Hi everyone -
I recently upgraded to the Rogers Ignite Internet, TV, Phone from the legacy TV platform. I had Gig Ethernet prior to that. The tech switched out my modem to the new XB6 (by Technicolor) router. I use it in bridge mode as I have my own Ubiquiti Unifi Router with attached wifi access points.
The other day I got an email warning from rogers (copied below). I also got an automated phone call with the warning and that I may be at risk of being disconnected....). I've spoken to Rogers Ignite tech support a few times now to try to understand what the issue is, without any results..... They are pointing at the fact that I have my own router which is causing the issue (never been an issue previously). They point to the report below (very bottom) which says that I have an open port 49209 which is causing the issue/report being generated.
I'm a novice when it comes to this level of networking, but have been looking at it since Rogers is not willing to review it with me. When I look at my external IP, (using the site https://www.yougetsignal.com/tools/open-ports/) that particular port is closed. In addition, the IP address which Rogers points to below (I've x'ed out the last three digits for this post) with this open port, is different from the external IP my system is showing, however, this same IP address mentioned in the report is listed on my Rogers modem in bridge mode....why are these two IP addresses different?
Anyway, if anyone has heard about this issue before and know how to resolve it, your thought would be greatly appreciated.
Dear Valued Customer,
Important security message about your Rogers Internet service
Hi! We have found an issue with your Rogers internet connection, or your wireless home network, which requires your attention.
In technical terms: A device connected to your Rogers Internet connection is showing signs of an exploitable SSDP vulnerability.
In simple terms: The SSDP vulnerability is a publicly accessible device that has SSDP running and responding to queries. This SSDP vulnerability can be exploited by a third party to be used to attack other devices anonymously, in what is called a distributed denial of service attack.
This impacts you in the following ways:
Suggested steps to assist you in resolving your security issue:
Disable Universal Plug and Play (UPnP) functionality or deploy firewall rules to allowed only trusted hosts on inbound port 1900/udp. The devices that require securing are usually home routers and firewalls.
Stay Aware, Stay Informed, Stay Protected.
Online threats are ever changing. Luckily, the information you need, as well as the security software available to protect yourself, is also changing and adapting.
Contact Rogers Technical Support.
Rogers technical support representatives do not have access or visibility to your devices and systems. However if your internet service is impacted, or you need more details on this matter, you can contact a Rogers technical support representative at 1-888-288-4663. If you are a business customer, please contact Business Technical Support at 1-866-727-2141.
Rest assured that your satisfaction and peace of mind are very important to us. We are here to help advised you on steps you must take to resolve this issue in a timely manner.
Under the Rogers Terms of Service and Acceptable Use Policy, you are responsible for the security of any device you connect to the service. You are also responsible for any misuse of the service, by you or by any other person with access to the service through your equipment or account. As a result, you must take steps to correct this issue and ensure others do not gain unauthorized access to your service through any means. If you fail to correct this issue, your service may be suspended and/or terminated in accordance with our Rogers Terms of Service and Acceptable Use Policy. If you have the Rogers Smart Home Monitoring service, any features requiring a broadband connection, such as remote control of your lights via the mobile app, will be affected.
Please review the Acceptable Use Policy specific to this issue: http://www.rogers.com/cms/pdf/en/Rogers-Terms-of-Service-Acceptable-Use-Policy-and-Privacy-Policy-en...
Please do not reply to this email, as this email inbox is not monitored.
^Trademarks of Rogers Communications, Rogers Communications, 855 York Mills Road, Don Mills ON, M3B 1Z1. © 2016
Please Be Advised: Rogers will never ask you for your password or other confidential personal information via email or phone.
If you would like to verify that this email is from Rogers you can contact us at the information listed on your monthly bill
Any emails/phone calls you receive purporting to be from Rogers that you believe to be fake, can be reported to firstname.lastname@example.org
IP 99.240.193.XXX .
data: SOURCE TIME: 2019-05-30 07:54:00Z
AS NAME: ROGERS-COMMUNICATIONS - Rogers Communications Canada Inc., CA
TYPE: vulnerable service
VULNERABILITY: open ssdp
DESCRIPTION: This host is most likely running a publicly accessible SSDP service, which can be abused by a third party.
I have followed the steps in the emails:
- I have Norton paid subscription running/current on all the laptops/PCs on the network -- no issues
- the ports reported/discussed in the specific email to me generated from the Rogers system (port 49209) as well as port 1900 as specified in the generic Rogers message in the link below are closed on my Unifi router
- UPnP is disabled on my router
- I have nothing out of the ordinary running at my house
All of the above have always been this way -- no changes on my part. The only change that has happened that triggered this event is the upgrade to the Rogers Ignite internet service with the new modem .....
I'll certainly hire someone to fix a problem, but as of today, no one at Rogers has been able to explain to me what the problem is or how to resolve it other than the generic email and pointing out that I have my own router (which is a couple of years old and has updated firmware) -- if the problem is on my end vs on Rogers' end -- so not sure how I would specify to a third party what I'm looking to solve...... If one Google's this problem vs Rogers, there are numerous people who seem to have experienced the same issue.....ie a Rogers report being generated but without really any "solution" other than that the problem seems to go away, eventually. So I'm kinda at a loss here, Rogers......
Greetings and good morning @jsorhaug!
As long as you have followed the instructions to the letter, your network should be safe from being exploitable to participate in an open SSDP Reflection attack. If you are still concerned about the security of your third-party router, then I would recommend contacting the manufacturer and asking for support in disabling any settings that leaves your network open with SSDP vulnerabilities.
If you're looking for more general information about SSDP, check out this Wikipedia article here: https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol