I got my Comcast bill again (they keep sending those things) and saw my charge for leasing my cable modem was now $7. The last time I remember looking it was $5 (close to as bad). I could not believe I was spending $84/yr to lease a cable modem. I had looked years ago at cable modems and remembered the price being close to $100. I seemed to have bad luck with them in the past and would have one or two go wonky on me at least once a year.
Since I would loose about 1 modem a year I could just have it replaced because of the lease. I figured at around $100 a pop it was worth it. If I ever upgraded my service to a faster speed and needed a DOCIS 3.0 modem it would be the same amount of money. Right now I have a plan that is well within DOCIS 2.0 speeds. For those that don't know DOCSIS 2.0 speeds are 42.88 Mbit/s down and 30.72 Mbit/s up for one channel. DOCSIS 2.0 has a maximum of 1 channel.
I decided to do some research on modem prices. First I looked at DOCSIS 3.0 modems. The DOCSIS 3.0 modems are in the $75 and up range. For this price if you fry a modem a year it might be worth leasing. My internet speed plan with Comcast did not need DOCSIS 3.0 speeds so my next search was for DOCSIS 2.0 modems. I was hoping that DOCSIS 2.0 would be the older tech and that the price would have dropped by now. After searching Amazon for DOCSIS 2.0 modems let me tell you the price has really dropped. I found tons of slightly used DOCSIS 2.0 modems for $10-$20. $10-$20!! Are you kidding? I could buy 3 of these modems and it would still be saving money over leasing a modem. Hell, I could do that each year and it would still be less than leasing a modem. I looked on Comcasts approved cable modem page to ensure compatibility with their equipment, and bought one of these Comcast blessed modems (Webstar DPC2100) for $17 on Amazon.
The modem came in a plain Amazon box with just the modem, power adapter, and a Cat-5 cable. I unhooked the old modem and plugged in the new modem. Then made the call to 1-800-COM-CAST, and gave the nice lady my MAC address off the cable modem. She put it in and just like that I was back on the interwebs. It has been a week with no problems. Speed tests confirm that this modem and the old modem are the same. Why did I not do this sooner? Ugh! Do yourself a favor and get a cheap used cable modem and stop paying for the leased one.
Comcast leaves port 25 (usually SMTP) open on all it's cable modems by default. If Comcast detects "virus-like activity" coming from your cable modem it will shut down port 25 on your modem by sending a modified boot file to it. This will close port 25 to all incoming and out going traffic. You will then recieve the following email to your primary Comcast email account.
Customer Security Assurance Notice Dear Comcast Customer: Action Taken: In an effort to help prevent spam and ensure the security of our network and customers, Comcast has modified your modem's settings to prevent the sending of email on port 25. That is the default port email programs such as Outlook Express use to send email. We've taken this action because we may have detected virus-like activity from your modem or received reports from other email providers that mail from your modem generated complaints from their users. Please read this message to understand how this action may impact your ability to send email and what you should do next.
Mailing email@example.com will not get the block removed. They have a script that answers those emails. Calling the normal 1-800-COM-CAST number will not help. The customer service reps don't have the knowledge or access to modify the boot file of the cable modem. At least most of them don't. If you can find one that knows how to change the boot file on your cable modem the more power to you.
The only way to get the port unblocked is to call Comcast Customer Security Assurance at 1-856-317-7272. You will need to ask the technical rep to remove the block for you. They will do it and warn you that it can happen again at any time. Then they will suggest the more expensive business class account so that this will not happen again.
To try to keep this from happening again I have blocked port 25 outgoing on my firewall. Incoming is still open for any mail servers that I need to test (I know Comcast terms of service don't allow servers blah blah blah...). I'm still trying to figure out if some program sent mail out on 25 that I did not know about (not any more) or if mail coming in on 25 triggered it.
I would not mind if they put a block in port 25 going out of all the cable modems. That would keep all the zombies from sending spam out of their network. But blocking port 25 for incoming traffic is just stupid.
Even if someone ran an open mail relay on port 25 on their machine it could not send any mail out because of the port 25 would be blocked going out of the modem. Spam zombies decapitated. My only guess that they don't do this is the cable modems can only block a port in and out or nothing at all. When I think filtering I think in terms of stateful filtering. I guess cable modems can't do stateful filtering. It's probably cheaper ($$ and resources) and easier to not keep state and just straight block the port.
If they have all these machines looking for "virus-like activity" on their networks then put in a firewall upstream and just block all port 25 going out. If you have the resources to scan all the activity on port 25 to look for spam you have the resources to just do a easy block on 25 out. No scanning involved. O well.