Is there a recommended alternative product to the Virgin SuperHub?
(Having come from a BT-based DSL connection, I’ve always avoided the boxes that ISPs send and have used Draytek or Apple)
1 Like
I used to get 200+ directly through Superhub, then when it started disconnecting all the time, I bought a TP-Link modem and put the Superhub 2 into modem mode. Now I barely get 20. I know the modem supports higher speeds, so I’m wondering if something’s configured incorrectly. This isn’t my specialist subject, so if you have any tips on where I might look in the settings to try and fix it, it’d be much appreciated.
Have you had virgin look at the connection to make sure things like your SNR hasn’t crept up? Could be out of spec and need an engineer to solve.
1 Like
I haven’t… I’ve not had the time. I’ve only been home for 2 weeks out of the last 9, and I was knocked out with combined flu and jetlag for one of those weeks! Finally got better and now I’m away again! C’est la vie.
I’ll have a word with them when I get back next. With any luck it’s a simple fix.
1 Like
Just called them and they said that I am a threat to their network coz I have DMZ open even though it’s a feature that is in their software on their router, they then said to go modem only and use my own router. I lol’d and said you offer the feature I am using it they blamed the supplier etc I said oh well not closing it they threatened to cut me off 
To be fair you are in the wrong here - DMZ is there to allow a secure machine to be excluded from the firewall - in your case they’ve noticed that one of your devices is exposing a LAN-only service to the outside world and can be abused.
2 Likes
Indeed. You can put anything you want on the DMZ indeed and if VM so choose they can ask you not to (very reasonably as they’ve done here) and if you refuse they can cut you off if they want
2 Likes
But I have always had the same device through DMZ on VM a few years back in multiple locations and also on Sky and again VM now and never had this issue before though so why now…
Because they’ve found it.
2 Likes
Seems I’m not the only one
Wow… VM to threaten to cut people off because their own router is bad? Words fail…
It’s only an mdns response too… information leak but it isn’t going to cause major issues unless there’s another vulnerability somewhere.
They called me back after a few mins and basically said that massive amounts of data came from my network etc, could not even give me a time.
Anyway I have turned off UPnP see what that does.
upnp would be port 1900, which is unrelated.
mdns shouldn’t respond outside the LAN - that’s a router bug. But even if it does it’s a few bytes and not ‘massive amounts of data’*. If that’s happening they need to tell you where it’s coming from.
- Subject to amplification attacks, and I’m reasonably sure mdns isn’t vulnerable to those.
Yeah just saw it somewhere so gave it a shot and also port 5353 but I’m not even using that port
I think your best bet short of VM fixing their router is to port forward port 5353 to an IP you’re not using… that appears to work according to the linked thread.
Yeah just done that, had 6 letters so far lol
I disagree about the “few bytes” thing - it can still be exploited for reflected denial of service attacks. DNS replies are usually small and insignificant enough but yet can prove deadly when an attacker gets enough DNS servers to send those “few bytes” towards a single target.
mdns servers aren’t recursive though… amplfication attacks generally rely on a server responding to something like ‘.’ and returning the entire list of root nameservers (bonus points if it’s dnssec enabled). You can’t get that level of amplification from a nonrecursive server.
I’ve been trying to work out what the VM router is actually doing to expose this information and the only thing I can think of is it’s running its own mdns responder that’s replying to unicast queries from the WAN… that’s about as broken as you can get.
In case of mDNS and given the contexts where it’s used (shitty low quality routers and equally shitty software) I would be less worried about reflective DoS and more about the software itself having a remote code execution bug that leads to the total compromise of your router.