[BALUG-Admin] Comcast Business apparently blocking 5353 UDP Re: linuxmafia.com "retry limit exceeded"

Rick Moen rick@linuxmafia.com
Mon Jun 3 16:36:07 UTC 2024 

Quoting Al Whaley (aw009@sunnyside.com):

> That security edge feature is no longer optional on Comcast business
> accounts. However you can log into your Comcast business website
> portal as yourself and look at your options and very quickly turn
> security edge off.

Guys, I've moved this back to balug-admin, because I like the record
that keeps, and we're not talking about anything that dannot be public.
Is that alright?

Good idea about that accursed SecurityEdge "feature".  I've now disabled
that blasted thing in the Comcast Business account to the extent they
permit, I think?  

Initial login takes me to
https://business.comcast.com/account/dashboard/accounts/689906011127102015Comcast.IMS
where I see Subscribed Services described as "Business Internet
Essential 150 Mbps / 25 Mbps" and below that "SecurityEdgeTM", which is 
a link, following which goes to https://securityedge.comcast.com/#home ,
showing tab Dashboard, which has nothing adjustable, but move on to tab
Settings, page https://securityedge.comcast.com/#settings/profiles .
Here, "Web Filters" had a predefined "protection level" of "Light", but
one can select "None", which I did.

Scrolling down the page, everything settable is Off, except that section
Internet Security has "Malware & Phishing Protection" set to "On", which 
slide control is greyed out (unchangeable).  Subtitle is "Keeps user
from compromising the network or their personal data if they
accidentally or intentionally access infected web [sic] pages or click
on phishing emails."  Select Save at the page bottom to implement.

Slide control "Web Filters" at the top of the page now shows Off.

The other tabs, "Block & Allow Lists", "Block Page Construction", 
"Domain Lookup", and "Scheduled Reports" don't appear to have anything
useful for my purposes.

Orange banner at the very top of the page now says:  "Web Filter
Protection is now off.  To safeguarg your network, Malware, Phishing,
and Botnet Protection remains on.  Learn More [link]."

Following link goes to
https://securityedge.comcast.com/#help/turning-web-filters-on-and-off , 
which is a long documentation page including justifying preventing
turning that part off:

  Malware, phishing and botnet traffic is generated by malicious
  software. Protection against this traffic is critical. This is why we do
  not recommend disabling the Malware and Phishing setting for any user
  profile. The setting remains enabled even if you turn off Web Filters.

Also notable:

  To turn Web Filters on or off, log in to Comcast Business SecurityEdge.
  On the top right of any page, click the Web Filters toggle switch: from
  On to Off to deactivate the Protection Level, Block & Allow Lists and
  Off-Hours Internet Schedule, or from Off to On to activate them. The
                                                                   ^^^
  change is applied immediately.
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Noting that final sentence, I now attempt another smoke test, to see if
the problem is gone:

$ dig -p 5353 @96.86.170.229 balug.org
;; connection timed out; no servers could be reached
$

Nope.

Noting Al's wording "look at your options and very quickly turn
security edge off", I try to see if there's another entry point into the
account to do so.  What about "My Account" over on the far side of the
navbar for
https://business.comcast.com/account/account-details/689906011127102015Comcast.IMS
?

I see:
  SUBSCRIBED SERVICES:
  Business Internet
    - SecurityEdge

Clicking "Business Internt" takes me to
https://business.comcast.com/connectivity/internetdashboard/ , Where
Item
  SECURITYEDGEtm
  Cybersecurity  
is shown as "Disabled".

At some point, I tried toggling the "Web Filters" toggle from the Off to
the On position, and then back to Off.  This resulted in my losing
connectivity to my server for a few minutes, getting Network Unreachable 
on my ssh reconnection.  I infer that the "modem" device was resetting.

I continute to get...
$ dig -p 5353 @96.86.170.229 balug.org
;; connection timed out; no servers could be reached
$

Al, Michael, am I missing a trick, here?

-- 
Cheers,                          "Mastodon: owned by nobody and/or everybody!
Rick Moen                        Seize the memes of production!"  -- jwz 
rick@linuxmafia.com              https://www.jwz.org/blog/2023/11/mastoversary/
McQ! (4x80)

More information about the BALUG-Admin mailing list