Comcast trying to Hack?

Discussion in 'other security issues & news' started by Kathyhl, Mar 21, 2004.

Thread Status:
Not open for further replies.
  1. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    I have a wireless router so my second PC can also have a connection, (which has never really worked very well anyway) but a few days ago both PC's went down. I called Comcast to inform them, the next day my PC was up again, but my second PC was not, nor was my connection light on, on my wireless. Today, about 5 minutes after I turned on my PC, my Zone Alarm informed me someone was trying to get into port 3217, but it stopped it, so I had it check who was trying to get in. This is what it said:
    CustName: Comcast Cable Communications, Inc. Address: 3 Executive Campus Address: 5th Floor City: Cherry Hill StateProv: NJ PostalCode: 08002 Country: US RegDate: 2003-04-03 Updated: 2003-04-03 NetRange: 67.164.160.0 - 67.164.191.255 CIDR: 67.164.160.0/19 NetName: COLORADO-4 NetHandle: NET-67-164-160-0-1 Parent: NET-67-160-0-0-1 NetType: Reassigned Comment: NONE RegDate: 2003-04-03 Updated: 2003-04-03 OrgAbuseHandle: NAPO-ARIN OrgAbuseName: Network Abuse and Policy Observance OrgAbusePhone: +1-856-317-7272 OrgAbuseEmail: abuse@comcast.net OrgTechHandle: IC161-ARIN OrgTechName: Comcast Cable Communications Inc OrgTechPhone: +1-856-317-7200 OrgTechEmail: cips_ip-registration@cable.comcast.com

    Color me paranoid here, but because the wireless wasn't Comcast's, and my 2nd PC could actually get e-mail, I'm thinking that Comcast may have took down something (what? I have no idea :oops:) But my connection light on my wireless is no longer on, and my wireless did have a firewall also, so Is it to far fetched to think that Comcast was checking to make sure the wireless was down?

    Thank you, anyone, who can shed some light on this.
     
  2. M2S

    M2S Registered Member

    Joined:
    Mar 20, 2004
    Posts:
    12
    Kathyhl

    Hi

    If the 2nd PC is able to connect for email, you have a connection. I wouldn't worry about Comcast, but what type of firewall do you have? Are you using any type of router/firewall log?

    Do you have Spybot Search & Destroy or Adaware?

    M2S
     
  3. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    Hi M2S, thanks for your reply. To answer your questions, the 2nd PC quit getting e-mails the same time they both went down, now the main PC works, but the 2nd PC gets nothing, no e-mail, no internet, nothing. Well except if you like playing solitaire ;)

    I have Zone Alarm Plus, and yes I also have Spyware, search and destroy.

    Thanks,

    Kathy
     
  4. M2S

    M2S Registered Member

    Joined:
    Mar 20, 2004
    Posts:
    12
    Hi Kathy

    Solitaire is okay, I personally like Spider better :)

    Sorry, I should have asked you this before...what mfg for the router? If it is a linksys, you could try accessing the router from a browser window of the 2nd PC. If it is a different router, I will have to defer to someone else.

    Let me know - :D
    M2S
     
  5. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    Hi M2S

    The wireless is a Belkin. And just before I got your e-mail, they tried again, only using a different ip this time. Maybe I should just go in and ask them what they are doing?

    Thanks,

    Kathy
     
  6. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    "...so Is it to far fetched to think that Comcast was checking to make sure the wireless was down?"

    I think the answer is yes. Why would Comcast care if you're using a wireless router or any router for that matter? They don't support routers (except for those you get as part of their Home Networking package which is a wireless router) but there's no prohibition against running routers and having a home network behind them.

    Offhand from the info you provided, there's nothing to show that the port scan came from Comcast itself rather than just a Comcast user who may have an infected machine which is sending out portscans.

    Have you rebooted your router and checked the settings? If you're receiving mail on the second pc obviously you have some sort of connection...have you checked it to see if the connection is actually coming from your network router or instead perhaps another wireless network connection (such as if one of your neighbors may have an unsecured wireless connection that it could be piggybacking on)?

    I ask since if your router was functioning properly and correctly configured, blocking packets, offhand I don't see why your software firewall would be seeing any port probes.

    Anyway, I'd worry less about Comcast mucking with your network than making sure my wireless router was functioning properly and the connection secured.
     
  7. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    Thank you Sig, but as I wrote in my previous post, my 2nd PC is no longer working at all. And I always assumed the same as you, Why would Comcast care if I had a wireless, they themselves helped me put it in when they came to install Comcast, but since there is no longer an active connection on my router, my Z/A appears to be catching and blocking what's trying to come in. I just had a second one, and the info on that said this:
    OrgName: Comcast Cable Communications Holdings, Inc
    OrgID: CCCH-3
    Address: 1800 Bishops Gate Blvd
    City: Mt Laurel
    StateProv: NJ
    PostalCode: 08054
    Country: US

    NetRange: 24.91.0.0 - 24.91.255.255
    CIDR: 24.91.0.0/16
    NetName: RW2-NORTHEAST-2
    NetHandle: NET-24-91-0-0-1
    Parent: NET-24-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS4.ATTBB.NET
    NameServer: NS5.ATTBB.NET
    NameServer: NS6.ATTBB.NET
    Comment:
    RegDate:
    Updated: 2003-08-06

    OrgAbuseHandle: NAPO-ARIN
    OrgAbuseName: Network Abuse and Policy Observance
    OrgAbusePhone: +1-856-317-7272
    OrgAbuseEmail: abuse@comcast.net

    OrgTechHandle: IC161-ARIN
    OrgTechName: Comcast Cable Communications Inc
    OrgTechPhone: +1-856-317-7200
    OrgTechEmail: cips_ip-registration@cable.comcast.com

    # ARIN WHOIS database, last updated 2004-03-04 19:15

    And the reason I assumed it was Comcast, is because of the addresses it gives sounds like it was coming from their abuse dept.

    No I haven't rebooted my router, as a matter of fact I'm thinking about unhooking it and just going through the cable, which is already hooked up anyway.


    But thank you for this:
    "Anyway, I'd worry less about Comcast mucking with your network than making sure my wireless router was functioning properly and the connection secured. "

    I'm probably going to go to Comcasts site and talk to someone there to let them know what's been going on. with the info my Z/A collected, that should be enough to at least get them started in the right direction, or hopefully be able to tell me why it's happening.

    Thanks again sig, for your time and concern.

    Kathy
     
  8. M2S

    M2S Registered Member

    Joined:
    Mar 20, 2004
    Posts:
    12
    Kathy

    Its more than likely it is a comcast customer, not comcast themselves. There have been alot of port scans with all the new trojans and worms "out and about".

    I am a comcast customer and have had my fair share of scans in the last month or so. ZA Pro and the router are doing their job of protecting you. I think the 2nd PC not be able to connect is unrelated.

    Pop back and let us know how you make out if you contact Comcast or you need further assistance.

    M2S

    edit after re-reading your response to sig. I would not disconnect the router.
     
  9. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    After contacting Comcast, they said they have no reason to probe my machine, but wanted more info, I gave them everything Z/A gave me, but apparently it wasn't enough, so the next time it happens, the gal said I need to remember to get an originating address, or just more info in general, so I'll just try and do that for them.
     
  10. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    The info you see is whois info; that is, who owns the IP that is scanning you. The abuse info is typically there for people to report the offending IP address. That doesn't mean Comast Corp is scanning you, just that someone's machine that is using Comcast as its ISP is scanning you. The specific IP address of the PC doing the scanning is what you need. In fact, if you have your ZA logging enabled, the IP info should be in the log.

    However, I should point out that portscans go on all the time and as long as you have some sort of firewall blocking them it is no big deal. If you want to pursue this, fine if Comcast is willing to assist you. But I rather doubt that it has much if anything to do with your router problems.
     
  11. M2S

    M2S Registered Member

    Joined:
    Mar 20, 2004
    Posts:
    12
    Kathy

    Do you use any programs that utilize the logs that zone alarm creates? I have used a couple, but the one I like the best is called Wall Watcher. Unfortunately, it only works with linksys routers.

    Visualzone does work with Zone Alarm http://www.visualizesoftware.com/visualzone/visualzone.htm

    Also sig is correct about checking the wireless router and making sure that you are not broadcasting an open connection to all your "friends" and neighbors. :eek:

    My son has also had problems with his wireless router. So the last time I had to buy one - well, it was NOT wireless!

    M2S
     
  12. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    Thank you sig, I did have a few more "attacks" and was able to give all the info to Comcast, including the ip addresses. They then told me to write to Abuse@comcast.net, but they couldn't guarentee if I would hear back from them. The gal did say however that after awhile I will quit getting them, so I'm assuming (and we all know what that means) that Comcast may look into it and stop that particular IP address. Also, I didn't think it had anything to do with my router, only that now the router is no longer connected, I'm not being protected by it's firewall, which could be the reason I am seeing all these now, Z/A tells me, whereas the router just silently did it's job :)

    Thank you also M2S, Unfortunately I don't understand what you mean by utilizing the logs, being as I'm not looking at any logs, all this info I'm getting is coming up when Z/A initially blocks the sender, and also when I ask for more details, it takes me to the Z/A page where it gives me even more info.

    Kathy
     
  13. Shunned

    Shunned Guest

    Imo Sig very nicely adressed the issue so the following is just general yak yak

    Last week comcast did make an innovated step. In the future comcast will be dis-connecting customers with infected machines AFTER advising the customer. This new policy is due specifically to the huge number of comcast customers having computers infected with SPAMMING TROJANS that are overloading comcast servers. Customers will FIRST be advised..before dis-connection.(repeat)
    This mentioned so as the topic poster wont jump to the wrong conclusion if heard elsewhere.
    As Sig stated..why would comcast want to hack you computer...not plausible...such a large company would never risk such illegallities ..that if discovered would have the FCC on them like white on rice
    Perhaps Kathy you are not looking in the right place for the right answers....The PC is the location of the problem....not the connection to the PC....you have connection...
    Comcast or any service provider wont make one cent by dis-connecting customers...thats their bread and butter.
     
  14. M2S

    M2S Registered Member

    Joined:
    Mar 20, 2004
    Posts:
    12
    Kathy

    If you right click on the ZA icon in the system tray, you should have an option to "restore Zone Alarm Control Center". There should be a tab on the left for Alerts and Logs. That has all the information both inbound and outbound internet traffic.

    Hope this helps, otherwise, let us know

    M2S

    (sorry sig, we were responding at the same time)
     
  15. controler

    controler Guest

    The first thing I would do if on XP would be to do a repair in network connections, If that don't work, unplug the router power for 30 seconds
    and plug it back in , then reboot.
    Your router )gateway( must have a wireless card attached? if so unplug that and plug it back in.
    Did you change your router from dynamic to static IP address?
    Sometimes it takes many hours to try figure out something that some can do in 5 min. at the site LOL
     
  16. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    Thank you all!
    Shunned: I did not know that Comcast was going to start any action against infected machines, but I think it's a good idea. I don't however understand you saying I'm not looking in the right places for the right answers? My Z/A is stopping numerous attacks that are taking place, so in fact it's not my pc I want to look at, but who's trying to attack it. Wouldn't that be right? If I'm missing something here I'm sorry, my speciality certainly was never pc's :oops: .

    Controler: I have a Win98, but I have in fact tried doing a few things you mentioned to try and get my 2nd pc back up, but nothing is working, so I'm just going to put the wireless router problem on the back burner for now, while I try and stop my Z/A from popping up every few minutes :).

    M2S: I did find where the logging was, and thank you very much.

    Everyone has been so nice :)

    Thank you all,

    Kathy
     
  17. Shunned

    Shunned Guest

    Kathy

    Sorry if I worded my post ambiguously.....was trying to say not to waste your time reporting all those "attacks"...you will know a REAL attack if ever you get one...hopefully never...but moreso...you will be on the phone forever an never get results.....
    You have a hardware problem.

    What you believe to be attacks could be nothing more than infected computers...or random scans....zone alarm is doing nothing more than ADVISING that your computer is PROTECTED....now you may not have looked at it that way....your computer got pinged or whatever..ZA told you..an ZA said "hey, I kicked their butts off". If you don't want it poping up..just turn off that feature...."oh, but then I wont know if I am being hacked" ......Kathy if a hacker can bypass ZA its much to late to worry then.....cause if the hacker can pass the firewall..the firewall IS NOT GOING TO ALERT YOU...cause it didn't "see" the hacker to begin with.
    As for "tracing" all those "attacks"...get yourself a cup of coffee and relax....forget the "whoising" otherwise you will be a very old lady an still be doing the "whois"
    Every person using the internet goes through just what you are experiencing. Those awful attacks......thats the purpose of having a firewall.....to have peace of mind not to drive yourself to a frenzy.........my logs are full of just such attacks.....so what...
    So Kathy,,,be easy on yourself....work on the hardware problem. Cause believe me..the rest is just a waste of your good time.
     
  18. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    Thanks for your advice Shunned, it was well taken, and I understand what you were saying now. I did go into Trend Micro and ran a complete virus test on my PC, which once again showed clean, thank heavens!

    I have had Z/A tell me things before, but never had the amount of alerts I had today, and all of them red, but it all started happening when my router partly disconnected. I can only imagine that the routers firewall always acted silently in the background, but now being as I no longer have that protection, my Z/A is doing all the catching, and it's not so silent, so now I am actually seeing what I wasn't before. I do have quite a few of Javacools great programs, and a few others to protect me, but as you say, if a hacker can bypass all that, it's much to late anyway, so I consider myself pretty lucky so far. All I can continue to do is update all my protection programs, and try and be aware of as many things as I can.

    So far everything else with my PC seems to be acting normal, so I'm content in believing that's ok.

    Whether or not Comcast will act upon my letter to them, I may never know, but I feel good in the fact that I gave them all the info they needed. Which also means I feel good knowing I won't grow old obsessing over something I have no more control over.

    Thanks again for the advice ;)

    Kathy
     
  19. Shunned

    Shunned Guest

    Kathy

    Was my honor to help if possible.....say, you have a great outlook.....my compliments.
    Over the years I have seen so many people get caught up in doing the whois. Some wasting systen resources by install whois programs that help get them so nervous they can no longer enjoy the use of their computer. Some very experience Users fall into this trap an will argue till they turn blue of how useful doing the whois..is
    Kathy, enjoy your computer..you seem to have a good understanding of whats happening now...
    My experience with comcast would have you laughing till day-break....
    This is my last night at this forum...nice to have met you....blessing to you....may all your dreams come true and bring great happiness to you.
     
  20. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    shunned, so sorry to hear this will be your last night here, you really did make me feel better.

    It was good meeting you also,

    Take care of yourself, and the rest comes easy ;)

    Kathy
     
  21. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    shunned - Where you headed off to?

    Don't forget to stop by! Pete
     
  22. brucegeulam

    brucegeulam Registered Member

    Joined:
    Feb 2, 2004
    Posts:
    15
    Location:
    NW Wisc. USA
    I am pinged daily by Comcast and a multitude of others. I do not have anything to do with this company or the others. Who knows what they are looking for.

    Bruce
     
  23. M2S

    M2S Registered Member

    Joined:
    Mar 20, 2004
    Posts:
    12
    Bruce - "They" are looking for unprotected computers. If you have a firewall and/or router., that's one layer of protection. Keeping your virus defs up to date is another. Making sure you have the latest patches for IE is another....and so on. :D

    M2S
     
  24. brucegeulam

    brucegeulam Registered Member

    Joined:
    Feb 2, 2004
    Posts:
    15
    Location:
    NW Wisc. USA
    I feel somewhat safe but I'm amazed how many of "them" there are. Certain times on certain days there are 1000's. Do we set our firewall and hope it works? I look-up some of these probes and I have no idea who they are or what they want.
    More firewalls and other programs or less of "them"?
    Hmmm.......

    Bruce
     
  25. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    Hi Bruce,

    Thanks for the post. At least I know I'm not alone, unfortunately it wasn't just a ping but someone actually trying to get into one of my ports. I got all the information that Z/A gave me and sent it to Comcast's abuse center, and strangely enough, I haven't had one red alert today at all, so I can only assume they actually acted on it. At least I hope so, I've run numerous tests on my PC that have all come back clean, so I just can't sit here and obsess, as I gain nothing from that :)

    Kathy
     
Loading...
Thread Status:
Not open for further replies.