Jump to content
Exe_uz

Virgin Media Security Alert – Multicast DNS Vulnerability

Recommended Posts

Posted (edited)

Hi guys, does anyone know how to block port 5353 on the R2 as VM keep sending me letters stating i have a "Multicast DNS Vulnerability".

FYI the R2 is in the DMZ on the SH3 and it's in router mode with the default firewall settings. There are no port forwarding or port triggers rules.

URL from VM regarding resolution of said issue http://virginmedia.com/mdns

All my devices are connected to the R2 and not SH3

Edited by Exe_uz
Additional info

Share this post


Link to post
Share on other sites

You can’t write firewall rules on the R2, for that you would need to step up to a more complex router that includes that which tend to be more aimed at businesses or the more complex home routers. 

However the R2 has a firewall even though it’s in the DMZ on your Virgin router, unfortunately I don’t know much about the firewall on the R2 so Fraser or Liam will be able to help more. The important thing is don’t have any devices under the R2 DMZ as that leaves them open to abuse. 
 

At a guess it’s due to DMZ and do you by any chance have a console or PC set in the R2 DMZ?

 

Share this post


Link to post
Share on other sites

Thank you @Newfie for your response, but the DMZ is only used on SH3 with R2 IP in, the DMZ on the R2 isn't used 😞 

Share this post


Link to post
Share on other sites

Have you done any manual port forwarding on the R2? As mentioned I have VM and the R2 plugged directly in to it and I've not had this before. You may not have even port forwarded but it may be UPnP has opened the port to the affected device. Do you see the port listed in UPnP?

Share this post


Link to post
Share on other sites

Hi Frazer, thanks for your response. I have no manual port forwarding rules and the only ports in UPnP are UDP - 9308 & 3074 for the PS5. Would watching Cinema HD app on Amazon FireTV be an issue?

Share this post


Link to post
Share on other sites

https://community.virginmedia.com/t5/Networking-and-WiFi/Network-Attack-email-amp-Multicast-DNS-letter/td-p/4355276

just linked above as this poster has an R2 too.

is your fire stick unlocked and have you Kodi installed?

https://community.virginmedia.com/t5/Security-matters/mDNS-and-SSDP-vulnerabilities-a-suggestion-for-devices-in-the/td-p/3308201/highlight/true/page/3

ive linked the above, lots of talk over the PS4 being in DMZ but there is a solution they use close the port which is on this thread. In basic terms they setup a portwarding rule to an address that’s not used internally on the Virgin router then they put the PS4 in DMZ.

 

Share this post


Link to post
Share on other sites

Hey @Newfie the linked Virgin forum post is mine.

FYI The issue never got sorted and i kept getting letters, In the end i phoned Virgin and told them to stop sending them as i'd done everything i could to stop the supposed Multicast DNS and scanned all the devices on my Network for virus's/spyware with everything being clean and from what i could tell, set up correctly.

Hopefully @Exe_uz you manage to get it sorted 👍

 

Share this post


Link to post
Share on other sites

Hi @appleround thanks for the info. Did you try using the port forwarding rule as per suggested by @Newfie to alleviate the problem?? Also, how do you find Virgin Media regarding line quality as mine has lots of spikes and no matter what i do can't get anywhere near a smooth flat(ish) line?

Share this post


Link to post
Share on other sites
8 hours ago, appleround said:

Hey @Newfie the linked Virgin forum post is mine.

FYI The issue never got sorted and i kept getting letters, In the end i phoned Virgin and told them to stop sending them as i'd done everything i could to stop the supposed Multicast DNS and scanned all the devices on my Network for virus's/spyware with everything being clean and from what i could tell, set up correctly.

Hopefully @Exe_uz you manage to get it sorted 👍

 

Thanks for posting.

I came across it after doing a search and hoped it would help. Am I right in thinking it’s the DMZ that’s causing the issue with a console?
I briefly read through but I’m guessing if firewall rules could be created it could block that port fairly easy if needed.
It seems Virgin use a third party that looks at your connection and detects potential issues.

 

Share this post


Link to post
Share on other sites

Hey Guys,

I presume its the DMZ that caused the issue, although I'm not 100% on that, just with the timing of the emails and letters i'd recieved after doing so.

I did add port 5353 to my PC's firewall to be blocked, whether that helped or not I'm not sure.

I haven't tried the suggested Port Forwarding on the superhub yet as its now back in Modem mode. It might be something I'll try eventually though.

@Exe_uz My Line quality is pretty spikey also, it's not so bad when I've got my sliders set to 75% down and 30% up. (200d/20u)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...