Fergison_ca05256's profile

New Poster

 • 

1 Message

Friday, March 12th, 2021 2:00 AM

Closed

I've problems

I'm getting slow speeds an seems only my devices on my network continue to have malicious problems. Attached it the firewall log for the last week. How this look?

FW.IPv6 INPUT drop
, 2134
Attempts, 2021/3/12 05:40:56 Firewall Blocked

FW.IPv6 FORWARD drop
, 2061
Attempts, 2021/3/12 05:40:56 Firewall Blocked

FW.IPv6 FORWARD drop
, 4979
Attempts, 2021/3/11 18:58:01 Firewall Blocked

FW.IPv6 INPUT drop
, 4576
Attempts, 2021/3/11 18:58:01 Firewall Blocked

FW.WANATTACK DROP
, 157
Attempts, 2021/3/11 18:58:01 Firewall Blocked

FW.LAN2SELF DROP
, 25
Attempts, 2021/3/11 07:58:01 Firewall Blocked

FW.IPv6 INPUT drop
, 4439
Attempts, 2021/3/10 18:58:01 Firewall Blocked

FW.IPv6 FORWARD drop
, 3840
Attempts, 2021/3/10 18:58:01 Firewall Blocked

FW.LAN2SELF DROP
, 14
Attempts, 2021/3/10 18:58:01 Firewall Blocked

FW.IPv6 INPUT drop
, 6706
Attempts, 2021/3/09 18:58:01 Firewall Blocked

FW.IPv6 FORWARD drop
, 4348
Attempts, 2021/3/09 18:58:01 Firewall Blocked

FW.IPv6 INPUT drop
, 4886
Attempts, 2021/3/08 18:58:01 Firewall Blocked

FW.IPv6 FORWARD drop
, 4450
Attempts, 2021/3/08 18:58:01 Firewall Blocked

FW.WANATTACK DROP
, 46
Attempts, 2021/3/08 06:58:01 Firewall Blocked

This conversation is no longer open for comments or replies and is no longer visible to community members.

Problem Solver

 • 

1.5K Messages

4 years ago

Looks like your firewall might be working, but I'd have to know exactly what you are using, plus the logging syntax to tell you for sure.  It 'may' be telling you there was traffic from both internal and external sources that got blocked, but it's all about the log format.

 

Below are all hostile actors tripping over my SNORT firewall trap.  They are KNOWN compromised servers in this case, but it works with unknowns too.  Anything that hits these ports.  They are running portscans, and are using automated scripts.  It's extremely common internet traffic.  Some 3rd party gateways have a "portscan block" option too.   Use it.  The idea is that you 'kill state' and block all traffic from the offending source for a time to disrupt the scan.  If their script doesn't have much for error control, you can hang the remote end too.

 

Turning off ICMP (responding to ping) on your gateway if you have the option is a good idea.  They usually ping your external IP address before the portscan to see if anything is there before running the portscan.

 

Compromised servers in the nethernlands, cyprus and a cloud spammer named Eonix in the USA.

WAN
Mar 12 04:39:20
31.210.20.175:18287

192.168.0.16:8080
ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12
WAN
Mar 12 03:24:16
74.120.14.26:11618

192.168.0.16:81
ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71
WAN
Mar 12 03:03:25
45.146.165.153:56920

192.168.0.16:2025
ET DROP Dshield Block Listed Source group 1
WAN
Mar 12 03:03:25
45.146.165.153:56920

192.168.0.16:2025
ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28
WAN
Mar 12 02:58:57
104.206.128.54:60231

192.168.0.16:8080
ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100

 

Contributor

 • 

36 Messages

4 years ago

This issue is posted so many times in the xfinity forums WITHOUT ANY RESOLUTION OR EVEN A RESPONSE FROM COMCAST. Unreal.

Visitor

 • 

4 Messages

@Anon126539 Exactly!!!!! I've been going through this for a month and a half. Had a tech come out say the signals fine. I've replaced my modem from Comcast with another rented modem but of course still losing internet. Worked fine for years but the past month and a half have been terrible. Have you found anything out ?

Expert

 • 

111.6K Messages

@user_1f4765 

Please create a new topic of your own here on this board detailing your issue. Thanks.  5-month-old dead thread now being closed.

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Please mark an Accepted Answer!tick
forum icon

New to the Community?

Start Here