ProfessorHawk's profile

Contributor

 • 

21 Messages

Monday, January 13th, 2020 4:00 PM

Closed

IP Reputation attack

I have a Seagate Harddrive attched to my Xfi that contains music for my Sonos system also connected. Starting today I have recieved 35 threat messages that says Comcast has blocked malicious from China, Moldova and the US. All within the past 3 hours. I click help me fix it and it says to restart the device, which I did. I also restarted the xFi. It also says to update the firmwear, which on the Seagate says is up to date and then to isolate it. I turned it off, but now cannot listed to music. What going on here? How is my external HD being attacked?

Accepted Solution

Contributor

 • 

21 Messages

5 years ago

Thanks to everyone who has tried to help. I have gone round and round with Comcast on this with nothing to show for, (big surprise huh?). Becasue of the lack of technical assistance, we will be going back to our Linksys Router and getting rid of the piece of garbage xFi router. We have an appointment to have ethernet run throughout and only use Comcast for the internet access. Substandard equipment, serviced by substandard technicians with non-english speaking customer service all for $238/month. What's not to like?

Official Employee

 • 

2.3K Messages

5 years ago

ProfessorHawk -- Thanks for reaching out.  I reviewed your other post regarding this issue.  Can you please clarify - did you have any Port Forwards set up?  (If so, did you remove them?)

You can check your Port Forwards in xFi, by navigating to the Network Tab > Advanced Settings > Port Forwarding.

Contributor

 • 

21 Messages

5 years ago

I spoke toan Xfinity network "expert" and was told all pop-up from the Xfinity app as well as notifications on the xfinity.com are false and should be ignored. She had be delete the app from my phone and reinstall and told to no longer visit this page. Meanwhile the attacks keep coming.

Contributor

 • 

21 Messages

5 years ago

I don't have any port forwards. When I click on it I only get the add option.

Contributor

 • 

21 Messages

5 years ago

I'm getting a big runaround. I was eventually sent to The Customer Security Assurance who said I need to contact Cisco to get the firewall logs off of my xFi modem. I called the number that was given [Edited: "Personal Information"] and Cisco says I need a Cisco ID, but Comcast didn't give me one. Isn't there anyone at Comcast that can help me?

(edited)

Gold Problem Solver

 • 

25.9K Messages

5 years ago

Keep working with the Official Employee that’s helping you on your original post.

Contributor

 • 

21 Messages

5 years ago

I spent 6 hours yesterday getting the run around from one person and department to another regarding "Items That Need Attention" notifications from xFi advanced. I was even transfered to Cisco who wanted to know why I was calling becasue I'm not a Cisco customer. I requested to speak with a supervisor and was told none are available. It is now day two and I'm still getting contant notifications about IP Reputation attacks. They are non-stop. Is there anyone at Comcast that can help. 

Official Employee

 • 

2.3K Messages

5 years ago

ProfessorHawk -- Thank you for the additional context.  I apologize for the frustration.  I will review your account & let you know when I have additional information.

Contributor

 • 

21 Messages

5 years ago

I have now had 153 IP Reputation Attacks and 34 Unauthorized Access Attempts and they keep coming. All require action on my part but tell me what I can do other than restart my device, update my software/firmware, or Quarantine my device. This doesn't help, how can I get the attacks to stop? Is there a way to change my IP address so that whover is attacking will lose me?

Official Employee

 • 

2.3K Messages

5 years ago

ProfessorHawk -- Thank you for your patience.  I've been working with engineering to take a closer look.  I'd like to send you a Private Message with additional information.  

Private messages can be accessed by clicking on the envelope icon in the upper right hand corner of any forums page.

Frequent Visitor

 • 

10 Messages

5 years ago

No No no - I have been following this thread because I am experiencing some of the same things. You do not do the community any good by taking this off line without at least posting a valid solution . Two of these (alleged) "malicious IP's" belong to Censys which advertises "Get a current view of all of your organization's assets so you can proactively prevent targeted attacks and investigate suspicious activity."

 

So are these just random port scans or false positives? I started getting these the day I enabled a Port Forward for RDP and I promptly removed it but I am still getting these same messages from "Advanced Security". Its not very advanced when it literally gives you NO information about the attack. The least it could do is provide the Port number

image.PNGcen.PNG

New Poster

 • 

1 Message

5 years ago

The solution needs to be public so we can fix it without the run around

New Poster

 • 

1 Message

5 years ago

This needs to be addressed publicly as many people are experiencing the exact same issues. My dish is no longer able to update because of these. I have reset my dish and restarted my modem as well. I "allowed " the IP addresses that the app would let me, but mostly the app doesn't allow you to do much. It offers "fixes" but doesn't give details on how to do these. We are are also suddenly recieving these alerts for a few of the cell phones in the house as well. I'm getting close to the poi t of disabling the security now that I have googled how to do that. I've had Xfinity for about 6 months now, and never had these issues until 2 nights ago and I'm already fed up with it. Please post a solution publicly.

Contributor

 • 

21 Messages

5 years ago

I have not had any resolution from Comcast. All of these posts have been ignored and all calls to the company have been fruitless. My system does not appear to be compromised so I just logged by cell phone out from my network so I wouldn't get any more notifications. I'm getting hundreds per day.

Regular Visitor

 • 

3 Messages

5 years ago

this might be too late or even not the solution for you, but i was expierencing this very same thing and fixed it myself. I think my pc was sending out my ip somewhere to let others know my pc was online was my main thinking in solving this problem. I looked at the firewall exemptions, or "allow app through the firewall", and turned off all unnecessary app for this and havnt had any problems since.. although I didnt try to turn them back on one at a time to figure out which of these was the culprit, i think it was an sdk app I got for the kinect camera,...in my case. hope you figure it out and maybe this helps a bit.

 

forum icon

New to the Community?

Start Here