Contributor
•
21 Messages
IP Reputation attack
I have a Seagate Harddrive attched to my Xfi that contains music for my Sonos system also connected. Starting today I have recieved 35 threat messages that says Comcast has blocked malicious from China, Moldova and the US. All within the past 3 hours. I click help me fix it and it says to restart the device, which I did. I also restarted the xFi. It also says to update the firmwear, which on the Seagate says is up to date and then to isolate it. I turned it off, but now cannot listed to music. What going on here? How is my external HD being attacked?
Accepted Solution
ProfessorHawk
Contributor
•
21 Messages
5 years ago
Thanks to everyone who has tried to help. I have gone round and round with Comcast on this with nothing to show for, (big surprise huh?). Becasue of the lack of technical assistance, we will be going back to our Linksys Router and getting rid of the piece of garbage xFi router. We have an appointment to have ethernet run throughout and only use Comcast for the internet access. Substandard equipment, serviced by substandard technicians with non-english speaking customer service all for $238/month. What's not to like?
0
0
XfinityRachelH
Official Employee
•
2.3K Messages
5 years ago
ProfessorHawk -- Thanks for reaching out. I reviewed your other post regarding this issue. Can you please clarify - did you have any Port Forwards set up? (If so, did you remove them?)
You can check your Port Forwards in xFi, by navigating to the Network Tab > Advanced Settings > Port Forwarding.
0
0
ProfessorHawk
Contributor
•
21 Messages
5 years ago
I spoke toan Xfinity network "expert" and was told all pop-up from the Xfinity app as well as notifications on the xfinity.com are false and should be ignored. She had be delete the app from my phone and reinstall and told to no longer visit this page. Meanwhile the attacks keep coming.
0
0
ProfessorHawk
Contributor
•
21 Messages
5 years ago
I don't have any port forwards. When I click on it I only get the add option.
0
0
ProfessorHawk
Contributor
•
21 Messages
5 years ago
I'm getting a big runaround. I was eventually sent to The Customer Security Assurance who said I need to contact Cisco to get the firewall logs off of my xFi modem. I called the number that was given [Edited: "Personal Information"] and Cisco says I need a Cisco ID, but Comcast didn't give me one. Isn't there anyone at Comcast that can help me?
(edited)
0
CCAndrew
Gold Problem Solver
•
25.9K Messages
5 years ago
0
0
ProfessorHawk
Contributor
•
21 Messages
5 years ago
I spent 6 hours yesterday getting the run around from one person and department to another regarding "Items That Need Attention" notifications from xFi advanced. I was even transfered to Cisco who wanted to know why I was calling becasue I'm not a Cisco customer. I requested to speak with a supervisor and was told none are available. It is now day two and I'm still getting contant notifications about IP Reputation attacks. They are non-stop. Is there anyone at Comcast that can help.
0
0
XfinityRachelH
Official Employee
•
2.3K Messages
5 years ago
ProfessorHawk -- Thank you for the additional context. I apologize for the frustration. I will review your account & let you know when I have additional information.
0
0
ProfessorHawk
Contributor
•
21 Messages
5 years ago
I have now had 153 IP Reputation Attacks and 34 Unauthorized Access Attempts and they keep coming. All require action on my part but tell me what I can do other than restart my device, update my software/firmware, or Quarantine my device. This doesn't help, how can I get the attacks to stop? Is there a way to change my IP address so that whover is attacking will lose me?
0
XfinityRachelH
Official Employee
•
2.3K Messages
5 years ago
ProfessorHawk -- Thank you for your patience. I've been working with engineering to take a closer look. I'd like to send you a Private Message with additional information.
Private messages can be accessed by clicking on the envelope icon in the upper right hand corner of any forums page.
0
0
Zalastar
Frequent Visitor
•
10 Messages
5 years ago
No No no - I have been following this thread because I am experiencing some of the same things. You do not do the community any good by taking this off line without at least posting a valid solution . Two of these (alleged) "malicious IP's" belong to Censys which advertises "Get a current view of all of your organization's assets so you can proactively prevent targeted attacks and investigate suspicious activity."
So are these just random port scans or false positives? I started getting these the day I enabled a Port Forward for RDP and I promptly removed it but I am still getting these same messages from "Advanced Security". Its not very advanced when it literally gives you NO information about the attack. The least it could do is provide the Port number
0
Tg2539
New Poster
•
1 Message
5 years ago
0
Tkwise
New Poster
•
1 Message
5 years ago
0
ProfessorHawk
Contributor
•
21 Messages
5 years ago
I have not had any resolution from Comcast. All of these posts have been ignored and all calls to the company have been fruitless. My system does not appear to be compromised so I just logged by cell phone out from my network so I wouldn't get any more notifications. I'm getting hundreds per day.
0
dmoceri586
Regular Visitor
•
3 Messages
5 years ago
this might be too late or even not the solution for you, but i was expierencing this very same thing and fixed it myself. I think my pc was sending out my ip somewhere to let others know my pc was online was my main thinking in solving this problem. I looked at the firewall exemptions, or "allow app through the firewall", and turned off all unnecessary app for this and havnt had any problems since.. although I didnt try to turn them back on one at a time to figure out which of these was the culprit, i think it was an sdk app I got for the kinect camera,...in my case. hope you figure it out and maybe this helps a bit.
0