Community Forum

Internet

Top Contributors
Sort by:
Ports on the internet are like virtual passageways where data can travel. All information on the internet passes through ports to get to and from computers and servers. When a certain port is known to cause vulnerability to the security and privacy of your information, Xfinity blocks it to protect you.   Find the Reasons for Blocking Listed Below Port Transport Protocol Direction Downstream/ Upstream to CPE Reason for Block IP Version 0 TCP N/A Downstream Port 0 is a reserved port, which means it should not be used by applications. Network abuse has prompted the need to block this port. IPv4/IPv6 25 TCP SMTP Both Port 25 is unsecured, and Botnet spammers can use it to send spam. This does not affect Xfinity Connect usage. We recommend learning more about   configuring your email settings to Comcast email   to use port 587. IPv4/IPv6 67 UDP BOOTP, DHCP Downstream UDP Port 67, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks. IPv4 135-139 TCP/UDP NetBios Both NetBios services allow file sharing over networks. When improperly configured, ports 135-139 can expose critical system files or give full file system access (run, delete, copy) to any malicious intruder connected to the network. IPv4/IPv6 161 UDP SNMP Both SNMP is vulnerable to reflected amplification distributed denial of service (DDoS) attacks. IPv4/IPv6 445 TCP MS-DS, SMB Both Port 445 is vulnerable to attacks, exploits and malware such as the Sasser and Nimda worms. IPv4/IPv6 520 UDP RIP Both Port 520 is vulnerable to malicious route updates, which provides several attack possibilities. IPv4 547 UDP DHCPv6 Downstream UDP Port 547, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks. IPv6 1080 TCP SOCKS Downstream Port 1080 is vulnerable to, among others, viruses, worms and DoS attacks. IPv4/IPv6 1900 UDP SSDP Both Port 1900 is vulnerable to DoS attacks. IPv4/IPv6     Enable Port Blocking on Your Router If you’re concerned about the security of your wireless home network, one thing you can do is enable port blocking – this can help prevent unwanted outside connections to your network’s devices. While port blocking is advanced, you can enable it on certain routers with a few simple steps. Here’s how: Note:  These instructions apply only to the following devices:   Netgear CG814v 1&2 Linksys WCG200v 1&2 Linksys BEFCMUH4  Log on to your router’s administration site. Click on the   Select a Computer/Device   button to view the IP addresses of the computers connected to your gateway. Enter the   IP address range   in the IP Range fields. Enter the   Port range   in the Port Range fields. Select the   Enable   check box. Click   Apply.       Why is Port 25 for Email Submission Not Supported? Email is used for important communications and Comcast wants to ensure that these communications are as secure and as private as possible. As such, Comcast does not support port 25 for the transmission of email by our residential Internet customers. Much of the current use of port 25 is by computers that have been infected by malware and are sending spam without the knowledge of the users of those computers. Why is Comcast Supporting Port 587? The original/legacy email ports, 25 and 110, have been in use since the inception of email and have limited or no security features. As a result, port 25 has been used for the transmission of spam and malware from infected computers for nearly a decade. Port 110 simply is not a secure means of retrieving email. Port 995 provides SSL encryption when downloading email. It has been a long-standing recommendation from   M 3 AAWG, an international community of anti-abuse professionals, and the   Internet Engineering Task Force   (IETF), that port 25 be blocked. In an effort to provide our customers with the greatest security when using email, Comcast recommends the use of the industry-recommended port 587 with TLS/SSL enabled. The recommendations from M 3 AAWG can be read   here   and you can also view the IETF   RFC 5068and   RFC 4409   (section 3.1, see below). From RFC 4409:   3.1. Submission Identification Port 587 is reserved for email message submission as specified in this document. Messages received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with additional restrictions or allowances as specified here. Although most email clients and servers can be configured to use port 587 instead of 25, there are cases where this is not possible or convenient. A site   may   choose to use port 25 for message submission by designating some hosts to be MSAs and others to be MTAs. What Makes These Settings More Secure? Port 587 further improves security through the use of required authentication and recommended TLS/SSL encryption. Required Authentication   When sending and receiving email, it is required that you use your Xfinity username and password. This helps to prevent infected computers and other devices connected to the Xfinity services from being able to freely transmit spam and malware. SSL Encryption Secure Sockets Layer (SSL) is a secure protocol for sending data safely and encrypted over the Internet. With SSL encryption your user ID, password, and email are secured from hackers and identity thieves when sending or receiving email.   Other Bodies Opposed to the Use of Port 25 There are a number of other organizations that Comcast works with to control the problem of spam on the Internet. One of the most notable of these is   Spamhaus, an organization that provides a number of lists detailing IP addresses known to send a great deal of spam and a list of IP addresses that should never send email at all. These lists, as well as others provided by similar organizations, are used by nearly all of the ISPs and mail receivers on the planet. All of the Comcast dynamic IP address space is listed by Spamhaus as not to be used for the sending of email. As such, any email sent by subscribers on the Comcast network directly to other ISPs (not via the Comcast mail servers) is extremely likely to be blocked by the receiving ISP. The Federal Trade Commission, an organization that has taken legal action against many spammers, also recommends that Port 25 should be blocked by ISPs. The FTC’s recommendation is as follows: "Block port 25   except   for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic.   Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers." The ITU also recommends blocking port 25 in their document named "ITU Botnet Mitigation Toolkit". This can be viewed   here. While this document is focused on the remediation of botted computers, blocking of port 25 is seen as an important step in mitigating the spam that is sent from botted machines.   ISPs that Manage Port 25 Many ISPs, both in the USA and around the globe, block port 25. These include: Verizon AT&T NetZero Charter People PC Cox EarthLink Verio Cablevision All Japanese ISPs France Telecom/Orange       For additional information see here: https://www.xfinity.com/support/articles/list-of-blocked-ports
View full article
Tips for troubleshooting your Xfinity Gigabit Internet Speed
View full article
This article provides you with some tips for troubleshooting your XFINITY Internet connection
View full article
 I have no Internet access and  the US and DS buttons on the modem are blinking. How do I solve this?
View full article