Quoting Al Whaley (aw009@sunnyside.com):
That security edge feature is no longer optional on Comcast business accounts. However you can log into your Comcast business website portal as yourself and look at your options and very quickly turn security edge off.
Guys, I've moved this back to balug-admin, because I like the record that keeps, and we're not talking about anything that dannot be public. Is that alright?
Good idea about that accursed SecurityEdge "feature". I've now disabled that blasted thing in the Comcast Business account to the extent they permit, I think?
Initial login takes me to https://business.comcast.com/account/dashboard/accounts/689906011127102015Co... where I see Subscribed Services described as "Business Internet Essential 150 Mbps / 25 Mbps" and below that "SecurityEdgeTM", which is a link, following which goes to https://securityedge.comcast.com/#home , showing tab Dashboard, which has nothing adjustable, but move on to tab Settings, page https://securityedge.comcast.com/#settings/profiles . Here, "Web Filters" had a predefined "protection level" of "Light", but one can select "None", which I did.
Scrolling down the page, everything settable is Off, except that section Internet Security has "Malware & Phishing Protection" set to "On", which slide control is greyed out (unchangeable). Subtitle is "Keeps user from compromising the network or their personal data if they accidentally or intentionally access infected web [sic] pages or click on phishing emails." Select Save at the page bottom to implement.
Slide control "Web Filters" at the top of the page now shows Off.
The other tabs, "Block & Allow Lists", "Block Page Construction", "Domain Lookup", and "Scheduled Reports" don't appear to have anything useful for my purposes.
Orange banner at the very top of the page now says: "Web Filter Protection is now off. To safeguarg your network, Malware, Phishing, and Botnet Protection remains on. Learn More [link]."
Following link goes to https://securityedge.comcast.com/#help/turning-web-filters-on-and-off , which is a long documentation page including justifying preventing turning that part off:
Malware, phishing and botnet traffic is generated by malicious software. Protection against this traffic is critical. This is why we do not recommend disabling the Malware and Phishing setting for any user profile. The setting remains enabled even if you turn off Web Filters.
Also notable:
To turn Web Filters on or off, log in to Comcast Business SecurityEdge. On the top right of any page, click the Web Filters toggle switch: from On to Off to deactivate the Protection Level, Block & Allow Lists and Off-Hours Internet Schedule, or from Off to On to activate them. The ^^^ change is applied immediately. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Noting that final sentence, I now attempt another smoke test, to see if the problem is gone:
$ dig -p 5353 @96.86.170.229 balug.org ;; connection timed out; no servers could be reached $
Nope.
Noting Al's wording "look at your options and very quickly turn security edge off", I try to see if there's another entry point into the account to do so. What about "My Account" over on the far side of the navbar for https://business.comcast.com/account/account-details/689906011127102015Comca... ?
I see: SUBSCRIBED SERVICES: Business Internet - SecurityEdge
Clicking "Business Internt" takes me to https://business.comcast.com/connectivity/internetdashboard/ , Where Item SECURITYEDGEtm Cybersecurity is shown as "Disabled".
At some point, I tried toggling the "Web Filters" toggle from the Off to the On position, and then back to Off. This resulted in my losing connectivity to my server for a few minutes, getting Network Unreachable on my ssh reconnection. I infer that the "modem" device was resetting.
I continute to get... $ dig -p 5353 @96.86.170.229 balug.org ;; connection timed out; no servers could be reached $
Al, Michael, am I missing a trick, here?
And ...
Fine with moving it back to BALUG-Admin (does, after all, at least overlap BALUG, notably BALUG.org DNS and Comcast Business breaking the (5353) redundancy work-around for other things Comcast Business has been known to break (notably with SecurityEdge)).
And Rick, your checks, etc., I don't think you're missing anything. Let me know if, e.g., you need/want me to do anything on, e.g. the 96.86.170.229:5353 side of things.
On Mon, Jun 3, 2024 at 9:36 AM Rick Moen rick@linuxmafia.com wrote:
Quoting Al Whaley (aw009@sunnyside.com):
That security edge feature is no longer optional on Comcast business accounts. However you can log into your Comcast business website portal as yourself and look at your options and very quickly turn security edge off.
Guys, I've moved this back to balug-admin, because I like the record that keeps, and we're not talking about anything that dannot be public. Is that alright?
Good idea about that accursed SecurityEdge "feature". I've now disabled that blasted thing in the Comcast Business account to the extent they permit, I think?
Initial login takes me to https://business.comcast.com/account/dashboard/accounts/689906011127102015Co... where I see Subscribed Services described as "Business Internet Essential 150 Mbps / 25 Mbps" and below that "SecurityEdgeTM", which is a link, following which goes to https://securityedge.comcast.com/#home , showing tab Dashboard, which has nothing adjustable, but move on to tab Settings, page https://securityedge.comcast.com/#settings/profiles . Here, "Web Filters" had a predefined "protection level" of "Light", but one can select "None", which I did.
Scrolling down the page, everything settable is Off, except that section Internet Security has "Malware & Phishing Protection" set to "On", which slide control is greyed out (unchangeable). Subtitle is "Keeps user from compromising the network or their personal data if they accidentally or intentionally access infected web [sic] pages or click on phishing emails." Select Save at the page bottom to implement.
Slide control "Web Filters" at the top of the page now shows Off.
The other tabs, "Block & Allow Lists", "Block Page Construction", "Domain Lookup", and "Scheduled Reports" don't appear to have anything useful for my purposes.
Orange banner at the very top of the page now says: "Web Filter Protection is now off. To safeguarg your network, Malware, Phishing, and Botnet Protection remains on. Learn More [link]."
Following link goes to https://securityedge.comcast.com/#help/turning-web-filters-on-and-off , which is a long documentation page including justifying preventing turning that part off:
Malware, phishing and botnet traffic is generated by malicious software. Protection against this traffic is critical. This is why we do not recommend disabling the Malware and Phishing setting for any user profile. The setting remains enabled even if you turn off Web Filters.
Also notable:
To turn Web Filters on or off, log in to Comcast Business SecurityEdge. On the top right of any page, click the Web Filters toggle switch: from On to Off to deactivate the Protection Level, Block & Allow Lists and Off-Hours Internet Schedule, or from Off to On to activate them. The ^^^ change is applied immediately. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Noting that final sentence, I now attempt another smoke test, to see if the problem is gone:
$ dig -p 5353 @96.86.170.229 balug.org ;; connection timed out; no servers could be reached $
Nope.
Noting Al's wording "look at your options and very quickly turn security edge off", I try to see if there's another entry point into the account to do so. What about "My Account" over on the far side of the navbar for https://business.comcast.com/account/account-details/689906011127102015Comca... ?
I see: SUBSCRIBED SERVICES: Business Internet - SecurityEdge
Clicking "Business Internt" takes me to https://business.comcast.com/connectivity/internetdashboard/ , Where Item SECURITYEDGEtm Cybersecurity is shown as "Disabled".
At some point, I tried toggling the "Web Filters" toggle from the Off to the On position, and then back to Off. This resulted in my losing connectivity to my server for a few minutes, getting Network Unreachable on my ssh reconnection. I infer that the "modem" device was resetting.
I continute to get... $ dig -p 5353 @96.86.170.229 balug.org ;; connection timed out; no servers could be reached $
Al, Michael, am I missing a trick, here?
Rick, Michael, Fine with balug-admin, though I confess when I'm just on my phone I can't as easily send from the right email address, which is why you saw me keep deleting the email list from my To: list.
I confess as well I have been away a few days and not following things as closely as I should but this morning I have tested both of your systems to see if port 53 is blocked and I cannot find that port 53 is blocked at all. I tested by doing simple dig commands @your-nameservers. I assume that's sufficient.
A quick note on SecurityEdgeTM. I did not, on my site, go to the settings for SecurityEdgeTM - instead I stayed on the main business.comcast.com page and disabled the entire product. I suspect that is more effective, but I admit I'm not reading your posts as thoroughly as I should. Specifically, I go to page "https://business.comcast.com/connectivity/internetdashboard/?index" (when logged in) and in the lower left, there's a gear symbol next to the status of SecurityEdge, and clicking on that gives me a pop-up side panel where I can disable the entire product. The product seems at least partly geared to protecting the world from me, not me from the world, and blocks me doing things. Sad, lame, poorly though out product IMHO.
I also did try this command: dig -p 5353 @96.86.170.229 balug.org and had no trouble at all with it.
Specifically all these commands gave exactly the full normal output one would expect and were extremely fast: 1087 2024/06/04 06:54:07 dig a linuxmafia.com 1088 2024/06/04 06:54:17 dig a balug.org 1089 2024/06/04 06:55:54 dig @linuxmafia.com. a linuxmafia.com. 1090 2024/06/04 06:56:43 host ns0.sunnyside.com. 1091 2024/06/04 06:57:26 dig a balug.org 1092 2024/06/04 06:57:30 dig ns balug.org 1093 2024/06/04 06:58:53 dig ns balug.org @96.86.170.229 1094 2024/06/04 07:04:48 dig -p 5353 @96.86.170.229 balug.org
Al
al@post:/z/dns$ dig a linuxmafia.com
; <<>> DiG 9.16.6 <<>> a linuxmafia.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40024 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1472 ; COOKIE: f11d131e6875657301000000665f1c7f041c0db84eb094fe (good) ;; QUESTION SECTION: ;linuxmafia.com. IN A
;; ANSWER SECTION: linuxmafia.com. 36679 IN A 96.95.217.99
;; Query time: 0 msec ;; SERVER: 192.147.248.10#53(192.147.248.10) ;; WHEN: Tue Jun 04 06:54:07 PDT 2024 ;; MSG SIZE rcvd: 87
al@post:/z/dns$ dig a balug.org
; <<>> DiG 9.16.6 <<>> a balug.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11417 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1472 ; COOKIE: b482118c217e285d01000000665f1c898bbff5b5edb3d896 (good) ;; QUESTION SECTION: ;balug.org. IN A
;; ANSWER SECTION: balug.org. 9722 IN A 96.86.170.229
;; Query time: 0 msec ;; SERVER: 192.147.248.10#53(192.147.248.10) ;; WHEN: Tue Jun 04 06:54:17 PDT 2024 ;; MSG SIZE rcvd: 82
al@post:/z/dns$ dig @linuxmafia.com. a linuxmafia.com.
; <<>> DiG 9.16.6 <<>> @linuxmafia.com. a linuxmafia.com. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43273 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 3 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;linuxmafia.com. IN A
;; ANSWER SECTION: linuxmafia.com. 86400 IN A 96.95.217.99
;; AUTHORITY SECTION: linuxmafia.com. 86400 IN NS ns0.sunnyside.com. linuxmafia.com. 86400 IN NS ns3.linuxmafia.com. linuxmafia.com. 86400 IN NS ns.tx.primate.net. linuxmafia.com. 86400 IN NS ns1.linuxmafia.com. linuxmafia.com. 86400 IN NS ns.primate.net.
;; ADDITIONAL SECTION: ns1.linuxmafia.com. 86400 IN A 96.95.217.99 ns3.linuxmafia.com. 86400 IN A 107.204.234.170
;; Query time: 23 msec ;; SERVER: 96.95.217.99#53(96.95.217.99) ;; WHEN: Tue Jun 04 06:55:54 PDT 2024 ;; MSG SIZE rcvd: 203
al@post:/z/dns$ dig ^C al@post:/z/dns$ host ns0.sunnyside.com. ns0.sunnyside.com has address 99.43.100.202 ns0.sunnyside.com has IPv6 address 2600:1700:45a:e520:8099:43:100:ca al@post:/z/dns$ dig a balug.org
; <<>> DiG 9.16.6 <<>> a balug.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64776 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1472 ; COOKIE: e211ccbbe58795cd01000000665f1d46cd1e1ed08173e4ee (good) ;; QUESTION SECTION: ;balug.org. IN A
;; ANSWER SECTION: balug.org. 9533 IN A 96.86.170.229
;; Query time: 0 msec ;; SERVER: 192.147.248.10#53(192.147.248.10) ;; WHEN: Tue Jun 04 06:57:26 PDT 2024 ;; MSG SIZE rcvd: 82
al@post:/z/dns$ dig ns balug.org
; <<>> DiG 9.16.6 <<>> ns balug.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35169 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 8
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1472 ; COOKIE: 1c7d712b366d870601000000665f1d4a2859210ac56d69f9 (good) ;; QUESTION SECTION: ;balug.org. IN NS
;; ANSWER SECTION: balug.org. 245 IN NS nsx.sunnyside.com. balug.org. 245 IN NS nsy.sunnysidex.com. balug.org. 245 IN NS ns0.balug.org. balug.org. 245 IN NS ns1.linuxmafia.com.
;; ADDITIONAL SECTION: ns1.linuxmafia.com. 41793 IN A 96.95.217.99 nsx.sunnyside.com. 39875 IN A 50.242.105.52 nsy.sunnysidex.com. 39875 IN A 50.18.139.240 ns0.balug.org. 245 IN A 96.86.170.229 nsx.sunnyside.com. 39875 IN AAAA 2603:3024:180d:f100:50:242:105:34 nsy.sunnysidex.com. 39875 IN AAAA 2600:1f1c:528:c500:5e0b:8a37:6598:356c ns0.balug.org. 246 IN AAAA 2001:470:1f05:19e::2
;; Query time: 0 msec ;; SERVER: 192.147.248.10#53(192.147.248.10) ;; WHEN: Tue Jun 04 06:57:30 PDT 2024 ;; MSG SIZE rcvd: 327
al@post:/z/dns$ dig ns balug.org @96.86.170.229
; <<>> DiG 9.16.6 <<>> ns balug.org @96.86.170.229 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18557 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 8e52861009e139f9e08c9083665f1d9dd0fd488facdb9e1b (good) ;; QUESTION SECTION: ;balug.org. IN NS
;; ANSWER SECTION: balug.org. 3600 IN NS nsx.sunnyside.com. balug.org. 3600 IN NS ns0.balug.org. balug.org. 3600 IN NS nsy.sunnysidex.com. balug.org. 3600 IN NS ns1.linuxmafia.com.
;; ADDITIONAL SECTION: ns0.balug.org. 3600 IN A 96.86.170.229 ns0.balug.org. 3600 IN AAAA 2001:470:1f05:19e::2
;; Query time: 19 msec ;; SERVER: 96.86.170.229#53(96.86.170.229) ;; WHEN: Tue Jun 04 06:58:53 PDT 2024 ;; MSG SIZE rcvd: 217
al@post:/z/dns$ dig -p 5353 @96.86.170.229 balug.org
; <<>> DiG 9.16.6 <<>> -p 5353 @96.86.170.229 balug.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19989 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 7721edc894b4f780e65714a2665f1f00f62318d534f67494 (good) ;; QUESTION SECTION: ;balug.org. IN A
;; ANSWER SECTION: balug.org. 86400 IN A 96.86.170.229
;; AUTHORITY SECTION: balug.org. 3600 IN NS ns1.linuxmafia.com. balug.org. 3600 IN NS nsx.sunnyside.com. balug.org. 3600 IN NS ns0.balug.org. balug.org. 3600 IN NS nsy.sunnysidex.com.
;; ADDITIONAL SECTION: ns0.balug.org. 3600 IN A 96.86.170.229 ns0.balug.org. 3600 IN AAAA 2001:470:1f05:19e::2
;; Query time: 23 msec ;; SERVER: 96.86.170.229#5353(96.86.170.229) ;; WHEN: Tue Jun 04 07:04:48 PDT 2024 ;; MSG SIZE rcvd: 233
On 6/3/2024 09:36, Rick Moen wrote:
Quoting Al Whaley (aw009@sunnyside.com):
That security edge feature is no longer optional on Comcast business accounts. However you can log into your Comcast business website portal as yourself and look at your options and very quickly turn security edge off.
Guys, I've moved this back to balug-admin, because I like the record that keeps, and we're not talking about anything that dannot be public. Is that alright?
Good idea about that accursed SecurityEdge "feature". I've now disabled that blasted thing in the Comcast Business account to the extent they permit, I think?
Initial login takes me to https://business.comcast.com/account/dashboard/accounts/689906011127102015Co... where I see Subscribed Services described as "Business Internet Essential 150 Mbps / 25 Mbps" and below that "SecurityEdgeTM", which is a link, following which goes to https://securityedge.comcast.com/#home , showing tab Dashboard, which has nothing adjustable, but move on to tab Settings, page https://securityedge.comcast.com/#settings/profiles . Here, "Web Filters" had a predefined "protection level" of "Light", but one can select "None", which I did.
Scrolling down the page, everything settable is Off, except that section Internet Security has "Malware & Phishing Protection" set to "On", which slide control is greyed out (unchangeable). Subtitle is "Keeps user from compromising the network or their personal data if they accidentally or intentionally access infected web [sic] pages or click on phishing emails." Select Save at the page bottom to implement.
Slide control "Web Filters" at the top of the page now shows Off.
The other tabs, "Block & Allow Lists", "Block Page Construction", "Domain Lookup", and "Scheduled Reports" don't appear to have anything useful for my purposes.
Orange banner at the very top of the page now says: "Web Filter Protection is now off. To safeguarg your network, Malware, Phishing, and Botnet Protection remains on. Learn More [link]."
Following link goes to https://securityedge.comcast.com/#help/turning-web-filters-on-and-off , which is a long documentation page including justifying preventing turning that part off:
Malware, phishing and botnet traffic is generated by malicious software. Protection against this traffic is critical. This is why we do not recommend disabling the Malware and Phishing setting for any user profile. The setting remains enabled even if you turn off Web Filters.
Also notable:
To turn Web Filters on or off, log in to Comcast Business SecurityEdge. On the top right of any page, click the Web Filters toggle switch: from On to Off to deactivate the Protection Level, Block & Allow Lists and Off-Hours Internet Schedule, or from Off to On to activate them. The ^^^ change is applied immediately. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Noting that final sentence, I now attempt another smoke test, to see if the problem is gone:
$ dig -p 5353 @96.86.170.229 balug.org ;; connection timed out; no servers could be reached $
Nope.
Noting Al's wording "look at your options and very quickly turn security edge off", I try to see if there's another entry point into the account to do so. What about "My Account" over on the far side of the navbar for https://business.comcast.com/account/account-details/689906011127102015Comca... ?
I see: SUBSCRIBED SERVICES: Business Internet - SecurityEdge
Clicking "Business Internt" takes me to https://business.comcast.com/connectivity/internetdashboard/ , Where Item SECURITYEDGEtm Cybersecurity is shown as "Disabled".
At some point, I tried toggling the "Web Filters" toggle from the Off to the On position, and then back to Off. This resulted in my losing connectivity to my server for a few minutes, getting Network Unreachable on my ssh reconnection. I infer that the "modem" device was resetting.
I continute to get... $ dig -p 5353 @96.86.170.229 balug.org ;; connection timed out; no servers could be reached $
Al, Michael, am I missing a trick, here?
Quoting Al (awbalug@sunnyside.com):
A quick note on SecurityEdgeTM. I did not, on my site, go to the settings for SecurityEdgeTM - instead I stayed on the main business.comcast.com page and disabled the entire product. I suspect that is more effective, but I admit I'm not reading your posts as thoroughly as I should. Specifically, I go to page "https://business.comcast.com/connectivity/internetdashboard/?index" (when logged in) and in the lower left, there's a gear symbol next to the status of SecurityEdge, and clicking on that gives me a pop-up side panel where I can disable the entire product.
When I start (logged in) at https://business.comcast.com/connectivity/internetdashboard/?index and scroll to the lower left, I see under header CYBERSECURITY this sort of stuff
CB SecurityEdgeTM
STATUS o Disabled [gear icon]
(I believe this reflects my previous attempts to disable SecurityEdge, which disabled _most_ of it, allegedly.)
Clicking on the gear icon, I see a pop-up side panel (flush-right), with:
SecurityEdgeTM
Help protect connected devices againt malware, randomware, phishing, and botnet attacks.
STATUS Disabled
That having been said, if I follow a "VISIT SECURITYEDGE" link (there are various ways to get there), and end up at https://securityedge.comcast.com/#home , what I see is
Web Filters: OFF [slide control]
Under Settings tab, I see section "Web Filters" where I elected "None" as opposed to the default setting "Light", below that section "Content Restriction Schedule" slide control set to OFF, below that section Internet Off where slide control Off-Hourse Internet Schedule is set to OFF, below that section Internet Security where slide control "Malware and Phishing Protection" is set to ON and greyed out so this control cannot be toggled by the customer.
Below that, section Search Protection has three checkbox items of "search filter" items that can be enabled, none of which is enabled.
My understanding is that I'd already (a couple of days ago, after seeing the tip from your good self about SecurityEdge no longer being optional for Comcast Business accounts, turned off all of SecurityEdge that I'm allowed to turn off.
That sound correct?
I also did try this command: dig -p 5353 @96.86.170.229 balug.org and had no trouble at all with it.
Yes, that's going to at least _one_ item I'm going to demand that Comcast Busienss cease breaking. It occurs to me, in that regard, that I need to be able to prove that this command _should_ work. Fortunately, I can also ssh into your sunnyside.com host, and cross-check there. So, thank you for confirming that I can use that.
Rick,
May want to consider change in Comcast Business account type ... most notably, if feasible, to get entirely away from the fsckery of the (mis)feature of SecurityEdge. I've got Comcast Business, and SecurityEdge appears absolutely nowhere on my account nor is it even any kind of option or configuration or the like ... unless of course I were to change account type - which of course I certainly don't want to do if it throws the SecurityEdge (mis)feature at me.
Anway, account type - if that might be useful and if Comcast Business still offers it as a type one can switch to ... let's see, on my account, it shows as ... ----- We noticed your network isn’t being protected from cyberthreats with SecurityEdge™. Help protect all connected devices on your business’s network with this simple solution. Get A Preview Invisible My Plan Starter Internet 35 Mbps / 5 Mbps ----- That shows (after login) at URL: https://business.comcast.com/connectivity/internetdashboard/ And fsck no, I'm not clicking that thingy that mentions SecurityEdge™. Anyway, at least when I signed up, that was the lowest cable speed they offered (more than fast enough for my needs, and way faster than the DSL I earlier had) while otherwise satisfying my requirements (some static IPv4s, able to host servers, unblocked outbound access to TCP port 25 on The Internet, etc.). And, I believe one can also have same account/package type, and merely upgrade in speed, without changing account type, if that might be desired/relevant (e.g. to match whatever current speed options you have).
Anyway, might well be worth considering, if feasible, and it makes at least the SecurityEdge™ headaches go away and stay away. So, yeah, may want to "downgrade" at least certain portion(s) that someone else on account earlier "upgraded" <cough, cough> to. Why pay extra for those added unwanted (dis-)services?
On Tue, Jun 4, 2024 at 3:31 PM Rick Moen rick@linuxmafia.com wrote:
Quoting Al (awbalug@sunnyside.com):
A quick note on SecurityEdgeTM. I did not, on my site, go to the settings for SecurityEdgeTM - instead I stayed on the main business.comcast.com page and disabled the entire product. I suspect that is more effective, but I admit I'm not reading your posts as thoroughly as I should. Specifically, I go to page "https://business.comcast.com/connectivity/internetdashboard/?index" (when logged in) and in the lower left, there's a gear symbol next to the status of SecurityEdge, and clicking on that gives me a pop-up side panel where I can disable the entire product.
When I start (logged in) at https://business.comcast.com/connectivity/internetdashboard/?index and scroll to the lower left, I see under header CYBERSECURITY this sort of stuff
CB SecurityEdgeTM
STATUS o Disabled [gear icon](I believe this reflects my previous attempts to disable SecurityEdge, which disabled _most_ of it, allegedly.)
Clicking on the gear icon, I see a pop-up side panel (flush-right), with:
SecurityEdgeTM
Help protect connected devices againt malware, randomware, phishing, and botnet attacks.
STATUS Disabled
That having been said, if I follow a "VISIT SECURITYEDGE" link (there are various ways to get there), and end up at https://securityedge.comcast.com/#home , what I see is
Web Filters: OFF [slide control]
Under Settings tab, I see section "Web Filters" where I elected "None" as opposed to the default setting "Light", below that section "Content Restriction Schedule" slide control set to OFF, below that section Internet Off where slide control Off-Hourse Internet Schedule is set to OFF, below that section Internet Security where slide control "Malware and Phishing Protection" is set to ON and greyed out so this control cannot be toggled by the customer.
Below that, section Search Protection has three checkbox items of "search filter" items that can be enabled, none of which is enabled.
My understanding is that I'd already (a couple of days ago, after seeing the tip from your good self about SecurityEdge no longer being optional for Comcast Business accounts, turned off all of SecurityEdge that I'm allowed to turn off.
That sound correct?
I also did try this command: dig -p 5353 @96.86.170.229 balug.org and had no trouble at all with it.
Yes, that's going to at least _one_ item I'm going to demand that Comcast Busienss cease breaking. It occurs to me, in that regard, that I need to be able to prove that this command _should_ work. Fortunately, I can also ssh into your sunnyside.com host, and cross-check there. So, thank you for confirming that I can use that.
BALUG-Admin mailing list BALUG-Admin@lists.balug.org https://lists.balug.org/cgi-bin/mailman/listinfo/balug-admin
I didn't have that thing on my account either, but when I re-upped my contract on May 14, they said it could not be dropped any more, so now it appears. I was just told to disable it. Yes, I know.... ugh
On 6/4/2024 17:00, Michael Paoli wrote:
Rick, May want to consider change in Comcast Business account type ... most notably, if feasible, to get entirely away from the fsckery of the (mis)feature of SecurityEdge.
Quoting Michael Paoli (michael.paoli@berkeley.edu):
May want to consider change in Comcast Business account type ... most notably, if feasible, to get entirely away from the fsckery of the (mis)feature of SecurityEdge.
Just to be super-clear, your Comcast Business plan designation is:
Starter Internet 35 Mbps / 5 Mbps
Correct?
When I renewed my contract, I became Starter Internet 150/100. That's now their minimum speed. It also broke my static IPv6, so I am on 20 tickets and still at war trying to get tech support to stop closing my tickets without comment. I got a manager to get one ticket assigned to him, so that one won't close, but it hasn't gotten fixed in a week either. In the realm of funny but painful, I got a very nice tier 1 tech this morning who said, "we don't offer IPv6 any more, right?".
On 6/4/2024 17:17, Rick Moen wrote:
Quoting Michael Paoli (michael.paoli@berkeley.edu):
May want to consider change in Comcast Business account type ... most notably, if feasible, to get entirely away from the fsckery of the (mis)feature of SecurityEdge.
Just to be super-clear, your Comcast Business plan designation is:
Starter Internet 35 Mbps / 5 Mbps
Correct?
BALUG-Admin mailing list BALUG-Admin@lists.balug.org https://lists.balug.org/cgi-bin/mailman/listinfo/balug-admin
Yes, that is in fact it.
On Tue, Jun 4, 2024 at 5:17 PM Rick Moen rick@linuxmafia.com wrote:
Quoting Michael Paoli (michael.paoli@berkeley.edu):
May want to consider change in Comcast Business account type ... most notably, if feasible, to get entirely away from the fsckery of the (mis)feature of SecurityEdge.
Just to be super-clear, your Comcast Business plan designation is:
Starter Internet 35 Mbps / 5 Mbps
Correct?