Skip to content
PDX_LabCoat's profile

New Contributor

 • 

6 Messages

Tue, Jul 28, 2020 4:00 PM

Disable Security Edge

Hello,

 

I need help disabling Security Edge on my account. It hijacks DNS requests, no matter what DNS server you are using.

 

nslookup google.com 4.3.8.5
Server:		4.3.8.5
Address:	4.3.8.5#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.6.46

As you can see, 4.3.8.5 is NOT a real DNS server, but instead hijacked by the Security Edge DNS servers and resolves queries. We cannot and do NOT want this on our network. We do testing that relies on an IP actually being a nameserver, and some software requires it to fail if a device uses an invalid DNS server.

 

At this point, my only option is to change providers if Security Edge cannot be disabled. I have went to the Security Edge portal and disabled all that I could, but this does not prevent the DNS hijacking that's going on. I understand what Security Edge does, but it is not needed on our system, as we have our own internal firewalls and devices that manage all of our IPS/IDS.

 

Thank you for your help!

Responses

Official Employee

 • 

261 Messages

1 y ago

No problem at all. We have a dedicated team that is always here to help you on forums. Even though we have a service issue to fix I look forward to the opportunity to speak with you. I am very sorry Security Edge may be hindering your online experience. I know this must be an unnecessary obstacle and I can do my part to get the feature disabled if this is something you decide to do. Are you able to send a private message? If you can include your name, service address, and account number (or phone number) this would be perfect!  

New Contributor

 • 

6 Messages

1 y ago

PM sent. Any update?

New Contributor

 • 

6 Messages

1 y ago

I have submitted the PM again. I would really like to get Security Edge disabled ASAP, as switching the modem to bridged mode only causes it to revert back within 24 hours. This is now causing business interruptions for us as well as extra costs migraing current servers to Azure and using VPN to get things done. This wouldn't be the case if we could flip a switch in the Security Edge site to completely disable it, instead we are at the mercy of waiting for a response. This is just unacceptable.

 

Here is proof of the first PM that you say you cannot find, as well as this followup one. Maybe contact the team that manages your forum and figure out why our PM's always disappear and we have to contact multiple times. (a quick search of the forum shows it's a common occurance). Please get that issue fixed on your end, or give us access to direct email support instead of forcing us to use the forums or call the 800 number only to be sent to residential CSR's who mess up your account.

Screen Shot 2020-07-30 at 10.09.25 PM.png

Official Employee

 • 

261 Messages

1 y ago

I apologize, I am not seeing your private message. If you click on my name do you see an option to send a private message this way? 

Official Employee

 • 

144 Messages

1 y ago

Hi there! I'm so sorry for the delay. During this time, we are doing our very best to make sure we respond to you as soon as possible. Thanks so much for reaching out. You've absolutely reached the right place, and are in good hands. I will own this Issue for you and ensure that I provide the best help I can today. Can you please send me a private message with the last four of the account number and/or last statement balance, your full name, phone number, and service address including city, state, and zip code?

New Contributor

 • 

6 Messages

1 y ago

This is the last time I am sending that info via PM. Getting annoyed with having to send it and NOTHING getting done. It’s time to switch to Level3 fiber services instead of Comcast.

New Contributor

 • 

6 Messages

1 y ago

Hello,

 

I have not recieved any update since PM'ing my info to Comcast_Gina. Is there any update on this? I would like to stop paying for hosted services and host them on-site again, without Security Edge enabled.

New Contributor

 • 

1 Message

1 y ago

I also had a screaming match with Comcast over this SecurityEdge "product" that is in fact a DNS hijacking attack. The salesperson promised it could be turned off completely through the Comcast portal, but this was a lie; it cannot be disabled without Comcast sales removing it from your account and selling you a diferent package, thus dramatically increasing the price. I was sold to me originally as part of an upgrade package that was a good deal (I did not ever want SecurityEdge and the sales person promised over the phone it could be disabled). However, when this SecurityEdge "product" caused massive issues with our network (caused traffic to fail on our network since our firewall flagged the DNS Hijacking as an attack), the only solution Comcast would offer was to remove the package pricing and give me the services at full retail, thus doubling the price, even though I was getting "less" services than with the package. (Edited: Soliciting)

Official Employee

 • 

144 Messages

1 y ago

Hi there! I'm so sorry for the delay. During this time we have a need for an increased support, but we are doing our very best to make sure we respond to you as soon as possible. Thanks so much for reaching out. You've absolutely reached the right place, and are in good hands. I will own this Issue for you and ensure that I provide the best help I can today. All I need is your full name, account number (follow link https://comca.st/2QR7eHu, account number is at the top right)and address including city, state, and zip code exactly how it reflects on the bill, and I can help you with whatever questions or concerns you may have. 

Contributor

 • 

23 Messages

6 m ago

PDX_LabCoat

Were you ever successful getting that DNS hijacking turned off by support ? 

New Contributor

 • 

6 Messages

6 m ago

I just got 300/30 package that includes "Security Edge" I was able to disable the web filters in the dashboard.

lac@heron:~$ nslookup google.com 4.3.8.5
;; connection timed out; no servers could be reached

 

Contributor

 • 

23 Messages

2 m ago

I wish it was really that easy... had to work a failover this week end and was unable to bring the business applications onto my comcast servers as edge is still blocking my local dns servers from downloading zones and accessing information needed at the root level servers... 

mgc@infra:~$ nslookup google.com 4.3.8.5
Server:         4.3.8.5
Address:        4.3.8.5#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.12.206
Name:   google.com
Address: 2607:f8b0:4006:808::200e

I have had webfilter turned off since day 1... 

New Contributor

 • 

1 Message

1 m ago

After MULTIPLE calls to Comcast and several CR, Security Edge is STILL not completely disabled.  I do NOT want Comcast doing deep packet inspection of our traffic.  We also run our own DNS system on our own servers.  So...

HOW DO WE GET SECURITY EDGE 100% DISABLED????

Official Employee

 • 

31 Messages

Hello there, @netwiz100. Most of the settings to control/manage the Security Edge is built into the web portal. If you are still having issues after disabling all of that, please reach out to us via  PM with your name and address. 

 

To send a private message, please click on the chat icon on the top right next to the bell. Please make sure to send the message to our singular handle "Comcast Business" and we will get back to you ASAP.

Visitor

 • 

1 Message

The only way I have found to work "around" the DNS hijacking Comcast is doing is by setting up my own internal DNS resolver and then having it do DNS over TLS to cloudflare and a few others that support it. At that point, Comcast can't do deep packet inspection and they let the traffic pass. Problem mostly solved. I say mostly, because we still get occassions when we have pages timeout like we did before the DNS over TLS solution, but that is only a few times a week and a refresh usually clears it up.