Hi, I'm hoping I can get some traction on a troubling issue that I've found with the internet side of my service. I've called 4 separate times and been lied to and hung up on or transfered to nothing every time I call. They had no idea what I'm talking about as they handle problems from the modem down. But I am at my tipping point and very angry that I cant get a hold of someone that knows what I'm talking about. This issue most likely is not only affecting me but every other customer on my subnet.
I'll get to the problem but let me explain my setup.
I have my own modem and have been for quite some time and just in the last couple weeks upgraded it to a 3.1 compatible modem that I would need for gigabit. This issue has persisted through the modem upgrade. Behind the modem I have a pfSense firewall and an ASUS wireless access point behind pfsense. So I have no comcast equipment. I'm using an ip range in 192.168. with a netmask of /24. So pretty standard.
A few weeks ago, looking through ntopng (https://www.ntop.org/products/traffic-analysis/ntop/)
I discovered networks being seen on my lan side that I didn't recognize such as (e.g. 172.16.100.1/24 and 10.50.1.1/22 along with 192.168 spaces well outside of mine). Drilling into those I see anywhere from 1 to 8 hosts on each network. I assumed this was something on my network that was handing these out so I went to find them. Then I found they all had my routers MAC address. I then did a traceroute to a few of them and I found that each of them was routing to an IP out on the internet. Me not thinking this was possible figured it had to a VPN or something I had running but then recalled I was seeing this on the gateway itself which wouldn't see local IP's within a VPN tunnel. Here is one of those traceroutes. My internet address is in 73.83.x.x BTW and the local IP in this is not in my local address space.
(IP's obscured except for the one that shouldn't exist)
Tracing route to 192.168.86.242 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.x.x <- My router
2 10 ms 10 ms 10 ms 96.xx.x.77 <- Another IP on Comcast in the same area. Appears to be a customer.
It was at this point I dug around trying to find any explanation. I bought the new modem (I was planning on getting it anyway) and this still occurred. So this last Saturday I called and tried to get to someone at Comcast that could help me explain this. I got nowhere and was told that my ticket would be escalated and I would get a call back later that day or today (Monday).
After that call, I was able to get some more information about it so I called back today and I was told my ticket was closed on Sat right after they hung up and left no notes. This person said he would create and new ticket and transfer me to the advanced router or something team and when it finally went through it wanted a ticket number, which I didn't have and hung up on me. I then called back, went through again the whole speal that it wasn't a problem with my wireless or my modem that it was an internet problem. She then transfered me again to what sounded like the same person who apparently closed my ticket on Saturday (hispanic man named Logan) and he then gave me the run around. He wanted my full name again, which I gave. I then explained the issue yet again and he interupted me for my full account number. What? He said he had none of that information. I gave it to him twice and he hung up on me.
Now the issue that I've pieced together over the weekend. Not only do I have local addresses within my LAN going to another comcast address, I've had my gateway (for my 73.83.x.x/23 comcast network given out to my router) hijacked or something. It's ip as given to me is 73.83.x.1. However after looking at my gateway logs (logs in pfsense specifically for my internet facing gateway) it was filled with unable to find a route to the 73.83.x.1 gateway. So I ran a traceroute from the firewall out to google and other random sites. In every instance that 96. ip was the first hop. Not once did I see anything going through the proper gateway. I've reset my pfsense and checked it again with nothing else connected and a fresh install and this persists. Another thing I noticed and it just might just be how it is, is that I can see every other customer of Comcast on my subnet like I could 20 years ago when it was just a big NAT. I didn't think I could see laterally over this interface.
So it appears that somehow this 96.x.x.x IP has hijacked my gateway and is routing all of my and I'd assume everyone elses on my segment through it somehow. I'd love for someone to give me an explanation for this.
So I ran a traceroute from the firewall out to google and other random sites.
In every instance that 96. ip was the first hop.
So it appears that somehow this 96.x.x.x IP has hijacked my gateway and is routing all of my and I'd assume everyone elses on my segment through it somehow.
FWIW, the 96.xxx is the typical IP address of the Comcast system CMTS (Cable Modem Termination System) / WAN default gateway.
As stated, that is your WAN default gateway IP address, not your DHCP assigned public IP address. It's two different things.
Guess we are not on the same page. Sorry I couldn't help with this. Best of luck with it !!
Sorry if I'm coming off wrong, I know you're just trying to help. I'm just frustrated that I can't get an answer from Comcast. I'm sure it's just something that's misconfigured somewhere but this also could be malicious, which considering I work from home on occasion, needs clarification. I'm going to borrow another router from a friend and see what happens with a new IP and go from there.
If anyone understands what I'm saying and thinks something like this wouldn't happen (like I was before this), here's a great thread with the exact same thing that is occuring on my LAN.