Showing results for 
Search instead for 
Did you mean:

I Plan to Stick Around

I'm receiving emails from saying, "We have received notification that your Rogers Public IP address has been identified as being vulnerable to SSDP (Simple Service Discovery Protocol) reflection attacks....................."


I'm using the CGN3ROG modem with a D-Link Dir 862L (AC1600 Dual Band Gigabyte) Router for wi-fi. 


In my router settings UPnP, WAN Ping, IPV4 and IVP6 Multicast Streams are all disabled.  D-Link says this newer router does not have SSDP vulnerabilty.  Firmware is up to date.


I have run the ShieldsUp UPnP Expore Test many times on both the PC and a laptop.  Both are good.  Both computers are also free of viruses and spyware.


So, why am I still getting abuse warnings?  Is there something else here I should be looking at?  Any help would be greatly appreciated.  I have not talked to Rogers yet.  I got the first email a few weeks ago, followed their suggestions, and all has been good until now.  Have received two more emails in the last couple days.



***edited labels***



Yep, thats the problem all right.  "You have an SSDP Vulnerability."  D'uh, ok, and you know this how?  A little more detail would go a long way.


40 ms.  I'm surprised that its that high.  I was thinking FibreOp would be in the single digit range.  Really intesting indeed.  Telus also has a server in Montreal that could be used instead of Toronto.


Just checked, from West Ottawa to Halifax Bell Aliant, I see 40 ms latency, so, guess I shouldn't be surprised at your results. 


I Plan to Stick Around
Just finished reading an interesting article that was relatively low on specifics but seemed to be suggesting that there are "millions" of networked consumer devices which have a slightly different form of the SSDP vulnerability that is being used in DDoS attacks. Think anything that has the ability to connect to a service like netflix via an ethernet connection and you get the gist of what they were suggesting.

It sounds like these consumer devices through the nature of their firmware are bypassing the routers' UPNP settings. If that's the case then ISPs had better figure out a better way to block them than having folks focus only on routers.
Topic Stats
  • 22 replies
  • 5 in conversation