1 Message
Diagnosing suspicious logs
I've been struggling for the last few weeks with an interesting set of internet symptoms. The initial symptoms were:
- Certain websites wouldn't load on specific devices
- Default login to modem wouldn't let me reset my password
- Looking at connected devices in the mobile app showed 10+ unknown devices on MoCA (weird because I don't have a cable-connected tv or use MoCA).
Upon factory reset of the modem, everything worked correctly for a bit. I changed the wifi password, changed the admin password to the modem, and carried on my way. A few days later, the same symptoms reappeared. This was weird, because it meant that (a) my modem's login had changed and no longer worked, (b) MoCA had been reenabled, and (c) all the devices had been brought back online. Once again, I couldn't visit a wide host of websites from specific devices, which is also weird.
I played the reset game again and began checking more frequently with the app to see when MoCA would come back on. Eventually it did - but this time I was fast enough to grab the logs from my router before the login changed (I quickly turned off MoCA again and changed the password a third time. Unclear how long that will last).
There are some suspicious entries that I don't understand. One is a set of around 60 of these, all at the same time last night:
GD[11839]: config.utapi traffic stats: bytes sent 340035702, rcvd 2147483647, pkts sent 1601119, rcvd 4546308
That burst is then followed up by a few entries like this, spaced around an hour apart:
IGD[11839]: config.utapi s_add_portmapdyn: add entry (index 1): add/overwrite entry param portmap_dyn_1 value:enabled,none,9308,10.0.0.108,9308,udp,68400,1730354608,10.0.0.108:9308 to 9308 (UDP)
Any help or insight could be appreciated. Ideally, this is just a neighbor running something to grab free internet and I can install a PoE Filter and be fine. Worst case, I'm being targeted or xfinity keeps resetting my stuff.
EG
Expert
•
107.1K Messages
22 days ago
Yes. We've seen this here many many times before. Comcast's MoCA implementation lacks a security feature.... Here's my standard spiel;
Perhaps your neighbors are inadvertently connecting to your network / gateway device via the MoCA feature that's built into it. MoCA (Multimedia Over Coax Alliance) is an alternate hardwired way to connect devices to a home network if ethernet cabling can not be used/run. It uses the existing coax cable wiring instead of ethernet cabling.
If the MoCA feature is enabled, and you do not have a PoE (Point of Entry) MoCA filter installed on the coax line, yours, and your neighbor's gateway devices will be able to connect with each other like one big network.
Disable it if you aren't using it. If you are, install a PoE MoCA filter on the input port of the first splitter off of the street drop to keep the MoCA signal in your premises and to keep the neighbor's signals out. Your neighbors should also have PoE filters installed.
To disable MoCA on your device. First, unplug the coax cable line from the jack on the gateway device. Then go to the gateway login http://10.0.0.1
Default login info is:
Username: admin (all lowercase)
Password: password
Once in you will find the drop-down on the left of the screen that is labeled “Connections”.
Click the drop down---> click MoCA---> right side of screen click “disable”---> save changes.
Bear in mind that we've seen many posts here that the MoCA feature gets turned back on with their overnight re-boots / updates for the device. The best policy is to be sure to use that PoE filter ! Amazon has them: https://www.amazon.com/SNLP-1GCW-Filter-Eliminate-Multi-Room-Interference/dp/B07SLD9QPH
Or you may be able to get one for free at your local Comcast / Xfinity store. Or book a tech to come out and install one for you.
If the MoCA feature is not being used on your home network, you can put the PoE filter right at the back of your gateway device instead. Good luck !
0
0