LAN Gateway - Can't change last Octet

Hello dr_jim and welcome,

If you are referring to the Comcast Gateway (CG) LAN DHCP Server address d-octet, this cannot be changed on most CGs due to the Comcast default 10.1.10.1 having base address and internal .2-9 having internal usage significance. You will notice that on most CGs the typical starting dynamic IP address d-octet range is at .10 to .199.  However, there is no issues with changing most CGs a.b.c octets to whatever your business needs require.

Hope this helps you out.  

It really does not why should the security of our network be compromised by having to use any numbers from comcast.  This is why they are local area network addresses the key term is is local.

It escapes me as to why using the standard lease significant d-octet = 1 and allowing the usage of most significant a,b,c-octets would be compromising your network? I would be very interested if you could provide an illustrative example of being compromised based on the d-octet.

I have seen many business class customers re-program their CG LAN DHCP Server address to something like 192.168.2.1 with a subnet mask of 255.255.255.0 (or 1 or 2......) for various network configuration and routing reasons.

Well let me help you out.  If everyone knows that your router is located at a x.x.x.1 address that is one piece of information that they no longer have to gain to compromise the network.  Additionally, if x.x.x.1 is used DOS attacks can be made from inside and since the router is on x.x.x.1 it is easy to figure out where to aim the attack.

The thing is no ISP should dictate the use of your internal network numbers.

Well, you could always bridge the DPC and use your own router; then you could use any numbering scheme you wanted.

As for the "security" implications, you should keep in mind that no matter what number you set that last octet, every machine on the network will still have that address configured as its default gateway, providing that machine has obtained its IP configuration via DHCP, or has been assigned statically. So any malware on your machines would only have to read the machine's default gateway address; the malware would then have the address of the router.