Community Forum

Reputation Attack ip

Highlighted
New Poster

Reputation Attack ip

I noticed I had an alert of a reputation attack on my in home camera and my iPhone. Has anyone else had this experience?? In comments it noted RUSSIA???? What does this mean and should I be concerned????
Highlighted
Expert

Re: Reputation Attack ip

https://forums.xfinity.com/t5/Xfinity-xFi/IP-Reputation-Attack/m-p/3200594#M9723


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
New Poster

Re: Reputation Attack ip

I recently received a new modem and had the same alert immediately after the upgrade. I had no issue with the older modem. It turns out Comcast leaves UPnP enabled on the new modems by default. You can't disable it via their iPhone application either. This is a concearn because it opens you up to being hacked and should not be ignored! Hackers can even install firmware remotely on your devices or capture video from your camera. It gives hackers direct access to UPnP enabled devices. And simply disabling UPnP in the device in some cases doesn't actually turn it off. For example some D-Link cameras will still open UPnP ports on routers upon request of hackers even if you disable UPnP on the camera! That's exactly what I saw with the new router. 

 

Open a web browser at home and enter the IP address of you cable modem. Log in via the web browser. Log in may be very slow. Go to "Troubleshooting" and select "logs" for the last month. You should see a number of ports being opened and closed even if you have no ports forwarded! If so you have a problem!

 

Luckily it is easy to fix. Click on "Advanced" and select "Device Discovery." Select "disable" next to "UPnP" and then click "Save." Disabling UPnP on a router is security 101 and it should have never been enabled by default. If you did this correctly the next time you log in you should see no ports opening or closing in the logs. 

 

Stay safe!

 

Roland