Community Forum

IP reputation attacks after Advanced Security was rolled out

Highlighted
Frequent Visitor

IP reputation attacks after Advanced Security was rolled out

Last week I received the automatic upgrade to Advanced Security that was rolled out to many customers. Since then I have been getting several XFi notifications about an IP reputation attack (similar to another customer who recently posted here) coming from Russia and Germany via our Dish Network hopper. They were all blocked, but I’d like to know how to prevent it. I called Dish and they were unable to help. I called Xfinity tech support and was given a couple of options, none of which resolved it. Here is what I tried:

1. Restarted the Dish receiver AND my Xfinity Gateway modem.
2. Changed my network SSID and password.
3. Checked for open ports through XFi. There were none on any of my devices.

I’m also wondering if these attempted attacks have been going on for a while, and only now are we becoming aware of them since getting Advanced Security. It’s nice to know AS is blocking the intrusions but also unnerving to get daily notifications about them. Saying “Action required! Danger! Threats!...”

I know I’m not the only one having these issues. Any suggestions would be greatly appreciated. Thanks!
Frequent Visitor

Re: IP reputation attacks after Advanced Security was rolled out

Also wanted to point out that I paused my device (hopper) that is connected to my home WiFi. That didn’t help. I still get notifications about the attempted attacks.
Highlighted
Official Employee

Re: IP reputation attacks after Advanced Security was rolled out

jwmissionbay -- I'm happy to take a look at your account to review and can let you know when I have additional information.  Thank you outlining the steps you have already taken.  You mentioned pausing the device, but still receiving notifications -- do you know what time you had paused the device?  


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
Frequent Visitor

Re: IP reputation attacks after Advanced Security was rolled out

I paused the device on the evening of Jan 13, and it stayed paused, however we still got a notification about an attempted threat on the afternoon of the 14th. Advanced Security blocked it.
Highlighted
Frequent Visitor

Re: IP reputation attacks after Advanced Security was rolled out

The attacks are still happening from all over Europe. The only way to stop them is by pausing my Dish Hopper on our WiFi network.. But I don’t want to do that because we watch Netflix through it and Dish needs to be able to push and retrieve updates. Another customer on this forum is having similar issues, and like him, I’m wondering how to stop these attacks and if you have any new info to share from your engineers. Also I assume this has been happening a while and we’re just now learning about it since Advanced Security was rolled out? Please advise...thank you.
Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

Hello! We are experiencing the same thing with multiple threats over the past 48 hours. Part of the recommended process to “fix” the problem is to close open ports on my Dish device. I can’t find where I would do this or know why there are multiple ports open. If you are able to explain what is happening and how I can fix it so we can continue to use Dish and WiFi together, I would be appreciative.
Highlighted
Frequent Visitor

Re: IP reputation attacks after Advanced Security was rolled out

Hi KJMoss, unfortunately we weren’t able to figure out the port issue on our Hopper. Dish customer service said there weren’t any open ports on our system. For now, we just have to disable WiFi on the Hopper when we don’t need it (to avoid the attacks and notifications) then temporarily enable it when we want to watch Netflix. It doesn’t look like there is much we can do at the moment.
Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

Well, poo. Thanks for your help. I guess we will just turn everything off before bed each night since most of our attacks seem to be happening between 1am and 4am.
Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

I am having the same problem. If the Hopper 2 is connected to the gateway then the hopper will freeze whenever there is a malicious threat, sometimes several times a day, and I have to reset the Hopper. I have had Dish technical support working both remotely and through 2 home visits but it is still happening. Surely there must be a solution!

Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

I am experiencing similar issues regarding my Hopper device and now my Hopper is not updating properly and I have lost the ability to view my recordings in the DVR mode. Dish said that my security on my WiFi is blocking their attempts to make updates.
I keep getting threat notifications in the early hours of the morning and it’s been happening all week now. I’m not happy
Highlighted
Frequent Visitor

Re: IP reputation attacks after Advanced Security was rolled out

I ended up disabling advanced security on our WiFi. Problem solved (well, not really...) I never heard a word from Comcast tech support.
Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

I haven’t heard anything from Comcast/Xfinity at all. I’m seriously thinking about cancelling my service with them! Appalling!
Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

Now the internet will not connect to my Dish Hopper at all!
Highlighted
Expert

Re: IP reputation attacks after Advanced Security was rolled out

Try disabling the Xfi Advanced security and see;

 

https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security

 



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

I started getting these types of notifications a few nights ago. I ran the IP address and it's Echostar aka Dish Network. I assume it's attempting updates to my Hopper. It's the same first 8 of the IP address but the last digits are different with the same port. I can individually allow each IP for 30 days but can't seem to find a way to whitelist the whole IP so that updates for Dish can happen as they should. Additionally, the "fix" for this is a joke. There's no directions, just a list of three different things to do without instructions for how to do them.

 

I hate to turn off the Advanced Security altogether but that may be what happens if I can't find a suitable solution to this. It's almost as if Comcast is doing this on purpose? They should make it easier for us to whitelist specific IPs permanently.

Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

Hi All,

I'm a Dish Employee with Xfinity and getting same messages on my Hopper.

Will see if I can connect with software group and get a better answer.

I am also thinking its the nightly pay-per-view check or maybe this is software downloads that are pinging the ports.

We do have a european SW group so maybe these checks do come from Europe.

Again...no promises but maybe I can reach someone from inside.

thanks.

 

Highlighted
Frequent Visitor

Re: IP reputation attacks after Advanced Security was rolled out

Great to hear, thanks for offering to look into it!
Highlighted
Official Employee

Re: IP reputation attacks after Advanced Security was rolled out

With the Advanced Security feature enabled, whenever a threat is detected, it’s automatically blocked and you are notified in xFi and given tips on how to resolve.  You are also given the option to Allow Access for certain types of threats.  With regard to the issues raised on this thread related to the DISH devices -- at this time, if you have determined that the activity is legitimate, you can allow access via the xFi App for a certain amount of time. Thank you for raising these issues as we are able to pass this feedback and information to the right teams to look into possible changes or enhancements to this feature.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

I wanted to point out that this security issues does NOT allow you to allow access, it is not an option. 

Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

were you able to come up with any information?

 

JC

IT GUY

Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

Odd - I get the same message on my network disk from which I stream video.  Have multiple devices but this is the only one that gets the "ip reputation" msg. Think comcast doesnt like streaming video.

Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

I have been getting this message for about a month now. They say they are coming from my Hopper 3 BR, which I assume is one of my bedrooms. I do have a question though. If these threat are being blocked by Comcast, why not just let them continue to do so. Now I must say that although my issues as far as my guide updating, or not being able to DVR, does not happen. I may from time to time, as I am watching on Demand have the show drop and have to go back into the DVR to start it again.

Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

So you've verified that all of your hoppers are updating appropriately? I ask because you stated you aren't sure which one is Hopper3. I, personally, have an issue with the fact that I can't whitelist an IP permanently. Why should we have to do it every 30 days and/or not be able to allow all ports from an address rather than have to do each one individually?
Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

 

Sue,

Your knowdlege is far supoerior to mine.I 'm an old guy that has basic knowledge of such things. Everything works here with  the exception of what I have mentioned. Again I ask, if Comcast is blocking these threats, why not just let them?

Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

Because if I turn it on, I'm getting a message every day that it's blocked Dish's attempt to connect with my Hopper. Every day I hit the allow for 30 days button only to get a new "threat" message the next day. After four consecutive days, and no relevent information from Comcast about allowing that IP address permanently, I disabled it. I was also getting messages about "threats" from websites that I know are safe. I have a firewall and everything set up on the router and I'm not concerned about the false "threats" that it's catching and warning me about. Until they have settings that will allow us to create our own whitelist of allowed IPs, I see no reason to opt into this extra service. If you're happy with it, there's no reason for you to disable it.

Highlighted
New Poster

Re: IP reputation attacks after Advanced Security was rolled out

Any word back on a fix for this?