[EXTERNAL] Re: Xfi Advances Security (comcast)

Mon Sep 13 21:57:07 UTC 2021

On 9/13/21, 12:02, "Owen DeLong" <owen at delong.com> wrote:
> Yes, but it’s tragically opt-out instead of opt-in as it should be.

It is not a default for an Internet access service. It comes bundled as one of several features in an optional add on service. See https://www.xfinity.com/learn/internet-service/modems-and-routers for details. This is targeted at the average consumer, particularly those that may want parental controls, mesh WiFi, a voice port, and so on - so not really targeted at NANOG list subs like us. ;-) That said, I have an XB7 modem at home and really like it a lot - especially the new AQM feature that dramatically lowered working latency.

> That means that anyone whose site happens to get miscategorized by them gets the added costs of dealing with the user complaints instead of Comcast having to bear the costs of their error.

As my other reply noted, this service uses a bunch of 3rd party services and it is those 3rd parties that maintain the lists (a la anti-spam and anti-phishing email list vendors). So if an IP/FQDN/URL happens to be on "our" list it is very likely getting filtered/blocked in a lot of network places because it is on a well-known independent list.

BUT, how do we know that was even the case here? Do we have a traceroute or a screen shot of an error or block message? We seem to have concluded it was blocked by a content filter but what technical evidence do we have (that can help troubleshoot)? I know you are not the OP (it is Chris) - but I'd love to know more technical detail and I am in communication off-list with the OP (along with my colleague Tony Tauber, who was the first to reach out to Chris 1:1).

Jason