Regular Visitor
•
4 Messages
Inbound Packet Drops
Comcast recently did some work in my neighborhood. I think they referred to the work as an upgrade to XNET2. Around the same time, I noticed an 10x increase in my SYSLOG output from my home router. I log all packet drops on my router.
What I noticed is packet drops coming from the internet port on my router. The source IP addresses appear to be on the same IP subnet as my xfinity public IP. So it looks like I am seeing some sort of broadcast traffic from other customers in my neighborhood. I don't know if this is intentional or not. These types of entries were not in the syslog output before.
My router is dropping the traffic, so I am not overly concerned. However, the amount of traffic generated is high and I am wondering if this is affecting my overall internet speeds.
Here are some sample syslog entries.
Sep 16 23:53:03 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:02:cc:c0:a8:c9:94:08:00 src=98.33.113.140 DST=255.255.255.255 LEN=195 TOS=0x00 PREC=0x20 TTL=64 ID=11438 DF PROTO=UDP SPT=2190 DPT=2190 LEN=175
Sep 16 23:53:03 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:02:cc:c0:a8:c9:94:08:00 src=98.33.113.140 DST=255.255.255.255 LEN=195 TOS=0x00 PREC=0x20 TTL=64 ID=11438 DF PROTO=UDP SPT=2190 DPT=2190 LEN=175
Sep 16 23:53:04 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:02:cc:c0:a8:c9:4f:08:00 src=98.33.64.44 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x20 TTL=64 ID=28493 DF PROTO=UDP SPT=35391 DPT=10001 LEN=12
Sep 16 23:53:04 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:02:cc:c0:a8:c9:4f:08:00 src=98.33.64.44 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x20 TTL=64 ID=28492 DF PROTO=UDP SPT=10001 DPT=10001 LEN=12
Sep 16 23:53:04 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:02:cc:c0:a8:c9:4f:08:00 src=98.33.64.44 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x20 TTL=64 ID=28493 DF PROTO=UDP SPT=35391 DPT=10001 LEN=12
Sep 16 23:53:04 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:02:cc:c0:a8:c9:4f:08:00 src=98.33.64.44 DST=255.255.255.255 LEN=32 TOS=0x00 PREC=0x20 TTL=64 ID=28492 DF PROTO=UDP SPT=10001 DPT=10001 LEN=12
Sep 16 23:53:04 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:02:cc:c0:a8:c9:57:08:00 src=98.35.30.48 DST=255.255.255.255 LEN=135 TOS=0x00 PREC=0x20 TTL=64 ID=0 DF PROTO=UDP SPT=34684 DPT=10001 LEN=115
Responses
EG
Expert
•
86.5K Messages
7 m ago
So, you should please answer your own question first and foremost. Is it ? Have you noticed any performance deficiencies ? If not, don't sweat the log entries.
0
0
DexLI
Regular Visitor
•
4 Messages
7 m ago
Thanks for the reply. I have been sysadmin for 30 years, so I am accusstomed to ignore log entries.
However, I have a couple of comments about the change in Comcast's network behavior.
There is no reason why I should be receiving broadcast packets from others customers in my neighborhood. Yes, my wifi router/firewall is dropping the unnecessary packets. But that puts all the responsibility on my router to block this traffic. What if the router has an unknown vulnerability that could be exploited?
I would imagine that this unnecesary traffic is counted toward my montly data cap. While the amount of data is small, I have been just above and just below Comcast's data cap for the month. I would be really irratted if this unnecssary traffic pushed me over the limit for the month and caused me to have to pay extra. 10-20 broadcast messages per second over the course of the month will add up to something.
I just think that Comcast should be blocking any unnecessary and unwanted traffic from customer to customer.
0
0
EG
Expert
•
86.5K Messages
7 m ago
I hear you. It's the nature of the beast.
0
0