Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NANOG>
  3. users
Looking for contact within Comcast Xfinity
michael at supermathie
Aug 22, 2022, 1:17 PM
Post #1 of 4 (211 views)
Permalink
If anyone from Comcast Xfinity is on this list, can you please reach out
to me?

We're getting increased reports of xFi Advanced Security customers being
unable to access hosted sites and attempting to open tickets has had no
success.

Thanks,

Michael Brown
Re: Looking for contact within Comcast Xfinity [ In reply to ]
nanog at nanog
Aug 23, 2022, 6:45 AM
Post #2 of 4 (211 views)
Permalink
I ran into this a few days ago.

Both the random agent I talked to and our sales rep said they can't disable
the security edge service without increasing the cost of service for all of
our accounts.

Apparently it costs more to not molest DNS traffic leaving your network.

They can temporarily disable it, but they said it will turn back on when
the modem is rebooted.

It seems to only affect TCP and UDP port 53.

I fixed it by setting all of our routers to use DoH and DoT exclusively.
They can't intercept and molest that traffic.

-A



On Tue, Aug 23, 2022, 05:39 Michael Brown <michael@supermathie.net> wrote:

> If anyone from Comcast Xfinity is on this list, can you please reach out
> to me?
>
> We're getting increased reports of xFi Advanced Security customers being
> unable to access hosted sites and attempting to open tickets has had no
> success.
>
> Thanks,
>
> Michael Brown
>
>
Re: Looking for contact within Comcast Xfinity [ In reply to ]
jbazyar at verobroadband
Aug 23, 2022, 7:15 AM
Post #3 of 4 (211 views)
Permalink
Comcast also molests SIP.

From: NANOG <nanog-bounces+jbazyar=verobroadband.com@nanog.org> on behalf of "Aaron C. de Bruyn via NANOG" <nanog@nanog.org>
Reply-To: "Aaron C. de Bruyn" <aaron@heyaaron.com>
Date: Tuesday, August 23, 2022 at 7:47 AM
To: Michael Brown <michael@supermathie.net>
Cc: North American Network Operators' Group <nanog@nanog.org>
Subject: Re: Looking for contact within Comcast Xfinity

I ran into this a few days ago.

Both the random agent I talked to and our sales rep said they can't disable the security edge service without increasing the cost of service for all of our accounts.

Apparently it costs more to not molest DNS traffic leaving your network.

They can temporarily disable it, but they said it will turn back on when the modem is rebooted.

It seems to only affect TCP and UDP port 53.

I fixed it by setting all of our routers to use DoH and DoT exclusively. They can't intercept and molest that traffic.

-A



On Tue, Aug 23, 2022, 05:39 Michael Brown <michael@supermathie.net<mailto:michael@supermathie.net>> wrote:
If anyone from Comcast Xfinity is on this list, can you please reach out
to me?

We're getting increased reports of xFi Advanced Security customers being
unable to access hosted sites and attempting to open tickets has had no
success.

Thanks,

Michael Brown
RE: Looking for contact within Comcast Xfinity [ In reply to ]
nanog at nanog
Aug 24, 2022, 5:28 AM
Post #4 of 4 (210 views)
Permalink
Michael,

Please contact me off-list and I'll see if I can be of any help.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

> -----Original Message-----
> From: NANOG <nanog-bounces+alex_brotman=comcast.com@nanog.org> On
> Behalf Of Michael Brown
> Sent: Monday, August 22, 2022 4:18 PM
> To: North American Network Operators' Group <nanog@nanog.org>
> Subject: Looking for contact within Comcast Xfinity
>
> If anyone from Comcast Xfinity is on this list, can you please reach out to me?
>
> We're getting increased reports of xFi Advanced Security customers being
> unable to access hosted sites and attempting to open tickets has had no success.
>
> Thanks,
>
> Michael Brown

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal