Community Forum

Advanced Security and port forwarding

Highlighted
New Poster

Advanced Security and port forwarding

I have set up several port forwards. For over three years they have worked, and since I use non-standard ports I have not had problems with port scanning or unauthorized attempts on my computers. When my computer was set up to use standard ports for my work IT department, Comcast refused to assist in blocking unauthorized attempts to connect causing internet slow down, and refused to release my DHCP lease so that I would get a new IP. The modems software also does not allow port redirecting, which forced me to alter the servers to use a new port. Some software does not allow this, like games.

Recently, Comcast has graciously given customers free use of their "Advanced Security" firewall, which greatly secures the internet connection. I get too many notifications that computers are attempting to connect to malicious sites, spam sites, and reputation issues. Way too many. I also get notifications when I attempt to connect to my home through a port forward, as the security doesn't allow me a connection unless I authorize the IP. Since my cloud IP's change with each connection, this means I have to authorize every attempt at connecting. And then the initial connection fails and I have attempt a second time. Oh, and don't forget that it is secure for the xFi app to connect from the internet, that it is not blocked by the Advanced Security even though everything it uses is what I use, except that it only connects to the modem to bypass all the security features that I use.

One of the games I play is a multiplayer game which requires connection to a private host/server, which is mine. I paid for the license, the other players do not have to. And don't want to. Every time they attempt to connect, it fails. Then I get a notification telling me it was unauthorized. Wait, my server is on a non-standard port and they had to know it to attempt to connect, how is it unauthorized? I then have to navigate the confusing app, clicking on the small explain the problem link instead of the big "Help Me Fix" button. Very confusing as the Help Me Fix demands that I get rid of the port forward. This does not fix the problem of them connecting to me. And the Help Me Fix doesn't offer authorize connection options, it assumes we don't want to authorize.

So, basically if I'm attempting to connect to something on my intranet, like my printer, that I wouldn't do normally, I want the notification and auto-deny. Then I can authorize it, If I have set up the port forwards, I know the risks and have authorized it, so let me connect without having to authorize. And if you are worried about the "common,"

Spoiler
pronounced "un-ed-u-cate-ed,"

customer, give the advanced user the option to opt-in to automatically authorizing the forwarded ports and deny the rest.

 

PS: I had to remove the lables of "Advanced Security, Advanced Security Failures, Advanced Security Authorization" because your web page coding implies I don't know what I'm doing and doesn't want it flagged for what it is. Why do you offer the option to type something in there is you are just going to deny the use? I am now applying all available labels.

Highlighted
Official Employee

Re: Advanced Security and port forwarding

Hello, either Advanced Security can be enabled or disabled. You will not be able to  go in and change settings. I double checked with our enginner's in Philly. 


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
New Poster

Re: Advanced Security and port forwarding

Sorry xF, but you failed with Adv Security. I have the same problems as the OP, and my only option is to shut if off.

 

Why did xF deploy such an all or nothing, ill-advised function that is turned ON without user approval and disables any legitimate use of Ports?? ?? Can't XF see that I've port forwarding turned on?? (Yes, but XF still deployed it!?!).

 

The only option is to turn if off. It is worse than being useless, as it actually disrupts legit traffic.

Highlighted
New Poster

Re: Advanced Security and port forwarding

New info:

I contacted xFinity to discuss the options and lodge a formal complaint. I was offered a free video service for a month and a bill credit as compensation for my "inconvenience." I graciously accepted with assurances that my complaint would be heard and that my free month of service would not create a new reoccurring fee on my bill. Many times it was stated my bill would not change. Also, when I complained on the call that the video service does not offer anything I want, I was told that I had to wait for my account to refresh to see all the benefits.

At the end of that month of free service, my bill came in with an extra $16 above my previous bill. I looked into it and found out the credit I received was to offset the cost of the free service I was offered. This free service is free to all customers ALL the time, not just for one month as the original associate stated. Somehow while adding an always free service, the associate caused me to be billed for it. Also, by receiving the service the federal government allows local TV stations to charge a fee because I am not watching over the air.

This cause the extra $15 reoccurring service fee. But it also added a $13 reoccurring fee that I was told would not be added to my bill. I only received a $12 credit.

As I was talking to the new associate about removing the charges and resetting my account, I started experiencing new issues with my internet, including my modem settings being changed, all the wired and wireless connections in the house being "Paused" which prevented my from connecting to the modem and my account from inside my network. Luckily I already had xFinity xFi app and xFinity Authenticator on my phone so connecting to my modem and account from an outside line was quick and easy. After taking control of my account and physically disconnecting my modem from xFinity, I was able to start using the web services again through my phone.

While still on the phone I changed my password with a random generator and reconnected my modem. I was able to initially connect my computers to the modem, but once the modem connected to xFinity I started to lose control again as all my connections were being "Paused." I again physically disconnected my modem, created a new random password, and demanded explanation and was told that it was likely a software issue in the modem. I asked for tech support.

This happened on a Monday evening with Advanced Security active. I say this because of what tech support said as an immediate answer to my call: "We show in your log that a malicious actor has recently attempted to connect to your Hopper device. If they have gained control of your Hopper device, they would be able to do this type of attack." My response: "I know someone had attempted 2 days ago (Saturday) to connect to my satellite dish and I get that log every 3 to 4 days because people automatically port scan xFinity IP addresses. I have viewed the logs and the traffic on my internal network and nobody has been able to connect to the Hopper Dish Network satellite device because they try the wrong protocols for that port and then Advanced Security disconnects them."

She continued to try to persuade me that she knew more than I about this one incident until I finally got her to check the back logs for the last 3 months (71 reoccurring attempts on the Hopper, 11 other attempts that are on non-standard ports, 0 attempts on my web server port, and only 2 attempts on my game server port) and also reminded her that she is telling me that Advanced Security doesn't work. She then realized I was right.

As for the problems that popped up on my network when I started this hour long call for my credit, they all stopped immediately when I told her that she was confirming Advanced Security doesn't work.

I did get a log of some new IP's during that time, but they were all "Stealthed" and I have no need to persue it. I also never received a notification from Advanced Security that these IP's attempted to pass the firewall on any ports, let alone the ports that I have forwarded. I still get port-scanned for the Hopper device, but that only happens less than once a week now, and I have not been port-scanned on any of my other forwarded ports since. 2 weeks so far.