dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7252
share rss forum feed


JohnInSJ
Premium
join:2003-09-22
Aptos, CA
reply to DarkLogix

Re: [Business] ARP Packets from Comcast are Flooding My LOCAL Ne

said by DarkLogix:

well now I'm trying to troubleshoot my ASP page (btw I'm not a programer)

and it involves some array manipulation
if you're a programer feel free to help I made a thread in the webmasters forum

I wish I know what has changed with the formatting of the html page I'm pulling the data from

Can you link to the thread or PM it to me, I can't find/not subscribed to that forum...
--
My place : »www.schettino.us


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
»Need help updating an ASP page to work again

wow just noticed a typo in the thread title
I think its an issue with the split function that splits the 4 numbers into differant parts of an array so that the numbers can be easily displays by my display function


JohnInSJ
Premium
join:2003-09-22
Aptos, CA
said by DarkLogix:

»Need help updating an ASP page to work again

wow just noticed a typo in the thread title
I think its an issue with the split function that splits the 4 numbers into differant parts of an array so that the numbers can be easily displays by my display function

Yep I posted the fix...

The new firmware has an extra | at the end of the data sets (no idea why) which you need to lop off to avoid an invalid double. See your other thread.
--
My place : »www.schettino.us


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
Thanks that worked


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
Well I forgot to do a speed test before but per PRTG my ping time to level3 and to HurricaneElectric have improved

well average hasn't but max has

Nalez

join:2011-01-14
reply to JohnInSJ
Yep, I had that too. but for me, it was LAN1 that went dead (which was the port I was using). Moving to LAN4; I could access the stupid router again.

Nalez

join:2011-01-14
Well, I found kind of a work-around to comcasts stupidity, to at least get this arp traffic off of my network.

First I determined the MAC address that the packets are coming from via wireshark, then I applied the below access to the switch port that my cable router is connected to:
mac access-list extended drop_comcast_arp
deny host 001b.d5ff.0ae2 any 0x806 0x0
permit any any

interface GigabitEthernet0/22
description cable-gw
mac access-group drop_comcast_arp in
end


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
Early this morning I discovered another problem with the new 3.1.4.51.1 firmware; you can't create static IP firewall rules.

My rules that were already in place before the 3.1.4.51.1 firmware was installed originally seemed to be working with no problems. But this morning I needed to edit one of those rules, and as soon as I applied the change all of the rules disappeared, and my servers were no longer visible (I was using the "Block all ports and allow exceptions below" rule set). I was unable to create any new block or allow rules.

The only way to get my servers back on-line was to either select the "Open all ports but block exceptions below", or check the "Disable all rules and allow all inbound traffic through" option.

Comcast support was not able to get the rules to work either (even using the the mso credentials and the telnet CLI). Oh well, I have all of the rules duplicated in the server firewalls anyway, but it was nice to have an extra layer of protection before the traffic could even reach the servers. I have a ticket open with Comcast support, but I suspect that this will not be fixed (at least not anytime soon).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to NetFixer
said by NetFixer:

Perhaps the new SMCD3G firmware expects that the SMC LAN port 1 will always have an active connection, and if it doesn't find one, it doesn't bother to enable any other switch ports? Later this evening I plan to check to see if the USB port has perhaps been activated with the new firmware. I will move my SamKnows box to port 4 on the SMC at that time to see if it works immediately after an SMC reboot.

1. I tested rebooting with my SamKnows box on port 4, and I did not see a problem. This appears to be an intermittent symptom (or possibly one that only appeared after the first reboot when the new firmware was installed).

2. The USB active LED now illuminates if either a USB flashdrive or a USB printer is connected (a new behavior), but I could see nothing in the SMC menu to indicate an attached USB device, nor any additional active TCP ports to indicate that either USB storage or printing is supported.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

veryfunny7

join:2011-07-04
Detroit, MI
Regarding the locked DNS settings, though the modem is showing that it's set to use the Comcast DNSSEC servers, in my case, it seems that manually inputted DNS servers *are* being forwarded to DHCP devices on my network.


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
I just tested the USB part too

and with my phone its seen as though teh SMC is a computer not just a power supply so its possible the USB menu is hidden so I would not advise using it to power a device unless you're its not giving the SMC file access to the device.

not that I wouldn't trust comcast but just someone might one day snoop around and discover it and get access to your data if the comcast only admin UI has the USB part visable.

kash1

join:2005-08-13
Houston, TX
Looking everywhere for a setting to keep these out of our internal network!


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by kash1:

Looking everywhere for a setting to keep these out of our internal network!

There is not a customer accessible setting in the SMCD3G that will do that. There may be a telnet CLI command that will do it, but finding a Comcast CSR who knows how (or is willing to do it) is a futile exercise.

If you don't have your own firewall/router between the SMCD3G's LAN and your network, the ARP broadcasts are going to be there.

Call Comcast business class support and get a trouble ticket (and/or post in this site's »Comcast Direct forum). If enough customers do that, perhaps someone might eventually escalate it to Comcast engineering for a fix. I have done this for both the ARP traffic problem and the now non-functioning firewall rules setup for True Static IP (I suspect that there is a relationship between the now dysfunctional SPI firewall and the ARP traffic being passed to the LAN).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

jtcasas

join:2012-05-10
reply to kash1
said by kash1:

Looking everywhere for a setting to keep these out of our internal network!

Based on the conversations around here, and the lack of response from Comcast support, I think the issue may only be resolved the next time a firmware update is pushed to all of the modems/routers. Other than setting up another router behind the Comcast-provided one, there won't be a way to drop the packets, before they are broadcast across your internal network.

kash1

join:2005-08-13
Houston, TX
NetFixer Will do!


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
reply to NetFixer
It'd be nice to just see the web interface that comcast techs can view on the SMC, if nothing else to make better informed ideas of how something like this could be fixed.

I have a feeling though that comcast is still tweaking this firmware because things like the USB being active but no interface to use it, so they'll likely ether turn it off or let the customer see that page (or do nothing thats possible too)


pflog
Bueller? Bueller?
Premium,MVM
join:2001-09-01
El Dorado Hills, CA
kudos:3
I started noticing this after a reboot a week or two back as well.

ARP storm on my FreeBSD box's WAN interface (connected to the SMC's LAN interface) using "true static" mode.

Who do we report this to @ Comcast Biz to get it stopped? I don't want proxy_arp on if I can avoid it. TIA.
--
"Women. Can't live with 'em, pass the beer nuts." -Norm


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
I think the best bet would be the direct forum

personally I'm not overly worried as I think my NM-1GE won't be impacted enough to cause issue.


pflog
Bueller? Bueller?
Premium,MVM
join:2001-09-01
El Dorado Hills, CA
kudos:3
said by DarkLogix:

I think the best bet would be the direct forum

personally I'm not overly worried as I think my NM-1GE won't be impacted enough to cause issue.

I don't think it's adversely affecting my connection other than to annoy me I would just rather have it shut off if it's simple. Thanks, I'll post to the direct forum.
--
"Women. Can't live with 'em, pass the beer nuts." -Norm


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
I agree, after all having it enabled means that its having to do a layer3 operation on layer2 data, which always means more CPU usage (unless theres some special chip in there just for this operation)

and we all know how poor the CPU is n the SMC's

plus theres a little I/O mem used by our device in replying to the arp which would mean alittle more usage where it doesn't need to be.

Sure those are small numbers but bad is bad

what I'd like to know is if theres actually any usefull use for it.


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to DarkLogix
said by DarkLogix:

personally I'm not overly worried as I think my NM-1GE won't be impacted enough to cause issue.

Yeah, the ARP traffic is more of a cosmetic problem than a performance (or even a security) problem. The ARP traffic was always there anyway on the WAN side of the SMCD3G. As to it being a security risk, I can now see some IP addresses that are allocated on the Comcast network, but anyone with a standard cable modem attached to a Comcast connection can see the same thing anyway.

For me the ARP problem is just an inconvenience. Before this, if I were sitting at my desk, I could get at a glance from the LAN status LEDs on my SamKnows box a good indication of how busy my servers were. Now the LEDs indicate constant activity, so I have to actually open a netstat session for each server to get a real traffic indication.

The problem of not being able to use the SPI firewall for True Static IP connected devices however, is a real problem that needs to be addressed soon. With this current firmware the only options are block everything, or block nothing. Specific port/IP address rules can no longer be implemented.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
Just an FYI for those experiencing problems with this current firmware release.

I just got an email from a tier 2 CSR in response to my open trouble ticket:

said by Comcast Support :

Yes our engineering team is aware of firmware issues at this time and working to resolve them.

OTOH, I would not advise that anyone hold their breath while waiting for a resolution.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

jtcasas

join:2012-05-10
said by NetFixer:

Just an FYI for those experiencing problems with this current firmware release.

I just got an email from a tier 2 CSR in response to my open trouble ticket:
Yes our engineering team is aware of firmware issues at this time and working to resolve them.

Thank you for the update! I never heard back on my written requests to Comcast support. As for Comcast "working to resolve" the issues, I expect that they will only fix the issues in their next firmware rollout, which is at least several months away.

sragle

join:2005-08-08
San Jose, CA
Has anyone notice random sync lost through out the day with this new firmware?

btalbott

join:2003-12-25
Elkton, MD
reply to NetFixer
Unreal. They need to roll back the firmware update because its causing other issues in my opinion.

btalbott

join:2003-12-25
Elkton, MD
reply to sragle
yes, I have noticed horrible connectivity issues. I have a VOIP line and a Microcell (ATT) for my cell phone. At numerous times during the day I lose sync on the VOIP line and in succession the Microcell. Internet hangs as well during this time.

Its getting highly frustrating....

jtcasas

join:2012-05-10
Well, after a reboot today, my modem downloaded a new configuration file, and the ARP packet flood is fixed!!

The bad news is that my username/password to administer the SMC D3G is no longer working, nor is the default cusadmin/highspeed combination.


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by jtcasas:

Well, after a reboot today, my modem downloaded a new configuration file, and the ARP packet flood is fixed!!

The bad news is that my username/password to administer the SMC D3G is no longer working, nor is the default cusadmin/highspeed combination.

The cusadmin credential problem hit me yesterday after a tier 2 tech accessed my SMCD3G remotely to try to work around the firewall issue. His fix did not work (in fact he managed to take my servers off-line), and I was not able to access my SMCD3G using either my own password, or the default password. I was however able to call support and get the cusadmin password reset to the default value, and that restored my ability to login and fix the firewall problems that were inserted by the tier 2 tech. I was also able to put my own cusadmin password back.

I still see the ARP packets, so maybe later this evening I might try a reboot to see if that goes away after a reboot.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

jtcasas

join:2012-05-10
Thank you, NetFixer! I will call Comcast tonight, and have them reset my login credentials.

sragle

join:2005-08-08
San Jose, CA
reply to NetFixer
I just had the same problem with the cusadmin password not working, i had to call tech support and have them rebuild my profile and push it to the modem and now it works. I also see that my modem is now running 1.4.0.49.7-CCR so they must of rolled back the firmware.