Comcast Customer Owned Modem Firmware : WAS : Xfi Advances Security (comcast)

[Tom Beecher <beecher () beecher cc>]

Jason-

I have a sidebar question here.

I came across the AQM paper you and others recently published. (
https://arxiv.org/pdf/2107.13968.pdf ) In that paper, the following is
stated :

When a customer purchases their own cable modem, they are responsible for
> administering it, updating the software, configuring it, replacing it if it
> fails, and so on. These modems are generally referred to as Consumer Owned
> And Managed (COAM) devices.



> An important distinction between leased and COAM modems is support for the
> operating firmware. For COAM devices, the modem’s operating firmware is
> provided by the modem’s manufacturer, who controls the feature set, bug
> fixes, and firmware release schedule (to the extent that there even are any
> post-sale software updates).


Does Comcast actually allow customers who own their own modems full
management of the modem firmware? As far as I have been aware since my time
at Adelphia 20-odd years ago, that has never been allowed by provider; all
users of a given model had the same firmware enforced, customer owned or
leased didn't matter.

On Mon, Sep 13, 2021 at 5:58 PM Livingood, Jason via NANOG <nanog () nanog org>
wrote:
> On 9/13/21, 12:02, "Owen DeLong" <owen () delong com> wrote:
> > Yes, but it’s tragically opt-out instead of opt-in as it should be.
>
> It is not a default for an Internet access service. It comes bundled as
one of several features in an optional add on service. See
https://www.xfinity.com/learn/internet-service/modems-and-routers for
details. This is targeted at the average consumer, particularly those that
may want parental controls, mesh WiFi, a voice port, and so on - so not
really targeted at NANOG list subs like us. ;-) That said, I have an XB7
modem at home and really like it a lot - especially the new AQM feature
that dramatically lowered working latency.
> > That means that anyone whose site happens to get miscategorized by them
gets the added costs of dealing with the user complaints instead of Comcast
having to bear the costs of their error.
> As my other reply noted, this service uses a bunch of 3rd party services
and it is those 3rd parties that maintain the lists (a la anti-spam and
anti-phishing email list vendors). So if an IP/FQDN/URL happens to be on
"our" list it is very likely getting filtered/blocked in a lot of network
places because it is on a well-known independent list.
> BUT, how do we know that was even the case here? Do we have a traceroute
or a screen shot of an error or block message? We seem to have concluded it
was blocked by a content filter but what technical evidence do we have
(that can help troubleshoot)? I know you are not the OP (it is Chris) - but
I'd love to know more technical detail and I am in communication off-list
with the OP (along with my colleague Tony Tauber, who was the first to
reach out to Chris 1:1).
> Jason