A follow up as well.. without a device specifically presenting a 'virus' etc on it, its possible this SSDP vulnerability might be active on device, if it has not been patched fully and might be vulnerable to it.
A good idea in the long run, period for safety sake, would be to make sure ALL devices are up to date, run any OS and software updates available on them.
This sort of thing can also include other devices, like smart home devices, etc. Make sure that they have the latest firmware options installed on them. (usually the app will tell you when they need updating)
I also received emails and automated calls. I have no third party routers or modem only the ones provided by Rogers.
All laptops has up-to-date antivirus and since I am not technical, I called Rogers.
Big mistake, no help at all. I'm not going to call a third party technician since I already pay Rogers for a secure service and I do not know what to ask of them.
Just hoping this is not a scheme to make us purchase some sort of security package to make the emails and calls go away. In the mean time life continues.
My view is to just ignore these emails and calls. Rogers Technical Support is of no help when it comes to this issue. The Moderator should take note of this issue and have Rogers modify their system to not have these automated emails and calls go out as all it leads to is frustrated customers wasting time.
Its not a waste of time.. when/if there is legitimately something going on on the users side.
I work in IT.. and even myself had found myself with one of these notifications (mind you it was close to 8 years ago probably?). Ended up being there WAS a rootkit malware installed on my server without me knowing 😞
While i generally have to agree.. many of the rogers techs are not quite up to snuff technology, etc wise.
Its not their responsibility for that part of the thing either.
Rogers, in the end, is supposed to provide a secure, stable (yes, I know that can be a joke sometimes) environment for you to connect to the internet with.
Anything which connect TO the internet, is up to the USER to be responsible of.. regardless of their level of technical ability. Devices are getting better and better with helping with this part (alot of the IoT type devices now will prompt you that they need a firmware update, etc and click here to run it).
But in the long run.. IF something malicious happens to a users computer, and it does that bad stuff while on the rogers network.. its the users responsibility.
None of their steps have worked. There's nothing wrong with anything connected to my modem, yet I keep receiving the same emails. I contact Rogers, they don't help. I've checked the modem and what's connected and nothing new is attached. I've run the scans and did everything Rogers said, and I still receive the messages. Rogers has not been a great company or resource over the past 2 yrs. Huge disappointment Nd looking for a new provider.
None of their steps have worked. There's nothing wrong with anything connected to my modem, yet I keep receiving the same emails. I contact Rogers, they don't help.
I just reviewed the example email in the initial post and Rogers' ToS support article concerning the SSDP vulnerability. However, I think that Rogers needs to revise their recommendations on how to troubleshoot and fix this problem.
First and foremost, you are probably getting this email because Rogers either detected network traffic, originating from your home network, that matched a signature indicating that a device on your network could be (or actually was) used to launch a denial-of-service attack AND/OR that your router/Internet gateway was responding to active scans looking for devices on your network that could be exploited.
This is a real problem: https://blog.cloudflare.com/ssdp-100gbps/
That blog post contains some Python scripts that can be used to scan your internal network for devices that respond to SSDP queries. (I think that you can also find SSDP scanning tools in the Windows Store.) You also need to identify the device that corresponds to the UUID in the Rogers email.
Cloudflare has also developed badupnp, code for a web service that can check to see whether your router/gateway is responding to UPnP / SSDP traffic from the Internet. You can run the test to see if you are vulnerable by going to: https://badupnp.benjojo.co.uk/
As for the remediation steps, "Scan your system with anti-virus software" is always a good thing to do but it's more likely that the culprit is something like a camera, media server, smart TV, printer, or some other network device.
"Universal Plug and Play (UPnP) functionality or deploy firewall rules to allowed only trusted hosts on inbound port 1900/udp" may be hard to do, depending on what hardware you have installed. Disabling UPnP support on your Internet gateway is ALWAYS a good thing to do, if you can. To block Internet scans, you could also use port forwarding to send inbound UDP port 1900 traffic to a non-existent IP address.
Of course, you also need to ensure that the firmware for "smart devices" on your network are not only up-to-date but that they also do not contain known/unpatched security vulnerabilities.
UPnP is a badly-designed protocol that enables devices on your network to discover AND establish working configurations with other network devices, including IGD on your Internet gateway (if enabled) to configure firewall rules and port mappings that enable NAT traversal. If the devices on your network are untrustworthy, this can not only compromise the security of your own network but can also be leveraged to launch attacks against others as well.
I have had 2 separate devices be flagged by Rogers, a WD MyCloud NAS and my Nvidia Shield. The NAS is pretty old so maybe it had some sort of issue but the Shield is still kept pretty well up to date and runs the latest Android.
One thing they had in common was they were connected directly to the XB6 modem but I run it in bridge mode since it is located in the corner of my basement and WiFi from it is not great (and the EERO pods are useless in my house for some reason). I have reconnected the Shield to WiFi and will see if that solves it.