pantz.org banner
Getting Comcast to unblock a port on your cable modem
Posted on 01-25-2010 03:55:09 UTC | Updated on 01-25-2010 04:05:04 UTC
Section: /hardware/modem/ | Permanent Link

Comcast leaves port 25 (usually SMTP) open on all it's cable modems by default. If Comcast detects "virus-like activity" coming from your cable modem it will shut down port 25 on your modem by sending a modified boot file to it. This will close port 25 to all incoming and out going traffic. You will then recieve the following email to your primary Comcast email account.

Customer Security Assurance Notice

Dear Comcast Customer:

Action Taken:
In an effort to help prevent spam and ensure the security of
our network and customers, Comcast has modified your modem's
settings to prevent the sending of email on port 25. That is
the default port email programs such as Outlook Express use
to send email. We've taken this action because we may have
detected virus-like activity from your modem or received
reports from other email providers that mail from your
modem generated complaints from their users. Please read
this message to understand how this action may impact your
ability to send email and what you should do next.

Mailing abuse@comcast.net will not get the block removed. They have a script that answers those emails. Calling the normal 1-800-COM-CAST number will not help. The customer service reps don't have the knowledge or access to modify the boot file of the cable modem. At least most of them don't. If you can find one that knows how to change the boot file on your cable modem the more power to you.

The only way to get the port unblocked is to call Comcast Customer Security Assurance at 1-856-317-7272. You will need to ask the technical rep to remove the block for you. They will do it and warn you that it can happen again at any time. Then they will suggest the more expensive business class account so that this will not happen again.

To try to keep this from happening again I have blocked port 25 outgoing on my firewall. Incoming is still open for any mail servers that I need to test (I know Comcast terms of service don't allow servers blah blah blah...). I'm still trying to figure out if some program sent mail out on 25 that I did not know about (not any more) or if mail coming in on 25 triggered it.

I would not mind if they put a block in port 25 going out of all the cable modems. That would keep all the zombies from sending spam out of their network. But blocking port 25 for incoming traffic is just stupid.

Even if someone ran an open mail relay on port 25 on their machine it could not send any mail out because of the port 25 would be blocked going out of the modem. Spam zombies decapitated. My only guess that they don't do this is the cable modems can only block a port in and out or nothing at all. When I think filtering I think in terms of stateful filtering. I guess cable modems can't do stateful filtering. It's probably cheaper ($$ and resources) and easier to not keep state and just straight block the port.

If they have all these machines looking for "virus-like activity" on their networks then put in a firewall upstream and just block all port 25 going out. If you have the resources to scan all the activity on port 25 to look for spam you have the resources to just do a easy block on 25 out. No scanning involved. O well.

Reddit!

Related stories


RSS Feed RSS feed logo

About


3com

3ware

alsa

alsactl

alsamixer

amd

android

apache

areca

arm

ati

auditd

awk

badblocks

bash

bind

bios

bonnie

cable

carp

cat5

cdrom

cellphone

centos

chart

chrome

chromebook

cifs

cisco

cloudera

comcast

commands

comodo

compiz-fusion

corsair

cpufreq

cpufrequtils

cpuspeed

cron

crontab

crossover

cu

cups

cvs

database

dbus

dd

dd_rescue

ddclient

debian

decimal

dhclient

dhcp

diagnostic

diskexplorer

disks

dkim

dns

dos

dovecot

drac

dsniff

dvdauthor

e-mail

echo

editor

emerald

ethernet

expect

ext3

ext4

fat32

fedora

fetchmail

fiber

filesystems

firefox

firewall

flac

flexlm

floppy

flowtools

fonts

format

freebsd

ftp

gdm

gmail

gnome

google

greasemonkey

greylisting

growisofs

grub

hacking

hadoop

harddrive

hba

hex

hfsc

html

html5

http

https

hulu

idl

ie

ilo

intel

ios

iperf

ipmi

iptables

ipv6

irix

javascript

kde

kernel

kickstart

kmail

kprinter

krecord

kubuntu

kvm

lame

ldap

linux

logfile

lp

lpq

lpr

maradns

matlab

memory

mencoder

mhdd

mkinitrd

mkisofs

moinmoin

motherboard

mouse

movemail

mplayer

multitail

mutt

myodbc

mysql

mythtv

nagios

nameserver

netflix

netflow

nginx

nic

ntfs

ntp

nvidia

odbc

openbsd

openntpd

openoffice

openssh

openssl

openvpn

opteron

parted

partimage

patch

perl

pf

pfflowd

pfsync

photorec

php

pop3

pop3s

ports

postfix

power

procmail

proftpd

proxy

pulseaudio

putty

pxe

python

qemu

r-studio

raid

recovery

redhat

router

rpc

rsync

ruby

saltstack

samba

schedule

screen

scsi

seagate

seatools

sed

sendmail

sgi

shell

siw

smtp

snort

solaris

soundcard

sox

spam

spamd

spf

spotify

sql

sqlite

squid

srs

ssh

ssh.com

ssl

su

subnet

subversion

sudo

sun

supermicro

switches

symbols

syslinux

syslog

systemd

systemrescuecd

t1

tcpip

tcpwrappers

telnet

terminal

testdisk

tftp

thttpd

thunderbird

timezone

ting

tls

tools

tr

trac

tuning

tunnel

ubuntu

unbound

vi

vpn

wget

wiki

windows

windowsxp

wireless

wpa_supplicant

x

xauth

xfree86

xfs

xinearama

xmms

youtube

zdump

zeromq

zic

zlib