dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3920
share rss forum feed


sjfromreddit

@comcast.net

[HomeSecurity] Comcast reused my old router without resetting it

Hey guys, r/techsupport recommended I share my issue here. I'll just reiterate what I posted on reddit:

When we moved across the country, I kept Comcast as our ISP. We returned the old router and modem we had rented in at our old place, and the technician in our new city took it and gave us a newer, faster, router/modem combo to use in our new place.

At our old place, I had set up our old router to log all incoming and outgoing connections and email me when the log was full, in case we ever had a security issue, I could go back and look at the access logs to figure out what happened.

Apparently, Comcast doesn't reset equipment before they give it to a new customer, because I started receiving some stranger's internet access logs today, after returning the router several months ago. I have something like 20 emails of all the domains this household has visited, and more coming in all the time.

I just got off the phone with the 7th person I talked to at Comcast today, and nobody had any idea what I was talking about, or how to remote into that other customer's router and reset it. I'm frustrated and annoyed, not only because of the lack of expertise in their technical support, but because they don't even check equipment before re-using it with a different customer.

You would think this would be kind of a big deal to get fixed right away, I mean, this person with my old router doesn't even know their privacy is being invaded: some stranger is able to access all their internet (well, domains accessed) history. But no, Comcast just kept transferring me around and not fixing the problem. Eventually they found some excuse to get me off the phone, with no number to call back or support ticket number or anything.

Is there anything else I can do? I have the router serial number (which I gave to 3 technicians) but that's all; I have no idea who this customer with my old router is, or their IP address or anything like that. There is no personally identifiable information: just the domains they're accessing, and various router logs (DOS notifications, that sort of thing).

**TL;DR: I'm still getting access log emails from my old router, which is now in a stranger's home; Comcast hasn't helped, and finally just sent me on my way with the issue unresolved. Anything I can do on my end?**



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

Re: [HomeSecurity] Comcast reused my old router without resettin

Check the full header of the emails you are receiving. The originating IP address should be in there.



sjfromreddit

@comcast.net

Ok, i just took a look and I'm not sure which IP listed is the originating location? Is it 'client-ip'?

Delivered-To: XXXXX@gmail.com
Received: by 10.182.183.99 with SMTP id el3csp38804obc;
Sun, 29 Jul 2012 17:11:11 -0700 (PDT)
Received: by 10.60.0.164 with SMTP id 4mr14698805oef.4.1343607070590;
Sun, 29 Jul 2012 17:11:10 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of p3plsmtpa06-07.prod.phx3.secureserver.net designates 173.201.192.108 as permitted sender) client-ip=173.201.192.108;
Message-ID:
Received: by 10.182.23.80 with POP3 id k16mf14874535obf.11;
Sun, 29 Jul 2012 17:11:10 -0700 (PDT)
X-Gmail-Fetch-Info: XXXX@XXXXXX.com 1 pop.secureserver.net 110 XXXX@XXXXX.com
Received: (qmail 25192 invoked by uid 30297); 29 Jul 2012 23:56:54 -0000
Received: from unknown (HELO m1pismtp01-019.prod.mesa1.secureserver.net) ([10.8.12.19])
(envelope-sender )
by p3plsmtp02-05.prod.phx3.secureserver.net (qmail-1.03) with SMTP
for ; 29 Jul 2012 23:56:54 -0000
X-IronPort-Anti-Spam-Result: AjUFANTKFVCtycBsmGdsb2JhbABFqHgBj3FxIgEBAQEBCAkNGyeCQS9BgUCHfgMMC5gxlnQUlReFXYEFA4 96hmOTNw
Received: from p3plsmtpa06-07.prod.phx3.secureserver.net ([173.201.192.108])
by m1pismtp01-019.prod.mesa1.secureserver.net with ESMTP; 29 Jul 2012 16:56:53 -0700
Received: from WNR1000v2 ([76.105.214.72])
by p3plsmtpa06-07.prod.phx3.secureserver.net with
id gPwt1j0011aHTZY01PwtxJ; Sun, 29 Jul 2012 16:56:53 -0700
From: XXXX@XXXXX.com
Subject: NETGEAR WNR1000v2 Log
Sender: root@WNR1000v2
To: XXXX@XXXXX.com
X-Nonspam: None



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

This originated at:

Received: from WNR1000v2 ([76.105.214.72])


Oedipus

join:2005-05-09
kudos:1
reply to sjfromreddit

While I understand where you're coming from with the potential security/privacy concerns, it's probably extremely uncommon for people with residential accounts to set up their comcast-provided router to send them emails when their log is full. Since you don't know who these people are and apparently Comcast wont put any effort into figuring it out, I do question how serious the privacy issue really is.

Now, what can you do? It sounds like the only thing you can do is either ignore the emails or set up a rule to send the emails directly to the trash.


walterross

join:2000-12-28
Aspen, CO

Presumably the outgoing SMTP account the router is using to send the email has an associated password... Change the password on that account so the router will no longer be able to send email.



owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
reply to sjfromreddit

Post this in the Comcast Direct forum here: »Comcast Direct



sjfromreddit

@comcast.net
reply to walterross

I did change the password, and I'm still getting the emails. I'm thinking I should just delete the email account. I'm surprised it's so uncommon, I mean, it's pretty simple to set up. Thanks for the advice.



Zara

@comcast.net
reply to sjfromreddit

That out of date router anyway, time to move on buy a new router they are cheap for most part, fyi comcast router support is a paid for service. Even the new gateways that can be avail in some area are still under the paid for services. Cost more to upgrade one too.



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
reply to sjfromreddit

Comcast isn't the only ISP who recycles returned equipment without testing or resetting. I have on several occasions run into problems with clients who have had their AT&T supplied DSL routers swapped for troubleshooting purposes by AT&T techs, and then later had mysterious connection disconnects. The cause of those disconnects was their old router using their PPPoE authentication being used by another customer (and AT&T will disconnect the oldest connection when a new PPPoE session starts).

The solution in those cases was to change the client's PPPoE password, which then prevented interference from the old router.

Did you perhaps also enable Remote Management in your old router in addition to emailing the logs? That might be a way to remedy your current problem.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

3 edits
reply to Zara

said by Zara :

That out of date router anyway, time to move on buy a new router...

EDIT: Never mind, since the entire meaning of my original post was changed by someone else, I will allow you to continue believing your post.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

ctggzg
Premium
join:2005-02-11
USA
kudos:2

1 recommendation

reply to sjfromreddit

said by sjfromreddit :

Apparently, Comcast doesn't reset equipment before they give it to a new customer...

And you didn't think to reset it yourself?


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

NM



BronsCon

join:2003-10-24
Walnut Creek, CA
reply to ctggzg

It's not *his* privacy, it's the other customer's privacy, Comcast's customer, it's up to Comcast and the other customer and, honestly, given privacy laws, the onus is on Comcast to protect the privacy of their customers.



Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4

I accidentally hacked into a Comcast email account once so I understand how he is concerned.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

1 recommendation

reply to ctggzg

said by ctggzg:

said by sjfromreddit :

Apparently, Comcast doesn't reset equipment before they give it to a new customer...

And you didn't think to reset it yourself?

While I feel the customer (the OP) could have done that, I would think that Comcast would do that when they get the device returned to them.

To me, when a leased piece of equipment is returned, there should be a set of steps that Comcast would have to perform before they are put back in the pool so to speak for re-use. Among them would be to test to make sure it still works, and I would think, part of that would be to reset the device back to "factory settings".

I see a check-list here of steps to perform, that all tech's working in that part of the company are to follow. Then, after said tech performs the steps, there is a final QA verification to make sure the job was done following the said steps. If all checks out, then the device moves on in the process (whatever that next step may be).

Again, maybe its just me, but it seems like if Comcast is not doing this kind of process, or if there is a worker who is cutting corners, action should be taken to correct that problem on Comcast's end.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to Mike Wolf

said by Mike Wolf:

I accidentally hacked into a Comcast email account once so I understand how he is concerned.

I don't think that the OP has even considered that possibility.

While the current user might be able to get the OP's email account password from the WNR1000 router, it would require that the current user know how to monitor the router's WAN interface and capture the packets since the router's config file is not plain text, and the router's email setup does not display the stored password (see sample images below).





(note to spammers, the real email address is not displayed)


Considering that the current user of that router probably just did a total "plug and play" install (and probably has never even looked at the WNR1000 admin pages), I don't think that is really a probability; but it is something for the OP to think about (perhaps it might be time to kill the email account that the router uses for its SMTP server).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4

I was just saying that sometimes what we think is secure isn't really at all. For example when I first got Comcast I setup the obligatory email address but never used it for the first year or so, till one day I was bored and went to log in, forgetting the username and password I used, so I did a password reset on the address I thought was correct. Well the security question was "favorite drink" so I put "soda" and after supplying a new password I gained access....only I then realized that the emails were not mine but someone elses. So I immediately contacted Comcast, supplied them with the new password I created and quickly logged off a little startled.



sjfromreddit

@comcast.net
reply to NetFixer

Yeah, OP here; I'm not too keen on deleting the address, I should have used a throwaway instead of a business address, that was stupid on my part. And you're right, I hadn't considered that possibility. I'm not really a networking expert over here.

And to the person who said I should have reset the router myself: you're right, I should have. I completely forgot. I'm an idiot.

I'm going to try contacting the ridiculous PR-based 'comcast cares' email and see if they can do something first, now that I have the originating IP, maybe they'll have more ability to do something? If they can't resolve it within 24 hours I'll just have to delete the email account. :-/



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

Instead of deleting the email account, forward it to abuse@comcast.com



sjfromreddit

@comcast.net

HA! That literally made me cackle out loud!


tomdarch

join:2012-08-02
Chicago, IL
reply to sjfromreddit

Wow.... I just placed an order to start service with Comcast, and I decided that I'd avoid the $7/mo rental fee and buy a modem myself. Reading that they neither reset all old rentals nor are they capable of understanding this situation makes me glad that I'm buying a modem.



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by tomdarch:

Wow.... I just placed an order to start service with Comcast, and I decided that I'd avoid the $7/mo rental fee and buy a modem myself. Reading that they neither reset all old rentals nor are they capable of understanding this situation makes me glad that I'm buying a modem.

This thread was discussing a router, not a simple cable modem. A simple cable modem has no personally identifiable information in it. And even a router would not be a problem if you just did your own factory reset on a new router, and before you turned it in to Comcast (if it was a rental).

And FWIW I purchased two Netopia DSL routers from Amazon a couple of years ago, and even though they were advertised as "new" equipment, when I received them they were routers that had been returned to AT&T, and AT&T in turn sold them to Amazon. How do I know that was the case? I know because both of those routers still had the old user's PPPoE usernames and passwords in them (real usernames and passwords, not the factory default dummy authentication entries). Buying a "new" modem or router does not mean that what you get is really new, or that it won't contain information from the previous owner. Have you ever wondered what happens to a modem, router, hard drive, laptop... that is returned to a retailer such as Bestbuy, Staples, Office Depot...? What happens is pretty much that they put new shrink wrap on the box and put it back on the shelf.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


JigglyWiggly

join:2009-07-12
Pleasanton, CA

not true
what if they were a 1337 hacker and they had put a shelled firmware on it that sends the certificates out to a specified destination? They can then clone the modem

or the more obvious solution of just taking the certs first and then sending it back to comcast w/ stock firmware.



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by JigglyWiggly:

not true
what if they were a 1337 hacker and they had put a shelled firmware on it that sends the certificates out to a specified destination? They can then clone the modem

or the more obvious solution of just taking the certs first and then sending it back to comcast w/ stock firmware.

»www.youtube.com/watch?v=Qw9oX-kZ_9k

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
reply to NetFixer

The 3347 I bought "new" on Amazon for $20.00 had an Verizon customer username/password in it.



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by graysonf:

The 3347 I bought "new" on Amazon for $20.00 had an Verizon customer username/password in it.

I doubt that JigglyWiggly See Profile will believe you either.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


sortofageek
Runs from Clowns
Premium,Mod
join:2001-08-19
kudos:23
reply to sjfromreddit

The last post from the OP was three days ago. I don't think we're helping anymore.