Comcast Warns Customers Suspected of Bot Infection

eldavojohn writes "Comcast is pushing a new program nationwide that warns customers if they might have a bot infection. It puts a semitransparent overlay on the top of the website you're viewing, warning you that you may have a bot installed if the provider detects botnet traffic from your residence. Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

Mixed feelings

[The_mad_linguist]

It's good that Comcast is actually doing something, but I'm not really sure how effective it will be, and the precedent it sets makes me a little leery. Not sure how I feel about this.

Re:Mixed feelings

[shoehornjob]

Customer education is an issue with this one. I haven't talked to someone with that issue but we offer free Norton with internet service so there's no reason you can't protect yourself from some of the common threats. The thing that gets most people though is the drive by bots. People have to abandon the plug and play web mentality as that's what gets them in trouble. One person told me she got a pop up telling her that the computer was infected with 45 viruses. I'm like WTF?? but they fall for it all the time. Education is the only thing that can fix that problem.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Mixed feelings

[Capt.DrumkenBum]

An email to the address they have on file would be much less creepy and more effective, IMO.

Because people will ignore the email.
Just one more piece of spam.

Re:

[spazdor]

Something like "HEY, YOU, Customer #4572953, have a virus and this is your ISP, Comcast, telling you so. Please call our tech support at 1-888-IPGOUGE for removal help, and you should probably verify that phone number against your own documents before calling it."

Re:

[gd2shoe]

Sorry, but that does rather look like spam.

Re:

[Thinboy00]

What if it had your home address, name, censored billing information (credit card xxxx....1234) etc?

Re:

[Sir_Lewk]

Very creepy spam? I know I wouldn't even get far enough into reading it to realize.

Re:

[marcello_dl]

And all the people who use ISP-independent email (which is good practice anyway as an ISP change will be easier) won't even receive it.

Having said that, the overlay is about the worst way they could have used the WWW.

What about a redirection of all www traffic to a warning page?

After you click a checkbox that says OK I got it but I'm in a hurry let me finish surfing which sets a session cookie, or after n http requests or n minutes since the first recent http request normal behavior would be restored.

This i

Re:

[nametaken]

True, maybe an automated phone call with a, "Press 1 to speak with a Comcast representative"?

Re:

[Capt.DrumkenBum]

I don't know about you. But as soon as I realize it is a call from an autodialer, I hangup.

Re:

[nacturation]

I don't know about you. But as soon as I realize it is a call from an autodialer, I hangup.

One trick if you don't recognize the caller ID is to pick up the phone and just listen. If it's complete silence on the other end, it's an autodialer and it will hang up after five seconds or so. Bonus points if you play the "number not in service" tone -- download that from here [voip-info.org] and play the "ss-noservice" file.

Re:

[ls671]

I just play a message telling the caller to press 1 to speak to me, wait 3 seconds then send them to the fax if they don't press any key. Actually, pressing any key routes the call to me. I swear, it is pretty efficient.

Playing the SIT tone (Zapateller) as you suggest might cause you to miss legitimate calls. In my case, the worst that happens is that legitimate callers have to call twice if they were distracted and not quick enough to punch in a key the first time.

If you do not have a fax, you could always

Re:

[zippthorne]

Many of comcast's cable customers are also phone service customers, they could just unobtrusively add a voicemail message to those accounts.

And I don't see why they shouldn't be able to send voicemails out-of-network, too. There's no reason the phone needs to actually ring for this, if it's in your voicemail you'll get the message eventually.

Re:

[mcgrew]

How about a message that comes with the monthly bill in snailmail?

Re:

[shoehornjob]

An email to the address they have on file would be much less creepy and more effective, IMO

I agree but not everyone uses Comcast email.

Re:

[Anonymous Coward]

If the customer fails to address the issue promptly, then Comcast should disable their connection. When they call in, Comcast could easily ask them for a email address to forward such communications to.

I work for an ISP and this is how we handle it. (Of course, we're small, so we also call the customer on the phone number(s) on their account.)

Re:

[gd2shoe]

Of course, we're small, so we also call the customer on the phone number(s) on their account.

You mean you're considerate and rational. Technically, there's nothing keeping the big players from doing the same thing. (besides being inconsiderate and irrational)

Re:

[spazdor]

That, and they seem to have an increasingly small workforce which is able to communicate effectively in English over the phone. ...Oh yeah, like you said.

Re:

[shentino]

Comcast cannot be trusted to not "mistake" torrent traffic for virus traffic, especially if the MAFIAA tried to either bribe OR extort them to tell their techies to look the other way before being able to tell the difference.

They've already been caught red handed screwing with torrents once before. Giving them plausible deniability with an opportunity to cover it up as virus quarantine is not a good idea.

Re:

[PopeRatzo]

I work for an ISP and this is how we handle it.

Yes, but your business plan is probably just to profit from providing internet bandwidth to customers.

Comcast has a whole 'nother agenda.

Re:

[avandesande]

The people most likely to get an infection are exactly the ones that need a blunt warning like this.

Re:Mixed feelings

[amicusNYCL]

That's a good point, but the screenshot [krebsonsecurity.com] does look pretty reasonable. It could have been done a lot worse, but it looks like they're at least acknowledging the trust issue.

That being said, it's not difficult to figure out which ISP a certain IP belongs to and for someone to forge these things.

Re:

[mewsenews]

An email to the address they have on file would be much less creepy and more effective, IMO.

"E.. mail? You mean that thing that our marketing dept uses to send out propaganda? Who reads that shit?" -- Comcast Exec

Re:

[interkin3tic]

A thought that just struck me - if Comcast is using web overlays to pass on this info, it will, if anything, serve to legitimise the "Your computer is infected click here and give us your credit card details to fix it" pop-ups.

Any thoughts from people who know more than me as to whether comcast just didn't think of this, or did and just doesn't care? On the one hand, they are comcast and don't have a reputation for forward thinking. On the other hand, they are comcast and don't have a reputation for giving two shits about their customers.

Any chance this is just the path of least resistance to say "Hey, we tried to help, but you ignored our warnings, the malware took you over your quota and you owe us $400," not caring if the us

Re:Mixed feelings

[Hamsterdan]

What about a phone call? My ISP does this. Granted, it only has about 1.5 million customers. The way it goes is first, a phone call, if they are unable to talk to the person, they disable the modem until they call back. They only do this for large botnets, unless they receive a complaint about an IP.

But it *IS* effective.

Overlays and emails will only teach people to click on fake antivirus warnings, like you said...

Re:

[Burz]

You're right, but it *also* legitimizes the act of an ISP editing your data stream.

Norton? Really?

[iYk6]

we offer free Norton with internet service so there's no reason you can't protect yourself from some of the common threats.

You mean the common threats like Norton? The only people who should install Norton is computer experts, and the only reason they would want to is so they can figure out how to uninstall it.

Re:

[PopeRatzo]

The only people who should install Norton is computer experts

Anyone who would install Norton is no "expert".

Re:

[nacturation]

The only people who should install Norton is computer experts

Anyone who would install Norton is no "expert".

Noob. An expert would have read the second half of the sentence: "... and the only reason they would want to is so they can figure out how to uninstall it." Because, as you now know, uninstalling it makes this wonderful 'whoosh' sound.

Re:

[apoc.famine]

Yeah. The only AV that I've seen that's anywhere as bad as Norton is CA. I still can't get that off my GF's computer. I've spent 3 hours already. Norton Corporate is awesome. Nobody should have to deal with Norton Home. Ever. It's cruel and unusual punishment.

Re:

[dnaumov]

Customer education is an issue with this one. I haven't talked to someone with that issue but we offer free Norton with internet service

What is wrong with you? No, really? Have you actually used the recent Norton versions? I reckon a fair share of those who actually have would agree that Norton's presence on one's PC is actually worse than most malware infections.

Re:Mixed feelings

[Nerdfest]

If they''re inspecting your traffic (and I really don't think they should be allowed to without a warrant) this is probably one of the few good things that they could do with what they see.

Re:

[Anonymous Coward]

FTFA:

Douglas said the bot intelligence is coming from Damballa, an Atlanta-based security company that monitors botnet activity and identifies botnet control networks. If Damballa spots a Comcast Internet address that is phoning home to one of these botnet command centers, Comcast’s system flags that customer’s address for a service notice.

Re:

[PopeRatzo]

If they''re inspecting your traffic (and I really don't think they should be allowed to without a warrant) this is probably one of the few good things that they could do with what they see.

So as long as they're doing it to make you more secure, it's OK if they inspect your traffic? I know you're not saying that.

I'd bet that we could get a dozen better ways from readers here to isolate bot-infected computers and prevent their spread without having to resort to letting Comcast move into your house and make s

Re:

[thegarbz]

If they weren't "inspecting" traffic then the internet wouldn't work. How else would you route data from one computer to another without inspecting the traffic to see where the data needs to go? This same level of data can also tell you if the computer is a bot. For instance if your computer is only sending data to a port 25 to seemingly random hosts continuously for days, take a guess at what is happening, it's likely to only be one of two things. Same thing for suddenly getting a lot if 100% identical req

Re:

[PopeRatzo]

It's good that Comcast is actually doing something, but I'm not really sure how effective it will be, and the precedent it sets makes me a little leery.

Who wants to bet that torrent trackers and users of uTorrent will end up with these "overlays"?

Re:

[Burz]

You're right to feel leery. Comcast should not be altering the content of your web pages AT ALL. In addition, the effectiveness of this tactic over time is questionable: Malware and scam artists are already using popup-style alerts.

The canvas of a web page is simply the wrong context for security alerts. An email would be a bit better, and a US mail postcard or phone call would be better still.

Re:

[ls671]

Well, at least it seems to beat Comcast waiting on reports like this one before taking action with an infected customer. Maybe they realized that all that unwanted traffic cost them money after all.

From abuse-report@myhost Thu Sep 2 08:52:54 2010
Date: Thu, 2 Sep 2010 08:52:03 -0400
From: abuse-report@myhost
To: abuse@comcast.net
Subject: Report of abuse from one of your IP: 75.149.85.71

Hello,

An IP from your network is scanning one of our machine
Culprit IP on YOUR network: 75.149.85.71
Victim IP on OUR network:

That's Weird...

[Shadow Wrought]

Anyone know why there's an overlay saying, "The Cowboy Neil Bot is feeding," on my screen?

Bots are a terrible infection to have

[BadAnalogyGuy]

I saw this one video where the bot was basically pulled right out of the infection with tweezers. In another, the bot broke off halfway out and the guy had to have the rest removed by a surgeon, but not without great pain.

Normal insecticide and pest repellent doesn't even work with these things. You really need to keep your netting clean and free of holes. One small hole and you'll wake up with bots dug into your skin and larva chewing at your subcutaneous layer of fat.

Re:

[PopeRatzo]

I saw this one video where the bot was basically pulled right out of the infection with tweezers. In another, the bot broke off halfway out and the guy had to have the rest removed by a surgeon

I heard that if you hold a lit cigarette over the infection, the bot will back out on his own.

Re:

[gd2shoe]

Ever try Adipos [wikia.com]? It appears to be an easier and more hygienic (if equally unsettling) way to deal with that extra fat.

Excellent idea

[rlp]

I'm not a big fan of Comcast, but this is an excellent idea. If all broadband providers would do this, they could put a serious dent in bot nets and reduce the amount of spam and the phishing attacks.

Re:

[jack2000]

Just wait till the YOUR PC IS INFECTED crowd picks this up, they are going to have a field day with this.
In my opinion people should get a warning next time they pay their monthly fee and if they do nothing about it maybe a stupid-tax or something.

Re:Excellent idea

[green1]

What happened to the good old days of ISPs where if your computer was being a menace the ISP phoned you, and if you still didn't fix it they cut off your internet access until you did?

It worked. and it worked well.

Re:

[jack2000]

I agree but people these days will get all upity if you start disconnecting them. So i propose a bastard tax

Re:

[shentino]

Simple.

They got taken over by the days where we got fed up with chicken shit companies abusing their power and losing our trust to let them have internet police powers.

I think an ISP should be able to block downstreamers who are spewing spams.

Trusting them to do so and leave alone torrents and the like, however, is another story.

Re:

[nurb432]

It will backfire as people will be un-taught the 'dont click on popups' lesson being taught now.

Begging for phishing

[Inominate]

Comcast is creating a system where unrelated websites will notify you of problems in your computer. This is the "Virus detected click here to install antivirus 2011!", except being legitimate it tells people to trust what a random website tells them. Way to train users to trust any website popup, I expect this will result in new phishing scams.

The only upshot is that the people who are infected are often the ones who already install anything that a popup warning tells them to.

Wait, what?

[XanC]

The method they chose for notification is to man-in-the-middle my connections? Are they injecting Javascript into sites I visit? Does this mess with protocols other than HTTP? Why can't they just send an email to the account holder, or call them with a recorded message? Why break your service in order to fix it?

Re:Wait, what?

[ceep]

I think this is a good method. It's a lot harder to ignore than other ways that you've suggested (how much of an automated phone message would you listen to if it started as "This is a courtesy call from Comcast internet services ..."). HTTP also a service that people are more likely to use every day, and there's little chance that an errant spam filter will block it.

A risk - in theory - is that when people see this popup, they'll say "I'm supposed to not interact with these things" and just click "Close," rather than understanding what it says. On the other hand, if your computer is infected with some sort of 'bot, you probably click through things like this anyway.

Re:

[XanC]

No, doing this to people's connections is inexcusable. If they're being a problem on the network, then they should be cut off. But inserting yourself into their communications is simply wrong.

That would solve the "how to get in touch with them" problem... They'll come to you!

Re:Wait, what?

[Dunbal]

Let's look at the following:

1. By definition, an internet service provider IS a man in the middle. To everyone whining about using this method - welcome to the real world. A man in the middle approach is the easiest one for the man in the middle to take.
2. Perhaps the ISP should just terminate the accounts of users of infected machines, since I am sure running an infected machine on the net is a violation of the TOS somewhere.

I WANT them to break the service and force people to upgrade, instead of continuing to spew their filthy zombie attacks all over the net. The more dramatic and attention getting, the better. Face it - your mission critical systems should not be on a residential account anyway, RIGHT? That's what the premium priced business packages are for... So what if grandpa has to click on some links to download some software and fix his machine before he can read his paper today. It's worth it to clean up the net.

You just don't get it

[pslam]

Let's look at the following:

1. By definition, an internet service provider IS a man in the middle. To everyone whining about using this method - welcome to the real world. A man in the middle approach is the easiest one for the man in the middle to take.

No. By definition, an internet service provider is a bridge and router. It is not supposed to mess with your traffic. It is not supposed to be looking at these layers. Comcast has shown many times they don't care about that, though. They messed with all H

Re:

[lordDallan]

I'd guess Comcast isn't sending an email at least in part because a healthy percentage of their customers don't use Comcast's crappy email service.

I still think this is a gross and intrusive tactic, but so is how they hijack DNS redirects to show you a custom "search" page with ads on it. At least they give you an option [comcast.net] of turning that "service" off.

Re:

[veganboyjosh]

Mod parent informative!

Thanks for the link. Will be updating our account today!

Re:

[Skapare]

If your IP is not on the list of infected customers, they won't affect you. But, if it is, they redirect your port 80 traffic to their proxy server that injects the HTML. Specifics, like how it does the overlay, I don't know. Maybe it wraps a frame or div. You'll have to fake being infected to see. Use HTTPS, or an SSH tunnel to a proxy of your own, to avoid it while being infected. If you can't be infected, then your own risk is if your ordinary traffic trips their infection detector.

Re:Wait, what?

[StikyPad]

They do send an e-mail, at first. If the traffic continues unabated, they redirect port 80 traffic (only) through a proxy which adds the notice to the server response (the web page you request). It doesn't break or tamper with anything else.

Personally, I don't see a problem with this, since, if you're allowing botnet traffic, you're already abusing the TOS (with or without your knowledge -- and after the notice, certainly ignorance isn't an excuse), and as such you're not really entitled to "unbroken" service, or any service at all for that matter. I think providing this notice is a good compromise.

Rather than making a separate post, I also want to address one of the points in TFS: "Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

This is rather missing the point -- realistically, if any machine inside your network has been compromised, you should assume that the entire network has been compromised, and you should be inspecting/sanitizing/protecting all of the machines accordingly. You should likewise assume that all of your online accounts have been compromised, change your passwords from a trusted location, and check for any unauthorized activity.

Re:

[StikyPad]

I didn't say they don't deserve service, I said they don't have a right to it. What people deserve is only rarely related to what they get. Moreover, their presence on the network is necessarily degrading the experience for everyone else who's being responsible with their activity. Do responsible users *deserve* to be inundated with attacks from the machines of people who, for whatever reason, aren't "advanced user interested in computers and all things technical?" What if we were discussing dogs instea

Re:

[Smauler]

Saying that those who don't fall into that category and get infected don't deserve any service because they've fallen afoul of their TOS is pig ignorant.

Time for a car analogy... is that a bit like saying that those who don't know how to drive well and are a danger to others don't deserve a license is pig ignorant? The problem here is not what these computers are doing to themselves, it's what they are doing to innocent victims on the net who know how to run their computers. Besides, even if something i

Re:

[ceep]

So: they don't have an e-mail address for you, or a phone number, and you throw out all postal mail you get from them. How do you suggest they contact you if there's a problem? I wouldn't be in favor of overuse of this method, but if you've got a 'bot running on your system, you're part of a problem and maybe something a little heavy-handed is warranted.

Re:

[Mr. Freeman]

"So: they don't have an e-mail address for you, or a phone number, and you throw out all postal mail you get from them. How do you suggest they contact you if there's a problem?"

Anyone that throws out mail from comcast can just as easily ignore the overlay. Besides, it's not comcast's responsibility to tell you if you have a bot running on your machine. This would be a little like your car putting an overlay on your windshield if your windshield wipers are in need of replacing, it's just ridiculous.

Also,

Re:

[Fulcrum of Evil]

"please to be rebooting the computer" - woo, no thanks.

Re:

[Thinboy00]

There is a reason ISP TOSs are written in blood...

I have three comcast commercial accounts

[way2trivial]

none of them REQUIRED an email to sign up for.

I still have the paperwork scanned in to PDF- just opened the files.

strangely, if you go to the comcast site and create a comcast ID, they require a "non comcast email address" in case they need to get in touch with you...

says lots about their faith in themselves.

It's about damned time the ISPs get involved.

[pecosdave]

If you're infested with a botnet you are doing harm. In short infested computers create attackers and ISPs need to take responsibility for the attackers on their networks. I was more concerned that ISPs have NOT done this until now.

Re:

[nurb432]

They should get involved by turning off your service and have you call them to turn it back on, routing you only to a in-house site for cleaning the PC.

Re:

[pecosdave]

Exactly!

I'm not 100% on-board with the method used in this article, but anything is better than just leaving the crap infested and causing trouble.

Antivirus2010

[Anonymous Coward]

ComcastAntiVirus have detected a infection or your computer. To run free virus removal click here!
www.c0mcast.net/antivirus.exe

Re:

[Dthief]

the link didnt work :(

maybe I should try .com instead of .net

"Might have a difficult time" - perhaps not

[SuperKendall]

Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection

Not if you only have one Windows system.

Only about ten years late.

[Medievalist]

Ten years ago they said I was mad for proposing this.

Thanks, comcast, you arrogant incompetents, for taking a decade to listen to your customers.

But I already moved to FIOS, along with my ENTIRE NEIGHBORHOOD, so tough luck.

Well it's about friggin' time!

[ThreeGigs]

Now if every other ISP would do something similar. Maybe block access until a user reads a notice or something.

That said, Comcast's way of doing this might look to me like the website I was looking at was trying to sell me malware... like one of those "YOU'RE INFECTED! SCAN NOW?" popups.

Re:

[DeadCatX2]

I say exponentially decay their bandwidth as if it was an RC circuit with a time constant of about three days. In about a week I'm sure they'll be calling to complain about the Internet speed...and then you'll have their undivided attention.

Re:

[green1]

when people's connections are slow, they switch providers (because providers all advertise based on how fast their network is (of course without ever giving out numbers))
what makes people call and complain is if you cut off their service.

This is what ISPs used to do, it's too bad they don't anymore.

I use a router...

[erroneus]

But I didn't have a hard time determining which machine it was. My son was visiting and he was running Windows. Everything else is Linux and one Mac. Not hard to figure it out.

Re:

[Nethead]

Change/add your wireless key.

Re:

[jimicus]

Did you scan them with an AV scanner that was already on there? Most malware these days makes at least a cursory effort to avoid AV scanners, and if it didn't block it in the first place, what makes you think it'll detect malware that's already resident?

Comcast offers free bot infection for up to 7 PCs!

[Leomania]

From Krebs' article:

Comcast also is offering free subscriptions to Norton Security Suite for up to 7 computers per customer — including Mac versions of the Symantec suite.

At least most bots have the decency to let you use your own computer. Norton (and in my experience, McAfee) security suites are much less inclined to leave enough free resources for that to be possible.

Legality

[Wowsers]

What is the legality of the ISP intercepting a web page a user requested, then injecting their own code into it, then serving it you the end user?

Re:

[jack2000]

It should be illegal, if it's not, then get on your feet and make it so.

Re:

[spazdor]

Well, websites are copyrighted documents, and websites with extra ISP-injected code are unauthorized derivative works of those documents. Aaaaaaaaaaaand GO.

I'd normally be against this...

[straponego]

...but if their diagnostics are accurate, it will only affect Windows users. And those people are fine with these things (botnets, spyware, constant intrusive advertising, confusing choices between virus checkers, weird popups, etc). No important work will be interrupted, just games, facebook and porn. The rest of us may or may not see slightly faster access, so... what's the bfd?

I kid, I kid. Settle down.

That's great! But..

[peacefinder]

Excellent move!

Unfortunately malware authors will be updating their Fake AV attacks to emulate that banner in a matter of weeks, so it's only a temporary improvement.

ten bucks on ....

[trum4n]

... bittorrent also setting off this message.

Good idea, but a bad implementation

[izomiac]

I think it's great that Comcast is trying to address the bot problem. But they picked a rather poor method IMHO. Surely it's obvious that you can't rely on the infected computer to relay the message... All the bot has to do is run a filtering proxy server and these HTTP insertions are long gone. The best solution would be to use another communication device, i.e. a telephone or letter. Besides, you may have a little old lady that only uses (non-ISP) e-mail twice a month, which might not get the message.

My own ISP does something similar, but a little better (again, IMHO). A few weeks ago I opened my wireless network because one of my devices was choking on WPA2. Sure enough, someone must have hopped on it and sent a fair bit of spam. So my ISP killed my connection and changed the DNS server so everything resolved to their "Call tech support now" page (although it took a while to for me to figure that out since I wasn't using their DNS server, but I digress). A quick call had me talking with a representative with an explanation, and I was reconnected. (Obviously I re-enabled WPA2 and blocked/logged port 25 at the router in case I really did get rooted.)

Do we really want botnets to go away?

[mykos]

I'm kind of torn on botnets. The only sites that get taken down by botnets that I have read about lately are sites of organizations I wish didn't exist anyway.

When ACTA inevitably becomes the law of the land, DDoS will be one of the few weapons we plebes will have left against corporatism.

The Case For Internet Licenses

[DynaSoar]

"Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

If you call turning off your machines and running them one at a time to check each machine's response "difficult", then you can damn well pay the neighbor kid to come over and do it for you, just like you paid him to come over and get your Internet Explorer brand computers surfing on the infotube highway in the first place. While he's there, have him take out that "MOE - DEM" thingy. Those blinking lights are just slowing things down.

Re:

[alvinrod]

I think that most of the people who are qualified to setup and maintain their own router are also qualified enough to determine exactly which of their machines are infected. Of course there will always be a few people who knew just enough about setting up a router to be dangerous, but if the network is completely open and someone using their network is spewing out spam or other garbage, it might tip off the network owner that they should secure their network.

IPv4 isn't a serious problem, and that part of

Re:

[vux984]

I think that most of the people who are qualified to setup and maintain their own router are also qualified enough to determine exactly which of their machines are infected

1) You go to best buy and plug $59 for a 4 port router box.
2) You take it home and plug it into the wall.
3) You plug the WAN port on the router to the cable or dsl box. - this is the hardest part to get right
4) You plug your computers into the other ports and start accessing the internet

People qualified to do the above are not qualified t

Re:

[spazdor]

No, but neither are those people qualified to disinfect a single computer connected directly to the Internet. In either case, the solution is the same: unplug the cable modem and call a nerd for help.

Re:

[Thinboy00]

...at which point the nerd will tell you to fuck off [xkcd.com].

(I'm quite aware that said comic has nothing to do with virus removal, but the phone call would be so similar that the nerd won't listen...)

Re:

[schnikies79]

I don't want to firewall every damn device on my LAN when I can throw up a single firewall at the choke point.

No thanks.

Re:

[pipedwho]

With IPv6 (or with IPv4 for that matter) you can still throw up a single firewall. To duplicate the protection you get from using NAT, just make it reject all incoming connection requests.

Re:

[gman003]

Coincidentally, I've noticed Comcast seems to be deploying IPv6 to home users. I was just helping a friend move into a new apartment, and I had the toughest time setting up the wireless router. Turned out that the router didn't support IPv6, so it wasn't able to connect to the cable modem. Right now, I've had her just wire up her laptop, but I'm going to see if different firmware makes the router usable.

Re:

[gd2shoe]

Very true. It's specifically true for Comcast, and has been for years.

Re:

[gman003]

I'll try that next time I'm over. Thanks.

Re:

[socsoc]

Let's say I have an office with 100 machines and 5 public IP addresses. I have a few addresses with specific port forwarding set up for services to some servers and and the rest of the workstations share an external address. Hell, web traffic out of the aforementioned servers may go out the same external address as the workstations. They all share a common firewall that NATs the internal network. Why is this scenario bad?

Re:

[socsoc]

the bot intelligence is coming from Damballa, an Atlanta-based security company that monitors botnet activity and identifies botnet control networks. If Damballa spots a Comcast Internet address that is phoning home to one of these botnet command centers, Comcast’s system flags that customer’s address for a service notice.

It's akin to the ISPs being told that someone is pirating music/movies on p2p. They aren't detecting it themselves, good for privacy I guess, bad for reliability.