Community Forum

Constant DDoS and lack of protection for Residential customers!

Regular Visitor

Constant DDoS and lack of protection for Residential customers!

This has been going on for a long long time, and someone needs to put an end to Comcast's lack of support on the matter. We pay top dollar for Internet service from a company that has a monopoly in most big cities in the USA. There is no reason or excuse why Comcast can't provide DDoS protection for Residential customers like they offer their Business customers. I'm a streamer, and am very vigilant with my Internet connection while streaming. I ping at least two European high profile servers EG: (ping -t -4 randomhighprofileserverhere) continuously while streaming. If I note that I have packet loss, I will check my Cable Modem firewall log , and what I find at that time is that I'm being attacked by DDoS. This happens almost every single day. I send Comcast my logs constantly. If you get them on the phone or in chat, all they do is offer to reset your Modem, but they can't even do that because your Modem has been kicked off the network, requiring you to manually reset it. At this time, you will note that you will have trouble logging into your Modem from your web browser, so this means resetting it by unplugging it from the wall. One thing I have asked Comcast is why they don't offer DDoS victims a WAN MAC address change, which can be done without replacing your Cable Modem. Only changing your CM MAC requires replacing your Cable Modem. Even if they just reprovision your Cable Modem on a different CMTS gateway, this doesn't stop an active attack, because a lot of DDoS attacks are on the MAC address level, and not IP address. This has been going on for almost a solid 20 years with Comcast. It started for me back in 2000, when hacking your Cable Modem firmware was starting to be a big thing. The objective in doing this is to uncap your bandwidth. Today, this is still being done, and at the same time these malicious people are also DDoS'ing the other 251 people on a gateway to drop their connection, so these people can get the full bandwidth provisioned for that gateway. There are 255 addresses on a gateway, 252 of which are available for customers. The other 3 are for DNS etc. There is also something else going on that should not be a thing. There is routine maintenance happening that is not being reported to Residential customers via email or text message. Even if they do on occasion inform us of this, the field techs fail to report back to dispatch in a timely manner, or simply fail to report at all, often times resulting in area-wide downs that Comcast isn't even aware of. When you log into the Status page using your phone (because you can't with your PC with Internet down), the Status page will indicate there are no downs in your area (even though there are). What the Status page then tells you is that though there aren't any downs in the area, potential problems with your equipment were found (which don't actually exist). Then Comcast proceeds to tell customers that because of this, they need to send a tech out to check* things. When the tech doesn't find anything, you are then charged a service fee for the visit. This is just another shady tactic Comcast uses to try to grab more cash from us. Something else that bothers me specifically is the outsourcing to offshore tech support. Quite often is the case there are huge communication problems with these representatives. Also, if you upset them, you are then met with avoidance the next time you connect with them. For me, one time I was on the phone with after hours Customer Security Assurance Tier 2 support in India, and the lady told me the address and account info I gave her was incorrect. I kept giving it to her exactly as it was on the Xfinity website, but she insisted it was incorrect. I got upset and said "God D*mn". The instant I said "God D*mn" my phone mysteriously rebooted!? This has never happened before, and the battery was fully charged. This conversation with this particular rep was after a week long battle with them and DDoS attacks, and me having to report several reps that did things I specifically asked them not to do. So there is clear communication problems with them, and possible outright misunderstanding of the English language. I don't understand why Comcast outsources to offshore tech support companies. If they're trying to save money, it's a big epic fail, because you can't save money when customers are having to talk to an Indian rep for 30 minutes to an hour when it should take 5 minutes. Or we have to call back repeatedly because the previous reps did something wrong. I would not put it past these Indian support reps to do malicious things, as they aren't actually Comcast employees but a company that subcontracts to Comcast. Yeah...I know...This all sounds like conspiracy theory tinfoil-hattery, but look at the facts.


I forgot to mention I am CompTIA Network+ certified.


So I posted another thread about an active attack I was experiencing, and how it's impossible to reach an actual Comcast employee during normal business hours, because of outsourcing to offshore support who are not actual Comcast employees (that was removed by our friendly neighborhood admin/mod). I'm linking a firewall log for the last week for anyone else having issues, so they can see what to look for if they might be having connection issues, and think they might be being attacked by DDoS. Last Week


People that believe you can protect yourself simply by using a VPN are mistaken. Though you can use a VPN to hide your WAN IP from most services, you simply cannot use a VPN for everything, and if the attack is coming from the same subnet, a VPN is not going to stop it. What I mean is that if someone on your same WAN subnet is attacking other clients on the same subnet, they don't need your WAN IP, all they have to do is sweep from through (same subnet) and will drop all the IP on the same gateway as theirs. Also, if someone ever gets your WAN MAC by any means, a VPN then becomes 100% useless.


Disabling the firewall on Comcast rented modems doesn't actually disable the firewall completely, so it's still trying to block DDoS attacks and getting dropped. The only way to deal with this on the consumer end is to put the Cable Modem in Bridge Mode, and get a nice full featured router that you can customize the firmware on and have 100% control over how the router handles packets. But yeah, turning DoS protection on in your modem or router firmware/software can actually work against you and overload the CPU and crash the device anyway. DDoS protection should be handled at the CMTS level before it ever gets to the customer.


So just an update, I have had so much trouble with Comcast/Xfinity over the last 3 months. I have literally only spoken to USA reps maybe twice out of 150+ attempts. The rest are all "offshore" and ALL the "offshore" encounters with "male" reps are negative. They don't have the same patience as the "female" reps, they stick to the "script" too much and never attempt to connect with the client on a personal level to make you feel more comfortable like the "female" reps do. The "male" reps have a tendancy to not do what you specifically ask, and they will most certainly do the opposite of what you ask. If you upset a "male" rep, they will be passive aggressive, and not speak, trying to frustrate you into closing chat, so it doesn't appear they did anything wrong, or they will close the chat abruptly and reboot your modem several times in rapid succession, or if you ask them specifically not to reboot your modem, the second you close chat, they WILL reboot it several times in rapid succession. The "male" reps will also outright lie to you. So there appears to be a very clear maturity issue with "offshore" "male" reps. I have voiced my expriences on "Ask Tom" but it seems the reps that respond to those are also "offshore", and nothing ever gets done about your concerns. It's becoming increasingly aparent that this company might actually be owned by an Indian or Filipino group, and not actually Americans in the USA. I would certainly move on down the road, but unfortunately to get cable speeds, you have to use Comcast, because any other company that could* provide cable services in your area, would have to pay Comcast for the use of the Coax cable system, effectly shutting them out of the market. AT&T or Satellite can't match the speeds, even though AT&T is far superior as far as reliability, and they don't outsource support to India or Philippines. 


I edited my post to be a little more sensitive.