Community Forum

IP Reputation attack

Highlighted
Frequent Visitor

IP Reputation attack

I have a Seagate Harddrive attched to my Xfi that contains music for my Sonos system also connected. Starting today I have recieved 35 threat messages that says Comcast has blocked malicious from China, Moldova and the US. All within the past 3 hours. I click help me fix it and it says to restart the device, which I did. I also restarted the xFi. It also says to update the firmwear, which on the Seagate says is up to date and then to isolate it. I turned it off, but now cannot listed to music. What going on here? How is my external HD being attacked?

Highlighted
Official Employee

Re: IP Reputation attack

ProfessorHawk -- Thanks for reaching out.  I reviewed your other post regarding this issue.  Can you please clarify - did you have any Port Forwards set up?  (If so, did you remove them?)

You can check your Port Forwards in xFi, by navigating to the Network Tab > Advanced Settings > Port Forwarding.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
Frequent Visitor

Re: IP Reputation attack

I spoke toan Xfinity network "expert" and was told all pop-up from the Xfinity app as well as notifications on the xfinity.com are false and should be ignored. She had be delete the app from my phone and reinstall and told to no longer visit this page. Meanwhile the attacks keep coming.

Highlighted
Frequent Visitor

Re: IP Reputation attack

I don't have any port forwards. When I click on it I only get the add option.

Highlighted
Frequent Visitor

Re: IP Reputation attack

I'm getting a big runaround. I was eventually sent to The Customer Security Assurance who said I need to contact Cisco to get the firewall logs off of my xFi modem. I called the number that was given 888-553-2447 and Cisco says I need a Cisco ID, but Comcast didn't give me one. Isn't there anyone at Comcast that can help me?

Highlighted
Frequent Visitor

How can I get help?

I spent 6 hours yesterday getting the run around from one person and department to another regarding "Items That Need Attention" notifications from xFi advanced. I was even transfered to Cisco who wanted to know why I was calling becasue I'm not a Cisco customer. I requested to speak with a supervisor and was told none are available. It is now day two and I'm still getting contant notifications about IP Reputation attacks. They are non-stop. Is there anyone at Comcast that can help. 

Highlighted
Diamond Problem Solver

Re: How can I get help?

Keep working with the Official Employee that’s helping you on your original post.

I am a Retired Official Comcast Employee
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark a post as the Best Answer!
Highlighted
Official Employee

Re: IP Reputation attack

ProfessorHawk -- Thank you for the additional context.  I apologize for the frustration.  I will review your account & let you know when I have additional information.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
Frequent Visitor

Re: IP Reputation attack

I have now had 153 IP Reputation Attacks and 34 Unauthorized Access Attempts and they keep coming. All require action on my part but tell me what I can do other than restart my device, update my software/firmware, or Quarantine my device. This doesn't help, how can I get the attacks to stop? Is there a way to change my IP address so that whover is attacking will lose me?

Highlighted
Official Employee

Re: IP Reputation attack

ProfessorHawk -- Thank you for your patience.  I've been working with engineering to take a closer look.  I'd like to send you a Private Message with additional information.  

Private messages can be accessed by clicking on the envelope icon in the upper right hand corner of any forums page.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: IP Reputation attack

No No no - I have been following this thread because I am experiencing some of the same things. You do not do the community any good by taking this off line without at least posting a valid solution . Two of these (alleged) "malicious IP's" belong to Censys which advertises "Get a current view of all of your organization's assets so you can proactively prevent targeted attacks and investigate suspicious activity."

 

So are these just random port scans or false positives? I started getting these the day I enabled a Port Forward for RDP and I promptly removed it but I am still getting these same messages from "Advanced Security". Its not very advanced when it literally gives you NO information about the attack. The least it could do is provide the Port number

image.PNGcen.PNG

Highlighted
New Poster

Re: IP Reputation attack

The solution needs to be public so we can fix it without the run around
Highlighted
New Poster

Re: IP Reputation attack

This needs to be addressed publicly as many people are experiencing the exact same issues. My dish is no longer able to update because of these. I have reset my dish and restarted my modem as well. I "allowed " the IP addresses that the app would let me, but mostly the app doesn't allow you to do much. It offers "fixes" but doesn't give details on how to do these. We are are also suddenly recieving these alerts for a few of the cell phones in the house as well. I'm getting close to the poi t of disabling the security now that I have googled how to do that. I've had Xfinity for about 6 months now, and never had these issues until 2 nights ago and I'm already fed up with it. Please post a solution publicly.
Highlighted
Frequent Visitor

Re: IP Reputation attack

I have not had any resolution from Comcast. All of these posts have been ignored and all calls to the company have been fruitless. My system does not appear to be compromised so I just logged by cell phone out from my network so I wouldn't get any more notifications. I'm getting hundreds per day.

Highlighted
Regular Visitor

Re: IP Reputation attack

this might be too late or even not the solution for you, but i was expierencing this very same thing and fixed it myself. I think my pc was sending out my ip somewhere to let others know my pc was online was my main thinking in solving this problem. I looked at the firewall exemptions, or "allow app through the firewall", and turned off all unnecessary app for this and havnt had any problems since.. although I didnt try to turn them back on one at a time to figure out which of these was the culprit, i think it was an sdk app I got for the kinect camera,...in my case. hope you figure it out and maybe this helps a bit.

 

Highlighted
Expert

Re: IP Reputation attack

Just disable the Xfi Advanced Security feature for now as a workaround. It's buggy ! And there is currently no way for an end user to whitelist anything;

 

https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
Regular Visitor

Re: IP Reputation attack

hey was just trying to help... and yes he could ignore it and still have attacks behind the scenes or people trying to get into his pc, yes that is an option too. 

Highlighted
Frequent Visitor

Re: IP Reputation attack

Thanks to everyone who has tried to help. I have gone round and round with Comcast on this with nothing to show for, (big surprise huh?). Becasue of the lack of technical assistance, we will be going back to our Linksys Router and getting rid of the piece of garbage xFi router. We have an appointment to have ethernet run throughout and only use Comcast for the internet access. Substandard equipment, serviced by substandard technicians with non-english speaking customer service all for $238/month. What's not to like?

Highlighted
Frequent Visitor

Re: IP Reputation attack

Sorry to see you go. In spite of all this I really do like the Xfi system for its total integration. I just use an additional router, like the Linksys you are talking about, to create an additional , more secure subnet. I feel as a community we need to keep pushing Comcast / Xfinity to make improvements to their system and be transparent on relevent issues