[BALUG-Admin] (forw) Re: Comcast Business apparently blocking 5353 UDP Re: linuxmafia.com "retry limit exceeded"

Al awbalug@sunnyside.com
Wed Jun 5 00:48:50 UTC 2024 

Actually I take it back, 73.189.65.18 must be the WAN address of 
Michael's modem.  That won't appear on a message from Michael, unless 
somehow NAT got involved in the modem?  Not sure if that's quite right.  
I think NAT would come from the last of the assigned static IPv4 
addresses, but IIRC I have also seen messages from a modem's WAN address.

Most interesting.

On 6/4/2024 17:43, Al wrote:
> I think "c-73-189-65-18.hsd1.ca.comcast.net" is their naming system 
> for end modems, not internal infrastructure, but don't quote me.
> When I look up the names of routers in the traceroute I don't think I 
> see that type of name, but it may be that's an irresponsible poorly 
> verified comment on my part.
>
>
> For example from traceroute to Michael:
> 186.78.151.162.in-addr.arpa domain name pointer 
> po-1-rur101.pinole.ca.sfba.comcast.net.
>
> ooooooooooooooh, omigosh - I just perfected a traceroute to Michael, 
> entirely within the CC network:
>
> traceroute to 96.86.170.229 (96.86.170.229), 30 hops max, 60 byte packets
>  1  50.242.105.62  2.080 ms  2.743 ms  3.439 ms
>  2  10.61.209.66  14.028 ms 10.61.209.67  13.729 ms 10.61.209.66 
> 14.373 ms
>  3  96.216.9.141  12.757 ms 96.216.9.137  13.045 ms 96.216.9.141 
> 13.401 ms
>  4  68.85.154.113  21.023 ms 68.85.154.117  21.093 ms 68.85.154.113 
> 20.944 ms
>  5  96.108.99.249  26.011 ms  25.722 ms  26.272 ms
>  6  68.86.143.89  23.688 ms 68.86.143.93  21.156 ms  20.778 ms
>  7  162.151.86.58  22.077 ms  20.330 ms 162.151.87.226  20.215 ms
>  8  162.151.79.134  21.787 ms 162.151.78.186  17.686 ms 
> 162.151.79.134  21.466 ms
>  9  68.85.103.154  19.388 ms 68.85.191.206  12.456 ms 68.85.103.154 
> 14.255 ms
> 10  73.189.65.18  21.185 ms  36.832 ms  31.356 ms
> 11  96.86.170.229  36.366 ms  34.933 ms  34.918 ms
> root@routr0:/z/r/srv#
>
> It appears that 73.thing is in fact Michael's upstream router.
>
> Ok, did everyone else already know that?  Am I late to the party?
>
>
> On 6/4/2024 17:14, Rick Moen wrote:
>> ----- Forwarded message from Al <awbalug@sunnyside.com> -----
>>
>> Date: Tue, 4 Jun 2024 16:29:04 -0700
>> From: Al <awbalug@sunnyside.com>
>> To: Rick Moen <rick@linuxmafia.com>
>> Subject: Re: [BALUG-Admin] Comcast Business apparently blocking 5353 
>> UDP Re:
>>     linuxmafia.com "retry limit exceeded"
>>
>> Rick, you're at the right place - that gear icon and right side panel
>> on business.comcast.com is just the right thing.
>> And I think the situation as you're outlining it is right to me.  So
>> the answer to your question, broadly, is yes I think you have it
>> right.
>> If you end up at securityedge.comcast.com, IMHO you've gone too far.
>> My sense is that all that stuff is disabled back at the right side
>> panel...
>> Once SE (security edge) is disabled I think everything is.  That
>> said, you're being smart about it - if symptoms persist, drill down
>> and look into individual
>> settings for various elements of SE and just make sure they're all off
>> - in case Comcast can't quite sort out how to actually disable stuff.
>> AFAIK however your nets (yours and Michaels) are unrestricted.
>> My tests from here are that access to both 96.86.170.229 and
>> 96.95.217.99 on port 53 is not blocked (and not just those /32s but
>> the entire subnet in each case).
>> I am looking back over email from the last few days trying to sort out
>> where 73.189.65.18 crept into the conversation.
>> As I mentioned I have been unable to focus sufficiently on this the
>> last few days, and missed where that came from.
>> I also haven't looked closely enough at the discussion to see if what
>> I am trying to reproduce isn't exactly where you're having trouble.
>> I'll go back over the notes and see if I can pay more attention to the
>> details and whether I can actually add any insight to the discussion.
>> Al
>>
>> ----- End forwarded message -----
>>
>>
>> To clarify, I noticed "73.189.65.18" as the source of NOTIFYs for
>> Michael's domains, which can legitimately come _only_ from Michael's
>> authoritative nameserver, IP 96.86.170.229.
>>
>> And 73.189.65.18 is Comcast's _own_ IP, not Michael's.
>>
>> :r! dig -x 73.189.65.18 +short
>> c-73-189-65-18.hsd1.ca.comcast.net.
>>
>> So, something is rotten, there.  I'm immediately inclined to suspect
>> that Comcast is playing man-in-the-middle games with DNS traffic.
>> Which, if true, suggest Comcast acting like a rogue state security
>> agency or one operating on behalf of a totalitarian state.  Not a good
>> look.
>>
>>
>>
>> _______________________________________________
>> BALUG-Admin mailing list
>> BALUG-Admin@lists.balug.org
>> https://lists.balug.org/cgi-bin/mailman/listinfo/balug-admin
>
>
> _______________________________________________
> BALUG-Admin mailing list
> BALUG-Admin@lists.balug.org
> https://lists.balug.org/cgi-bin/mailman/listinfo/balug-admin

More information about the BALUG-Admin mailing list