How to Go Insane Using Comcast

It's simple to go insane when using Comcast as your cable modem provider.

  1. Watch as Comcast-provided cable modem goes dead. (Not insane yet).

  2. Swap out cable modem at store. (Not insane yet).

  3. Plug in cable modem and watch router receive IP address. (Not insane yet. Happy, actually.)

  4. Notice machines begin trying to reach 1.1.1.1 when using TCP. (Slight insanity.)

  5. Observe that UDP traffic like NTP updates work properly. (Higher insanity level.)

  6. Notice that your cannot ping your default gateway. (Insane. Period.)


Apparently when my new cable modem is put on the network, it was given 68.87.96.204 (CPSDNS.selfprov.pa.comcast.net) as its DNS server. This is a really amazing system. Check it out.

orr:/home/richard$ nslookup www.google.com 68.87.96.204
Server:         68.87.96.204
Address:        68.87.96.204#53

Name:   www.google.com
Address: 1.1.1.1

orr:/home/richard$ nslookup www.taosecurity.com 68.87.96.204
Server:         68.87.96.204
Address:        68.87.96.204#53

Name:   www.taosecurity.com
Address: 68.87.96.200

The first 1.1.1.1 IP address is reserved. The second 68.87.96.200 belongs to act02.selfprov.pa.comcast.net, which goes to a www.comcast.net Web server. Apparently I was supposed to not use a site like Google as my home page, but something else that would bring me to the Comcast site so I could "self-provision" my new cable modem.

So why could I update time with NTP? Check out the wonders of 68.87.96.204:

orr:/home/richard$ nslookup clock.isc.org 68.87.96.204
Server:         68.87.96.204
Address:        68.87.96.204#53

Name:   clock.isc.org
Address: 68.87.96.200

That's not correct.

orr:/home/richard$ nslookup clock.isc.org 209.98.98.98
Server:         209.98.98.98
Address:        209.98.98.98#53

Non-authoritative answer:
Name:   clock.isc.org
Address: 204.152.184.72

But guess what -- 68.87.96.200 is running a time server.

orr:/home/richard$ sudo ntpdate 68.87.96.200
Looking for host 68.87.96.200 and service ntp
host found : act02.selfprov.pa.comcast.net
 5 May 20:56:17 ntpdate[874]: adjust time server 68.87.96.200 offset 0.016223 sec

Hence, my insanity. Some applications worked (NTP), others (TCP to certain Web sites) did not. Good grief. By the way, my equipment came with zero setup instructions. I should have just called tech support earlier and said "the Internet is broken," rather than network troubleshoot!

Comments

Anonymous said…
Rich,

Gotta love Comcast - NOT! I'm connected to the Dale City 02 node, but in 1 week only 3 folks connected to my OpenBSD firewall running spamd.

I actually went out and bought a cable modem - I picked up the cheapest (biggest rebate) at BestBuy. I don't remember what the ROI was, but I think it paid for itself if it lasted a couple of months longer than the warranty period.

I see Comcast the way I saw Deutsche Telekom while in Germany, anything I can do to avoid paying them money, I'll do. Feel the same way about Verizon!
10:44 PM
Anonymous said…
I feel your pain, I had attempted to get comcast installed 2 Fridays ago.. because my GF decided to spend the day painting the new house (she has Fridays off). I intentially setup comcast and directv techs to do the install at the same time, go figure directv show up at 8, comcast show up 5 hours later at 1:30 long after they were supposed to be there.

Anyways, long story short, the tech could not provision the linksys cable modem I bought, (being lazy, who knows), he said we need to call their support line. 8 calls later, and Sunday evening (all I could do is hit comcast sites during that period), 7 different answers why they could not provision the modem, 5 of those excuses stated that 1 or another system was hosed and is down, 1 stating that it was maint period (yes, all ISP's do their maint on weekends during peak usage [sarcasm]), and 1 totally clueless tech who I think I made cry. Eventually, I got a hold of someone who stated there is nothing wrong with the system, except a tie in, he would have to do the provisioning manually, and run up two floors, puts me on hold, comes back 5 min later, its working... Only reason I use them, I am too far out for DSL.
8:26 AM
Richard Bejtlich said…
I am in the same boat with DSL. Twice I tried to get a line and both times was told there was no more room in the closet. I was even going to just get a 128k line, since I was so tired of using Comcast. Argh.
9:08 AM
gmgpt said…
Tech support isnt that bad... @ least not spanish support, which is far better than english...
1:51 AM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti...
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technica...
Read more