Dear Charter Internet Customer,
Charter Communications has been notified that the home networking device connected to your modem participated in a large-scale network impacting distributed denial-of-service (DDoS) attack. The device is acting as a “DNS Open Resolver” and requires configuration changes.
Issue Description – An Open Resolver can allow an entry point for hackers to send out a large flood of network traffic, sometimes called “DDoS or amplification attacks” that cause network congestion and/or disruption to the services in your area. Hackers often share with others the IPs of devices that are known to have open resolver settings thus allowing the device to be used for multiple attacks.
For more information on DNS Open Resolvers, please reference:
US-CERT: US-CERT: http://www.us-cert.gov/ncas/alerts/TA13-088A
We are asking that you take immediate action to remediate this issue.
1) Go to www.whatismyip.com and verify that the IP address assigned to your modem matches the IP address in the subject line of this notification.
2) Go to http://openresolver.com/ and check the IP to see if an “open-resolver” is detected.
3) Once confirmed, we are requesting that you disable the DNS Proxy setting on your router.
Note – If the IP address assigned to your modem has changed, please use the current IP address when checking for the open resolver vulnerability.
4) Once you believe that you have resolved this issue, please verify via http://openresolver.com/ and then reply to this email providing confirmation that you have completed the recommended remediation steps.
Please be advised, the Charter Acceptable Use Policy, available at https://www.charter.com/browse/content/res_hsi, explicitly prohibits actions, whether intentional or unintentional, that disrupt Charter’s network. Specifically, paragraph 8 states:
8. NO SYSTEM DISRUPTION
Customer will not use, or allow others to use, the Service to disrupt Charter's network or computer equipment owned by Charter or other Charter customers. This includes, but is not limited to, improperly interfering with, inhibiting, degrading, or restricting the use and operation of the Service by others, sending or receiving excessive data transfers (as determined in Charter's reasonable discretion) for the package or tier of service to which Customer subscribes or modifying or altering in any manner any modem or modem configuration so as to allow its use beyond the parameters outlined by the specific level of service to which Customer subscribes. Any static or dynamic IP address must be specifically authorized and provisioned by Charter. Altering any IP address provisioned by Charter or otherwise cloning another user's IP address is prohibited. Customer also agrees that Customer will not use, or allow others to use, the Service to disrupt other Internet Service Providers ("ISPs") or services, including, but not limited to, e-mail bombing or the use of mass mailing programs. Customer may not use bandwidth in excess of that associated with the package or tier of service to which Customer subscribes.
In addition, Customer will not, or allow others to, alter, modify, service, or tamper with the Charter Equipment or Service or permit any other person to do the same who is not authorized by Charter.
We will continue to monitor the network for events of this nature. Repeated events and/or complaints pertaining to this network abuse issue may result in an interruption of your service.
Additional tools to assist you in resolving this vulnerability may be found at:
Please note that none of the provided links above are directly supported by Charter but are provided solely as a reference to assist the investigation and remediation of the current issue.
If you have any questions, please contact the Subscriber Services Security Team at 1-866-357-8086. Our Subscriber Services Security Team is available to provide assistance from 8am – 8pm CST, Monday through Friday and from 8am – 5pm CST, Saturday and Sunday.
--- The following material was provided to us as evidence ---
Received On: 2014-09-15 19:51:00
Subject: Shadow Open DNS Outreach 20140909
Abuse Date: 2014-09-13 03:00:00
Open DNS Issue: Port 53
Could it be true or could it be fake?
If true, do I follow their advice? If false, it sure got my attention and raised the pucker factor.