[HECnet] Verizon Security! Fwd: Security notice

Thu Jul 30 13:51:27 PDT 2020

On 7/30/2020 1:15 PM, Supratim Sanyal wrote:
> Verizon is tightening the screw. I think I will give up now. It was explained to me over a telephone call to their security department that I cannot have any of the following ports open at home.
>
> 80
>
> 81
>
> 554
>
> 8xxx
>
> 9xxx
>
>
>
>> *From:* Verizon Notification <verizon-notification at verizon.com <mailto:verizon-notification at verizon.com>>
>> *Date:* July 30, 2020 at 12:32:48 PM EDT
>> *To:* thesanyalfamily at gmail.com <mailto:thesanyalfamily at gmail.com>
>> *Subject:* *Security notice*
>> *Reply-To:* Verizon Notification <verizon-notification at verizon.com <mailto:verizon-notification at verizon.com>>
>>
>> Verizon <https://www.verizon.com/?lid=//global//residential>
>>
>> 	
>>
>> Hi,
>>
>> Attention Verizon Customer,
>>
>>
>> Our network monitoring tools have detected significant amounts of harmful network traffic coming from your home or office network. It is likely that a device within your home or office is infected with malware; we believe the device could be a network security camera, network video recorder, or similar device.
>>
>>
>> These devices are being targeted by hackers. The hackers are leveraging potential security flaws in the hardware / software to stage large scale attacks against other networks and devices.
>>
>>
>> Pursuant to Verizon's Terms of Service and Acceptable Use Policy, we are asking you to disconnect any such devices from your home or office network. This is an effort to protect your privacy and network. We ask that you contact the manufacturer's support department to determine how to properly secure the device, including closing any network ports on the device(s) exposed to the public Internet. Once fully patched with the most up to date firmware and software, please ensure that you protect access to the device by changing the admin login credentials. Use a strong password for all access points including remote viewing of the cameras. Once that is complete you may return the device to your network.
>>
>>
>> Should these efforts fail and the device is once again found to be leveraged as an attack host, we will ask for the removal of the device until the vendor can devise an acceptable remediation.
>>
>>
>> You must take the necessary steps to remove this device from your network as soon as possible. Failure to remove this device is a violation of the Verizon Online Acceptable Use Policy and may result in the following:
>>
>>
>> - Future suspension and/or termination of your Internet Services.
>>
>>
>> Additional suggestions and precautions can viewed at verizon.com/securityinfo <http://verizon.com/securityinfo> or visit the website of your hardware vendor.
>>
>>
>> You may contact Verizon support at 888-553-1555
>>
>> Verizon will never ask you to provide or verify personal or account information by email.
>>
>> Thanks for your prompt attention.
>>
>> Verizon Internet Abuse Investigations Team
>> 22001 Loudoun County Parkway
>> Ashburn, VA 20147
>>
>> © 2020 Verizon. All Rights Reserved.
>>
>> Ensure Verizon emails reach your inbox by adding verizon-notification at verizon.com <mailto:verizon-notification at verizon.com> to your "safe" email list. Your email provider
>> can provide instructions on how it works.
>>
>> This email has been sent from an auto-notification system that cannot accept incoming email.
>>
>> This email was sent to thesanyalfamily at gmail.com <mailto:thesanyalfamily at gmail.com>. We respect your privacy. Please review our Privacy Policy <https://www.verizon.com/about/privacy/> If you think this email was sent in error or you'd like to change how you receive your notification, click here < https://www.verizon.com/privacy/your-data/idp/eud/ln?GUID=aHkTu4k1hPaQumaLjRRtVRUSaUwDZmUsbfsLhFFydaHkTBJ47QUIBiwFTI2DAcDemH2wvwjoTEG7EFn81xrgorO2y9XwnHSxsTHpvCP48%2FAY%2F4h9r4EtUY69Qp3pQKszwl5VpfHr7arsDxdqfk1612Uh9OYNjWXpIPTTQ2Yid7U%3D >
>>
What a load of bullsh*t.  I hope Spectrun doesn't do this to me someday.  Although if they do, i have an out.  I have a fairly hefty Mac Mini in the MacStadium colo facility in Las Vegas and a VPN set up between.  I could always make that the main connection and funnel everything through the VPN.

-- 
John H. Reinhardt