[ale] OT: dealing w/comcast

Tony Carter tcarter at entrusion.com
Sat Oct 8 00:50:44 EDT 2005


Bind 8.x used to use port 53 as the source port for recursive queries. 

-Tony

________________________________

From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Jerry Yu
To: ale at ale.org
Sent: Friday, October 07, 2005 10:30 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] OT: dealing w/comcast


for the DNS quirks, I noticed that Comcast is querying my DNS server with
UDP packets (SPORT=53 DPORT=53). My iptables rules for inbound DNS queries
is to allow (SPORT=1024:) thus Comcast queries got logged and rejected.
What's the benefit to have SPORT at 53?


On 10/7/05, Jim Popovitch <jimpop at yahoo.com> wrote: 

	Sid Lane wrote:
	> does anyone know any secret #s, names, URL, voodoo rituals, etc.
to
	> bypass the subclueless level 1 "techs" at comcast?
	>
	> we had intermittent packet loss this morning which my wife called
in
	> (she works from home) then handed the phone to me (3 more min and
I'd 
	> have been gone!).  I told her ("tech") I was getting 50% packet
loss to
	> the dhcp assigned gateway to which she replied "try pinging
yahoo".
	> after trying to explain that yahoo probably doesn't allow icmp
(not sure 
	> but wouldn't assume not) and even if the do we already know the
problem
	> is at or "south" of the gateway she insisted so I played along.  I
told
	> her I got a resolution failure to which she replied "try running a

	> traceroute to yahoo".  I tried asking her what she expected to
learn
	> from that since DNS was failing
	
	Save yourself some headache and replace your DNS server settings
with
	two of these DNS servers provided courtesy of Level3. 
	
	    4.2.2.1
	    4.2.2.2
	    4.2.2.3
	    4.2.2.4
	
	Comcast's DNS servers are notoriously problematic. (probably due to 
	stupid immature 4ack3rz who are customers inside the Comcast
network)
	
	-Jim P.
	
	
	> but she was determined to stick to the
	> script so I dutifully ran it knowing good and well what the result
would 
	> be.  she then told me to "turn off your firewall - we can't ping
you"
	> (can't ping ME? WTF does that have to do w/anything?  to be fair,
I have
	> no idea how to do that on windoze but she wouldn't even pretend to
help 
	> me until I rebooted into it) at which poing I had had enough and
said I
	> would call back later (hoping for someone less clueless; more so
	> certainly isn't possible).
	>
	> anyway, does anyknow know the "secret handshake" to get escalated
to 
	> someone who knows what they're doing?
	>
	>
	>
------------------------------------------------------------------------
	>
	> _______________________________________________
	> Ale mailing list 
	> Ale at ale.org
	> http://www.ale.org/mailman/listinfo/ale
	_______________________________________________
	Ale mailing list 
	Ale at ale.org
	http://www.ale.org/mailman/listinfo/ale
	







More information about the Ale mailing list