pantz.org banner
Getting Comcast to unblock a port on your cable modem
Posted on 01-25-2010 03:55:09 UTC | Updated on 01-25-2010 04:05:04 UTC
Section: /hardware/modem/ | Permanent Link

Comcast leaves port 25 (usually SMTP) open on all it's cable modems by default. If Comcast detects "virus-like activity" coming from your cable modem it will shut down port 25 on your modem by sending a modified boot file to it. This will close port 25 to all incoming and out going traffic. You will then recieve the following email to your primary Comcast email account.

Customer Security Assurance Notice

Dear Comcast Customer:

Action Taken:
In an effort to help prevent spam and ensure the security of
our network and customers, Comcast has modified your modem's
settings to prevent the sending of email on port 25. That is
the default port email programs such as Outlook Express use
to send email. We've taken this action because we may have
detected virus-like activity from your modem or received
reports from other email providers that mail from your
modem generated complaints from their users. Please read
this message to understand how this action may impact your
ability to send email and what you should do next.

Mailing abuse@comcast.net will not get the block removed. They have a script that answers those emails. Calling the normal 1-800-COM-CAST number will not help. The customer service reps don't have the knowledge or access to modify the boot file of the cable modem. At least most of them don't. If you can find one that knows how to change the boot file on your cable modem the more power to you.

The only way to get the port unblocked is to call Comcast Customer Security Assurance at 1-856-317-7272. You will need to ask the technical rep to remove the block for you. They will do it and warn you that it can happen again at any time. Then they will suggest the more expensive business class account so that this will not happen again.

To try to keep this from happening again I have blocked port 25 outgoing on my firewall. Incoming is still open for any mail servers that I need to test (I know Comcast terms of service don't allow servers blah blah blah...). I'm still trying to figure out if some program sent mail out on 25 that I did not know about (not any more) or if mail coming in on 25 triggered it.

I would not mind if they put a block in port 25 going out of all the cable modems. That would keep all the zombies from sending spam out of their network. But blocking port 25 for incoming traffic is just stupid.

Even if someone ran an open mail relay on port 25 on their machine it could not send any mail out because of the port 25 would be blocked going out of the modem. Spam zombies decapitated. My only guess that they don't do this is the cable modems can only block a port in and out or nothing at all. When I think filtering I think in terms of stateful filtering. I guess cable modems can't do stateful filtering. It's probably cheaper ($$ and resources) and easier to not keep state and just straight block the port.

If they have all these machines looking for "virus-like activity" on their networks then put in a firewall upstream and just block all port 25 going out. If you have the resources to scan all the activity on port 25 to look for spam you have the resources to just do a easy block on 25 out. No scanning involved. O well.

Del.icio.us! | Digg Me! | Reddit!

Related stories


RSS Feed RSS feed logo
About


3com
3ware
alsa
alsactl
alsamixer
amd
android
apache
areca
arm
ati
auditd
awk
badblocks
bash
bind
bios
bonnie
cable
carp
cat5
cdrom
cellphone
centos
chart
cifs
cisco
cloudera
comcast
commands
comodo
compiz-fusion
corsair
cpufreq
cpufrequtils
cpuspeed
cron
crontab
crossover
cu
cups
cvs
database
dbus
dd
dd_rescue
ddclient
debian
decimal
dhclient
dhcp
diagnostic
diskexplorer
disks
dns
dos
dovecot
drac
dsniff
dvdauthor
e-mail
echo
editor
emerald
ethernet
expect
ext3
fat32
fedora
fetchmail
fiber
filesystems
firefox
firewall
flac
flexlm
floppy
flowtools
fonts
format
freebsd
ftp
gdm
gnome
greasemonkey
greylisting
growisofs
grub
hacking
hadoop
harddrive
hba
hex
hfsc
html
html5
http
idl
ie
ilo
intel
ios
iperf
ipmi
iptables
ipv6
irix
javascript
kde
kernel
kickstart
kmail
kprinter
krecord
kubuntu
kvm
lame
ldap
linux
logfile
lp
lpq
lpr
maradns
matlab
memory
mencoder
mhdd
mkinitrd
mkisofs
moinmoin
motherboard
mouse
movemail
mplayer
multitail
mutt
myodbc
mysql
mythtv
nagios
nameserver
netflow
nginx
nic
ntfs
ntp
nvidia
odbc
openbsd
openntpd
openoffice
openssh
openssl
opteron
parted
partimage
patch
perl
pf
pfflowd
pfsync
photorec
php
pop3
pop3s
ports
postfix
power
procmail
proftpd
proxy
pulseaudio
putty
pxe
python
qemu
r-studio
raid
recovery
redhat
router
rpc
rsync
samba
schedule
scsi
seagate
seatools
sed
sendmail
sgi
shell
siw
smtp
snort
solaris
soundcard
sox
spam
spamd
sql
sqlite
squid
ssh
ssh.com
ssl
su
subnet
subversion
sudo
sun
supermicro
switches
symbols
syslinux
syslog
systemrescuecd
t1
tcpip
tcpwrappers
telnet
terminal
testdisk
tftp
thttpd
thunderbird
timezone
ting
tools
tr
trac
tuning
tunnel
vi
wget
wiki
windows
windowsxp
wireless
wpa_supplicant
x
xauth
xfree86
xfs
xinearama
xmms
youtube
zdump
zic
zlib