Comcast??????

How is it possible that Comcast can bypast my Dynex Router with no Ports open and still hit my webserver port 80? I do have it open in the firewall! >:( I don’t want them being able to hit anything. Do they know something about my Dynex having a backdoor or something that I’m not aware of!

They probably do - they have one of the most advanced implementations of IPv6 in the world. Why don’t you ask them?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What makes you think they can, exactly? Why is it Comcast vs. somebody
else?

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPTivwAAoJEF+XTK08PnB5XEwQAJfsupmlVJAuVtIKv/qelDnC
jX1t7eKNv41IbwKElXk5yCMO+SHWLknPm/PrJhdPeJsD14TolabLBiBed1GQKuds
RFi1F419acyHOQjQmZXTbVA5CrD+PPVmDgX0gNzV++YTgYUs8Uklnf4mY90iiIzC
De61fMi8ydbtcfgbxB08ryXVdKhy2sGdHPKWrDOyk9kROTWRswefmRC04Esuuars
MlN97P1AqCPQ5jYM26OwNzfJovYQhFtMKElzXjWILE1ER+zFOrlx21Eo04nqHbty
7SwZcSw/aoBlMzN10UWK6ZwZtkO7zH+IhDv/L8F/eSQuTbOkrmzLDlZV4nm3N+gS
PRAysx0HZ8Exeme0DHMx1P1D/oDX4jjG90EaAW0/wqk0YlhamcIWSZb/oNzDCHUg
Kyg1pdKR8Ufj1i+/W27/pHXw4bPAEfeqPAAr8oGynYj+fq0ifZhwxRDA5KVQXVKL
es3jhsjiaffG3ReV3UncAQ+8VOE8sYXBpPJvnEPYyKDlJWcyjLYwkPKgk/T5ILL9
5HWV+roaUxkyvjJ4yC5Cgqo/38EiP9VGp+e6WB/9sXiKWBFsV1jjRw9K1ICQ1i0U
SLmKJOuft7PbOzk1Cf2M25gtxlgdUM0qcO5CcJo7rP52J1KXJA5TkkEjngtn3cjW
rXlxrya6BHsszLMTJKtO
=VTLk
-----END PGP SIGNATURE-----

All cable companies routinely do intensive port and service scans of suspicious clients on the network.

You’ve probably already attracted attention to yourself by deploying an HTTP service (which is likely in violation of your service contract unless you have a Business plan), so yes… You can expect Comcast and whoever else may be curious to probe your machine.

If you want to open a port but not permit probes to hit your server directly, you’ll have to deploy a proxy firewall which is very different than a “simple” forwarding firewall like IPtables.

TS

All cable companies routinely do intensive port and service scans of suspicious clients on the network.

You’ve probably already attracted attention to yourself by deploying an HTTP service (which is likely in violation of your service contract unless you have a Business plan), so yes… You can expect Comcast and whoever else may be curious to probe your machine.

If you want to open a port but not permit probes to hit your server directly, you’ll have to deploy a proxy firewall which is very different than a “simple” forwarding firewall like IPtables.

TS

Ok I gotcha, I jump the gun on this one any way. It was port 80 and 53, Comcast is cool with me! But, I’ve other IP’s from Comcast hitting my ports which I can assume there customers.