I received an Abuse Notification email from ATC. What does this mean?
You have received this email because a device on your home network has adversly affected our ATC Network. In other words, a computer or laptop on your home network may have become infected with malware or viruses, and those infections are adversly affecting other ATC customers. Most of the time, users are completely unaware when their computers (or other internet devices) become infected. This email notification is to inform you of that possibility.
To remedy the situation, start by reviewing your installed programs and uninstall anything that does not look familiar. Look for programs with the words ‘Torrent’, ‘Bittorrent’, or ‘Share’. Next, ensure that you have virus protection installed and run a full-system scan. You may want to consider installing spyware removal programs such as Malware Bytes or Windows Defender.
Also, please ensure that your connection is not shared with others. An “open” or unsecure home network allows anyone to use your internet to perform malicious or criminal activities. You may want to consider making your home network more secure by changing your wifi password and the username/password to your router. Don’t worry, making those changes is easier than you think. Our FREE 24/7 Internet Support team is standing by to assist you.
Sample Abuse Noticiation Email:
Subject: Exploitable SSDP server used for an attack: 216.180.xxx.xxx
A public-facing device on your network, running on IP address 216.180.xxx.xxx operates an open SSDP service on port 1900 and participated in a large-scale attack against a customer of ours, generating UDP responses to spoofed M-SEARCH requests that claimed to be from the attack target.
Please consider reconfiguring this SSDP-speaking server in one or more of these ways:
1. Adding a firewall rule to block outside access to this host, or the network overall, on port 1900.
2. Disabling UPnP entirely (SSDP is a component of the overall UPnP subsystem and can’t usually be disabled separately).
3. Reconfiguring the device to not respond to outside M-SEARCH requests, or to rate-limit its responses (the process to follow for this would differ from device to device and may not be possible for many devices).
If you represent an ISP, please consider a default-deny rule for outside traffic destined for UDP port 1900 within your network. Like chargen (UDP port 19), the SSDP port is rarely used legitimately by external hosts, and UPnP requires the use of broadcast traffic, so it doesn’t apply outside of local subnets; as a result, a filter of UDP 1900 will not cause collateral damage.