Re: Looking for contact within Comcast Xfinity

[Jawaid Bazyar <jbazyar () verobroadband com>]

Comcast also molests SIP.

From: NANOG <nanog-bounces+jbazyar=verobroadband.com () nanog org> on behalf of "Aaron C. de Bruyn via NANOG" <nanog () 
nanog org>
Reply-To: "Aaron C. de Bruyn" <aaron () heyaaron com>
Date: Tuesday, August 23, 2022 at 7:47 AM
To: Michael Brown <michael () supermathie net>
Cc: North American Network Operators' Group <nanog () nanog org>
Subject: Re: Looking for contact within Comcast Xfinity

I ran into this a few days ago.

Both the random agent I talked to and our sales rep said they can't disable the security edge service without 
increasing the cost of service for all of our accounts.

Apparently it costs more to not molest DNS traffic leaving your network.

They can temporarily disable it, but they said it will turn back on when the modem is rebooted.

It seems to only affect TCP and UDP port 53.

I fixed it by setting all of our routers to use DoH and DoT exclusively.  They can't intercept and molest that traffic.

-A



On Tue, Aug 23, 2022, 05:39 Michael Brown <michael () supermathie net<mailto:michael () supermathie net>> wrote:
If anyone from Comcast Xfinity is on this list, can you please reach out
to me?

We're getting increased reports of xFi Advanced Security customers being
unable to access hosted sites and attempting to open tickets has had no
success.

Thanks,

Michael Brown