encryption, meaning information being passed to and from your device could be accessed by a third party.

For more information on these reports please visit vncscan.shadowserver.org **

What can I do about it?

Choose the option below that best fits your situation:

If you’ve purposely configured a Virtual Network Computing server on a device in your home, we suggest looking at alternative solutions that are encrypted to prevent information from being accessed.

This is because, while Virtual Network Computing does encrypt login credentials when accessing your server (such as your password), all information after logging in is passed across in plain-text. This means a malicious third party could access this data.

If you’re aware of the risks involved in using Virtual Networking Computing over the internet, or you’ve taken steps to ensure the traffic is encrypted, then you may decide no further action is required.

It’s possible that Virtual Network Computing has been enabled on a device using your internet connection by default, or the setting has been switched on accidentally.  

If you don’t need any of your devices to be accessible outside of your local network, then we recommend closing the ports that Virtual Network Computing uses in your Super Hub or router’s configuration. There are instructions below to guide you through this.

It’s worth noting that blocking this port will stop traffic leaving or entering your home network over this port only. Virtual Network Computing access within your home should continue to work as normal. All other services involving your home network will also remain unaffected by this change.

Ensure the VNC port is closed on your router’s firewall

Hub 3

To close the vulnerable port on the Hub 3:

  • Access your Hub's configuration page – default web address: 192.168.0.1
  • Log in with your username and password, shown on the Hub itself
  • Select Security on the left side of the page
  • Select the Port Forwarding option
  • Remove any rules that will keep ports 5900 or 5800 open
  • Select the Port Triggering option
  • Remove any rules that will keep ports 5900 or 5800 open

Super Hub

To close the vulnerable port on the Super Hub 1 or 2’s firewall:

  • Access your Hub's configuration page – default web address: 192.168.0.1
  • Log in with your username and password, shown on the Hub itself
  • Select Advanced Settings and accept the prompt
  • Scroll down to the Security section
  • Select the Port Forwarding option
  • Tick the Delete box next to any rules that will keep ports 5900 or 5800 open
  • Click the Apply option
  • Select the Port Triggering option
  • Tick the Delete box next to any rules that will keep ports 5900 or 5800 open
  • Click the Apply option

Third party routers

If you use a third party router along with your Virgin Media Super Hub or Hub 3, your router's firewall will need to be configured to ensure ports 5900 and 5800 are not accessible outside of your local network. You can do this by blocking the port or removing any Port Forwarding rules for that port. To find out how to do this, refer to the documents that came with your device or the manufacturer's website.

Ensure all devices on your network are protected by a firewall

It’s important to check all your devices are covered by a firewall. In most cases your firewall is configured as a part of your router – this is the case with the Hub 3 and Super Hub. If you’ve disabled the firewall in your router, it’s crucial that you configure your devices to sit behind a firewall that is blocking ports 5900 and 5800. If this doesn’t apply to you, you can move onto the next step.

Modem Mode – If you’re using your Super Hub or Hub 3 in Modem Only mode, it’s essential that you’re using a firewall on any device or router that’s plugged directly into the Hub. That’s because when in Modem Only mode, your Hub doesn’t operate with a firewall. If this doesn’t apply to you, you can move onto the next step.

Demilitarized Zones (DMZ) – Most firewalls, including the one provided with the Super Hub and Hub 3 include a Demilitarized Zone option. This feature allows devices using a specific local IP address on your home network (e.g. 192.168.0.2) to bypass your firewall settings. Sometimes this is necessary if you’re using a device that has its own firewall configured.

If you have a device configured in your firewall's Demilitarized Zone that doesn’t use its own firewall, it’s crucial that you disable this option immediately. Computers operating without a firewall are extremely vulnerable to attack as all ports are essentially exposed to the wider internet.

To check if a device is configured in the Demilitarized Zone on your Hub 3:

    Access your Hub's configuration page – default web address: 192.168.0.1

    Log in with your username and password, shown on the Hub itself

    Select Security on the left side of the page

    Select the DMZ option

    To remove a device from the DMZ, tick the Disable box

To check if a device is configured in the Demilitarized Zone on your Virgin Media Super Hub 1 or 2:

    Access your Hub's configuration page – default web address: 192.168.0.1

    Log in with your username and password, shown on the Hub itself

    Select Advanced Settings

    Select DMZ

    To remove a device from the DMZ, uncheck the tick box at the top of the page

 

Where can I find further information and advice?

If you’d like further advice then our forum community will be happy to help. Just visit virginmedia.com/community and join the conversation on our Security Matters board.

You can find general security advice and articles on other vulnerabilities by checking Security Hub at virginmedia.com/securityhub

*Note: This article is intended to provide advice. Virgin Media is not responsible for any issues encountered in the course of resolving the issue and is not able to provide any technical support for such problems.

**Links to external sites are provided as a courtesy and virgin media is not responsible for the content of these sites or any issues encountered as a result of  applying information from these sites. Virgin media are not able to provide any technical support for such problems.


Need more help


    Ask our community

  • Helpful, friendly forums
  • Packed with tips and advice
  • Staffed by Virgin Media

   


    Contact us

  • Get in touch with our friendly team
  • Waiting times may vary
  • Free from Virgin Media phones or mobile