Skip to content
Skip to main content

  • Home

gwm's profile
gwm

New Member

 • 

1 Message

Wednesday, April 5th, 2017 1:00 PM

Comcast Infrastructure connectivity (outside customer control)

Hi everyone... FNG here.

 

My first day to really explore the new business offering and things are a LITTLE squirrelly...

 

Yesterday (Tuesday April 4th) looking at traceroutes from my office (to port.sfreebsd.org AKA 8.8.178.110) I was getting "stars" from 69.139.164.217 and 68.86.86.90:

 

traceroute to 8.8.178.110 (8.8.178.110), 64 hops max, 40 byte packets
 1  192.168.XXX.17  0.304 ms  0.191 ms  0.179 ms
 2  192.168.XXX.1  6.248 ms  13.389 ms  6.185 ms
 3  96.120.101.249  32.828 ms  21.222 ms  29.131 ms
 4  162.151.83.205  24.459 ms  25.722 ms  23.664 ms
 5  69.139.164.222  21.199 ms  27.355 ms  27.373 ms
 6  69.139.164.217  *  *  *  <==
 7  68.86.93.165  25.198 ms  30.095 ms  29.873 ms
 8  68.86.86.90  *  *  *  <==
 9  173.167.58.74  36.076 ms  40.685 ms  32.638 ms <== Comcast down in CA - probably 1 Wilshire
10  62.115.118.171  49.972 ms                                    <== telia.net - so this is a peering down in CA
    62.115.118.169  49.981 ms
    62.115.118.171  51.315 ms
11  213.248.89.47  54.528 ms  49.761 ms  47.525 ms
12  216.115.101.225  43.947 ms  47.489 ms  53.052 ms
13  8.8.178.93  61.822 ms  66.346 ms  60.862 ms
14  8.8.178.110  48.052 ms  42.285 ms  52.933 ms

 

Those are Comcast routers (I'm in the Seattle area BTW):

 

nslookup 69.139.164.217

be-29-ar01.seattle.wa.seattle.comcast.net.

 

nslookup 68.86.86.90

be-10846-pe01.seattle.wa.ibone.comcast.net.

 

traceroute to 77.86.229.90 (77.86.229.90), 64 hops max, 40 byte packets
 1  192.168.XXX.17  1.115 ms  0.188 ms  0.187 ms
 2  * 192.168.XXX.1  16.498 ms  14.481 ms
 3  96.120.101.249  34.368 ms  34.100 ms  21.340 ms
 4  162.151.83.205  34.545 ms  24.292 ms  30.880 ms
 5  69.139.164.222  29.132 ms  22.758 ms *
 6  69.139.164.217  20.568 ms  26.373 ms  30.035 ms
 7  * 4.68.71.73  30.404 ms  29.135 ms
 8  4.69.203.22  220.831 ms  <==
    4.69.203.18  219.094 ms  <==
    4.69.203.30  230.085 ms  <==
 9  4.69.203.26  209.970 ms  <==
    4.69.203.22  220.313 ms  <==
    4.69.203.26  220.022 ms  <==
10  212.73.248.34  219.477 ms  220.850 ms  219.129 ms
11  83.145.255.110  203.942 ms  206.290 ms  212.207 ms
12  83.150.93.49  217.734 ms  229.748 ms  209.975 ms
13  *

 

Those "multiple hops" in the traceroute above are in Helsinki, Finland BTW (defintely not Comcast's problem) 🙂

 

Anyway, since I'm an Internet Security Professional (tm) I figured...let's see what's out there.  Throw some UDP packets at those IP addresses and see what comes back.

 

Slightly disturbing when you get this (relatively good) scan output for one router (when scanning for UDP ports):

 

Nmap scan report for 68.86.86.90
Host is up (0.0076s latency).
All 1000 scanned ports on 68.86.86.90 are open|filtered (932) or closed (68)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: router
Running: Cisco IOS XR 3.X
OS CPE: cpe:/o:cisco:ios_xr:3
OS details: Cisco CRS-1 router (IOS XR 3.4.1 - 3.6.2)

 

That's good...but this is not good:

 

Nmap scan report for 69.139.164.217
Host is up (0.0082s latency).
Not shown: 985 filtered ports
PORT      STATE         SERVICE
123/udp   open|filtered ntp
161/udp   open          snmp
162/udp   open|filtered snmptrap
514/udp   open|filtered syslog
1031/udp  open|filtered iad2
1053/udp  open|filtered remote-as
1701/udp  open|filtered L2TP
17580/udp open|filtered unknown
18996/udp open|filtered unknown
22124/udp open|filtered unknown
32815/udp open|filtered unknown
34125/udp open|filtered unknown
39632/udp open|filtered unknown
42557/udp open|filtered unknown
48255/udp open|filtered unknown
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: router
Running: Cisco IOS XR 3.X
OS CPE: cpe:/o:cisco:ios_xr:3
OS details: Cisco CRS-1 router (IOS XR 3.4.1 - 3.6.2)

 

WTH Comcast? I shouldn't be seeing any of those ports open, should I?

 

Plus the timeouts in PING (yeah I know, use a real connectivity tool) made me decide that I ought to throw this up on the forum and see whether anyone cares.

 

BTW Comcast (or whoever) PLEASE don't come back to me with "you're using "hacker tools in violation of your terms of service" or similar. I'm an Internet Security Professional, did I mention that? I'm not the evil spammer/Russian gangster/Chinese IP stealer you're looking for, so plase don't knee jerk me for nmapping your ISP routers to try and help you figure out what I'm seeing on your network.

 

FWIW looking at the traceroutes today (Wednesday) everything seems to be responding properly so I'm kind of curious whether what I experienced yesterday was

(a) some interruption in service

(b) maintenance (during the day? Seriously?!?) or

(c) squirrels

 

=;^)

 

Question

747

0

0

0

No Responses!