Shutting off SSDP Vulnerability - Canadian TV, Computing and Home Theatre Forums
 
LinkBack Thread Tools Search this Thread Display Modes

post #1 of 4 (permalink) Old 2018-05-17, 05:45 PM Thread Starter
Veteran
 
Join Date: Nov 2004
Location: North York
Posts: 2,072
Shutting off SSDP Vulnerability

A couple weeks ago my brother-in-law received a legit email from Rogers: "A device connected to your Rogers Internet connection is showing signs of an exploitable SSDP vulnerability."

No big deal - I logged into their system and shut off UPnP on the third party router I gave them.

Yesterday, he got a second email saying the same thing. I take a closer look and both emails list a different IP and host name than the one seemingly assigned to the modem.

The modem's IP is 173.*.*.* The email lists 99.*

When I do reverse lookup on 173 I get one PTR back pointing to 173. When I do a reverse lookup on 99 I get two PTRs back, one for 99 and one of 173 (with different Rogers hostnames).

Any idea what's happening here?

--
Neil
NeilN is offline  
Sponsored Links
Advertisement
 
post #2 of 4 (permalink) Old 2018-05-18, 08:23 AM
 
Join Date: Jul 2013
Posts: 1,457
When not in bridged mode, the modem would show the external IP, with the 99.x.x.x IP address (at least in most of ontario I think)
(You can often still log into the modem via 192.168.100.1 on many modems, when its in bridged mode)

I just checked mine..
(which used to be in gateway mode, but is now in bridged mode)

In the modem status page, its showing a 7.x.x.x address now.

But when logging into my 3rd party router, it is showing my correct 99.x.x.x external address.


The 173 may be as with my 7.x address.

What does the 3rd party modem show as its WAN IP?

GDKitty
Rogers 9865, LG 47LV5400 LED TV, Onkyo HT-R690.
gdkitty is offline  
post #3 of 4 (permalink) Old 2018-05-18, 09:24 AM Thread Starter
Veteran
 
Join Date: Nov 2004
Location: North York
Posts: 2,072
I will check this out when I get the chance but the the third party router's WAN IP is 173. This also matches the port scanning sites I used to see what was open.

--
Neil
NeilN is offline  
 
post #4 of 4 (permalink) Old 2018-05-18, 09:43 AM
Veteran
 
Join Date: May 2009
Location: Mississauga
Posts: 7,576
Quote:
When not in bridged mode, the modem would show the external IP, with the 99.x.x.x IP address (at least in most of ontario I think)
I used to be in the 99. range until I changed modems. It's now 174. My modem is also in bridge mode and has been for many years.

My modem is also on 7. but this is the management interface, not the address used for customer data

I haven't lost my mind. It's around here...somewhere...
JamesK is online now  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Canadian TV, Computing and Home Theatre Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools Search this Thread
Show Printable Version Show Printable Version
Email this Page Email this Page
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome