Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

received this email from my ISP yesterday, Rogers


  • Please log in to reply
12 replies to this topic

#1 baymerlou

baymerlou

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 November 2017 - 12:09 PM

Should I be concerned?   What steps need I take?  

 

I only have my laptop which is disconnected from Internet whenever I'm away from it and overnight.  The other devices connected wirelessly are our phones (2 Androids) and sometimes my tablet (Android). 

copy and pasted

Dear Valued Customer

Important security message about your Rogers Internet service

Hi! We've found an issue with your Rogers internet connection, or your wireless home network, which requires your attention. Below are details - in both technical and simple terms – which is intended to aid you.

In technical terms: A device connected to your Rogers Internet connection is showing signs of an exploitable vulnerability (SSDP).

The SSDP vulnerability is a publicly accessible device that has SSDP running and responding to queries.

This SSDP vulnerability can be exploited by a third party to be used to attack other devices anonymously, in what is called a distributed denial of service attack.

A denial-of-service attack seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet.

Possible options for removing this vulnerability is disable Universal Plug and Play (UPnP) functionality or deploy firewall rules to allowed only trusted hosts on inbound port 1900/udp. The devices that require securing are usually home routers and firewalls.

In simple terms: This means a security vulnerability could be potentially exploited by a third party to be used for malicious and/ or illegal purposes.

This impacts you in the following ways:
•    Use your machine to participate in a distributed denial of service attack.
•    Your access to the internet could be degraded and disrupted.

Not to worry, here's what you can do:
The subscriber devices connected to networks are not accessible to our diagnostics tools, meaning our agents will not be able to resolve this issue. Below are some best practices to avoid future incidents:
1.    Use and maintain anti-virus software. Anti-virus software recognizes and protect your devices against known viruses. It is important to keep your anti-virus software up to date.
2.    Change your passwords. Your original password may have been compromised.
3.    Keep your operating system and application software up to date. Install software patches to prevent attackers from exploiting known vulnerabilities.
4.    Use anti-malware tools. Use a program that detects and removes malware.
5.    Don’t download attachments or click links from email addresses you don’t recognize. This is one of the most common vectors for all forms of malware.
6.    Use a firewall.
7.    Don’t visit website that are known distributors of malware.
8.    Remove or disable services or protocols that are not needed.
9.    Keep browsers and their plug-ins up to date.

Under the Rogers Terms of Service and Acceptable Use Policy, you are responsible for the security of any device you connect to the service. You are also responsible for any misuse of the service, by you or by any other person with access to the service through your equipment or account. As a result, you must take steps to correct this issue and ensure others do not gain unauthorized access to your service through any means. If you fail to correct this issue, your service may be suspended and/or terminated in accordance with our Rogers Terms of Service and Acceptable Use Policy.
Please review the Acceptable Use Policy specific to this issue: http://www.rogers.com/cms/pdf/en/Rogers-Terms-of-Service-Acceptable-Use-Policy-and-Privacy-Policy-en.pdf

Suggested steps to assist you in resolving your security issue:
Step 1:
Disable Universal Plug and Play (UPnP) functionality or deploy firewall rules to allowed only trusted hosts on inbound port 1900/udp. The devices that require securing are usually home routers and firewalls.

Step 2:
Stay Aware, Stay Informed, Stay Protected.
Keep your browsers, and operating system up to date. Software patches and updates will defend your systems and personal information from many of the most prevalent internet vulnerabilities.

https://www.rogers.com/customer/support/article/rogers-terms-of-service-ssdp-vulnerability

Step 3:
Contact Rogers Technical Support.
Rogers technical support representatives do not have access or visibility to your devices and systems. However if your internet service is impacted, or you need more details on this matter, you can contact a Rogers technical support representative at 1-888-288-4663. If you are a business customer, please contact Business Technical Support at 1-866-727-2141.

Rest assured that your satisfaction and peace of mind are very important to us. We are here to help advised you on steps you must take to resolve this issue in a timely manner.

Sincerely,
Rogers Communications
Please do not reply to this email, as this email inbox is not monitored.

^Trademarks of Rogers Communications, Rogers Communications, 855 York Mills Road, Don Mills ON, M3B 1Z1. © 2016

Please Be Advised: Rogers will never ask you for your password or other confidential personal information via email or phone.
If you would like to verify that this email is from Rogers you can contact us at the information listed on your monthly bill

Any emails/phone calls you receive purporting to be from Rogers that you believe to be fake, can be reported to abuse@rogers.com

09268282

The IP reported below is the IP responding to scans. It is possible a different IP may be listening and responding from the IP below.
IP  .
data: TIMESTAMP: 2017-08-17 07:38:33
IP:
PROTOCOL: udp
PORT: 36477
HOSTNAME:
TAG: ssdp
HEADER: HTTP/1.1 200 OK
ASN: 812
GEO: CA
REGION: ONTARIO
CITY: TORONTO
SYSTIME: Thu, 17 Aug 2017 07:38:35 GMT
CACHE_CONTROL: max-age=100
LOCATION: http://192.168.0.1:49152/description.xml
SERVER: Linux/2.6.18_pro500, UPnP/1.0, Portable SDK for UPnP devices/1.3.1
SEARCH_TARGET: upnp:rootdevice
UNIQUE_SERVICE_NAME: uuid:28802880-2880-1880-a880-68b6fc3c28a8::upnp:rootdevice
NAICS: 518210
SIC: 737415
SECTOR: Communications

 

 

Thanks for any assistance


Edited by baymerlou, 11 November 2017 - 09:11 AM.


BC AdBot (Login to Remove)

 


m

#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 5,333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:28 AM

Posted 10 November 2017 - 12:25 PM

If this e-mail is legitimate, and it would seem to be (and even if it isn't you should still disable UPnP), it appears that UPnP is enabled on your modem-router, which it typically isn't by default (or hasn't been for several years on newer modem-routers).

 

If you know how to log in to your modem-router as admin and disable the UPnP service then do so.  If you don't, call your service provider's technical support, tell them about having received this e-mail message, and ask them to walk you through the steps necessary to disable it.


Brian  AKA  Bri the Tech Guy (website address in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Plus ça change, plus c'est la même chose
              

 


#3 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 November 2017 - 01:34 PM

Thanks Brian, I'll go into the router (which is the one provided by Rogers) and see if UPnP service is enabled. 

 

OK, was just in the router and UPnP service is not enabled however Residential Gateway function is enabled. 


Edited by baymerlou, 10 November 2017 - 01:37 PM.


#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 5,333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:28 AM

Posted 10 November 2017 - 01:46 PM

Well, it is your residential gateway, so that makes sense.

 

What are your firewall settings?

 

To tell you the truth, I would contact Rogers Technical Support anyway.  When they send this sort of thing out without giving EXPLICIT instructions about EXACTLY what the end user should be checking they do themselves, and their customers, a huge disservice.   They need to walk you through the checks they want you to do and any resets that are necessary.  That information should have been included in a notice like this to begin with.


Brian  AKA  Bri the Tech Guy (website address in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Plus ça change, plus c'est la même chose
              

 


#5 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 November 2017 - 01:53 PM

I've had this system for quite a few years and never made changes, why is this now an issue?  By the date on the letter this supposedly happened back in August.   Funny thing I did notice in June and July that my Internet data limits were higher than they've ever been almost to the point of overage, I have a monthly usage of 270 GB and usually only use under 100 GB a month of that.   After August my numbers dropped back down to normal usage.   Would something have been going on I wasn't aware of?   I did question it then but nobody could give me answers where to look for this.  I blamed in on another person who was living with us and moved out end of July.  But, she didn't have the computer savvy to do anything malicious and denied uploading or downloading excessively. 

 

I'll call Rogers tonight after work. 

 

thanks for your help Brian. 


Edited by baymerlou, 10 November 2017 - 01:54 PM.


#6 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 5,333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:28 AM

Posted 10 November 2017 - 02:12 PM

Many things that "were not an issue" have the potential to become ones as time progresses.

 

At one time the WiFi Protected Setup (WPS) feature on modem-routers and WEP security protocol were not problems, but they now are.

 

My guess is that Rogers started probing the modem-routers connected to their network infrastructure (which seems a perfectly reasonable thing to do) to see if they could identify any vulnerabilities that they would rather not be there because there's exposure to the network as a whole rather than just you.

 

If you want to see a good test of an array of possibilities on your modem-router and computer, go to https://www.grc.com/intro.htm, and run the Shields Up! utility there.  You'd be surprised what it may find that you had no idea about at all.


Brian  AKA  Bri the Tech Guy (website address in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Plus ça change, plus c'est la même chose
              

 


#7 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 November 2017 - 06:15 PM

they really screwed up....here's the email I just got now

 

Correction Notice: Rogers High Speed Internet email

 

We sent you an email on November 9th about your Rogers Internet connection to notify you of a potential vulnerability with a device connected to your Rogers internet account. This email was a repeat of one that you received in the past few months and was sent in error. If you have previously addressed this concern, no further action is required.

Keeping your information secure and ensuring you enjoy a safe online experience is a top priority for Rogers.

Please accept our sincere apologies for any inconvenience or confusion this may have caused.

 

 

This is the second email from them this week, they informed me that I had purchased a wifi device to use in my car, which I did not and never heard of.  Apparently, they mass emailed this to all stale email addresses they had on file, this was in error and they send out a correction.    Someone is messing up totally at Rogers.   So I don't have any worries now with this issue.  Thanks anyway for the help. 



#8 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 11 November 2017 - 09:17 AM

Many things that "were not an issue" have the potential to become ones as time progresses.

 

At one time the WiFi Protected Setup (WPS) feature on modem-routers and WEP security protocol were not problems, but they now are.

 

My guess is that Rogers started probing the modem-routers connected to their network infrastructure (which seems a perfectly reasonable thing to do) to see if they could identify any vulnerabilities that they would rather not be there because there's exposure to the network as a whole rather than just you.

 

If you want to see a good test of an array of possibilities on your modem-router and computer, go to https://www.grc.com/intro.htm, and run the Shields Up! utility there.  You'd be surprised what it may find that you had no idea about at all.

I ran the ShieldsUp and this is the result

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

Thanks again for your help and I'll certainly bookmark this shieldsup if I experience any other issues. 

 



#9 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 5,333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:28 AM

Posted 11 November 2017 - 09:44 AM

You're quite welcome.  ShieldsUp! is a great tool for checking the security of your modem-router's configuration.


Brian  AKA  Bri the Tech Guy (website address in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Plus ça change, plus c'est la même chose
              

 


#10 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 5,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:28 AM

Posted 11 November 2017 - 07:14 PM

After all the above, baymerlou was quite right to be concerned at an email that addressed him as 'Dear valued customer'. This type of addressing is normally a No. 1*  indicator of spam. I get regular emails apparently from my email system advising me that 'there is a problem with my email account and please click here to correct it'. As we say in these parts 'Aye, shining bright !'.

 

Having said that, I don't think I have ever had an email from my ISP since we set up our current account. But any email that starts 'Dear valued customer' is suspicious until proven otherwise.

 

Chris Cosgrove



#11 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 12 November 2017 - 11:32 AM

Hi Chris you are right I was suspicious, I don't trust any email unless I specifically know who and what it came from.  I never ever click links inside and will browse to the suggested link myself through my browser.  

 

During the summer I got an email from my ISP about a potential piracy, accusing my IP of downloading pirated content, (which I did not), however, I found out who did access that particular file thru a utorrent (that person is no longer allowed on my network) but they said they didn't download it but just looked at it in the torrent site.  Is this possible?  



#12 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 5,333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:28 AM

Posted 12 November 2017 - 12:02 PM

I agree that one should be very circumspect regarding e-mail messages in general.  This one, however, after reading it did not suggest that the user do anything that would compromise them in any way.  In fact, if anything, the actions requested should result in their being more secure were certain protocols that have known vulnerabilities enabled in their modem-router.

 

The external links to Rogers all go where they say they go, and the one for the modem-router is local to it.  That's why it didn't raise any red flags for me.  Most bogus e-mail messages have links spoofed and generally ask you to click through on something.

 

I can't answer anything with regard to torrents as I do not use them and never have.


Brian  AKA  Bri the Tech Guy (website address in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Plus ça change, plus c'est la même chose
              

 


#13 Joe C

Joe C

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 13 November 2017 - 08:23 AM

Seems to me that if his ISP (Rogers) owned the modem/router then they should have access to it to fix any security issues, If they could not ( I wouldn't know why because when I had AT&T and Comcast they can access their equipment)  then it is their responsibility to fix it and not the OP's






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users