Comcast Follies January and December 2016


Updated my modem to a Motorola SB6141 (Arris SB6141) a couple of years ago.  It has been now some 3-4 Motorola modems over the last 15 years or so.
Found this article from January 2016
Brad Jones
Digital TrendsJanuary 13, 2016

It’s rare that you hear a positive story about the business practices of American mass media corporation Comcast, and the latest news item doing the rounds doesn’t break from that tradition. Customers are reporting that the company is injecting its own ads into their Web browsers.

On the surface, this might seem like just another addition to the list of frustrations Comcast users are expected to endure on a daily basis. However, the product being advertised and the strategy underpinning this campaign are noxious enough to set this apart from the now-standard tales of the company’s disregard for its customers.

Like many ISPs, Comcast makes a mint by charging broadband subscribers a rental fee for its standard router. However, canny users can dodge these extra charges by purchasing their own equipment, which typically will cost far less and provide a better online experience.

Comcast has taken note of this practice and is now doing its utmost to fight back. Users surfing the Web on a Comcast connection while using their own router will now be faced with advertisements encouraging them to use an approved modem, according to a report from BGR.

There is no way to opt out of this marketing, and the pop-up ads will be displayed until the user’s router is replaced with a stock Comcast modem. Even better, advertisements are apparently being pushed on tablets and smartphones connected to the network, not just computers — there can be no escape from your ISP overlords.

Last November, Comcast was criticized for implementing data caps applicable to all streaming TV services apart from its own brand. The company’s continued campaign of ill-will toward its customers helped make it the most hated broadband provider in America, according to FCC complaints compiled late last year.
Just use another DNS server instead of Comcast's and you won't get the ads.
Google's are and
Yup most folks leave their boxes / routers to modem connections at default which uses CC stuff (well or any ISP DNS stuff)
Just noticed yesterday on an Android tablet that the second default DNS there in the drop down was with the primary being the gateway.
Yesterday surfing with a tethered T-Mobile LTE Android tablet as the gateways/DNS appear to float across the US.  GMail blocked my access cuz they said I was coming in from Miami.  Another odd thing noticed is that the Ubuntu 16.04 laptop on CC which doesn't work now with many sites using flash works perfectly with old adobe flash using LTE internet transport.
Better than adjusting each at home client's DNS is to utilize DNS proxy software on the firewall which the default has changed from the old DNS resolver to another DNS Resolver called Unbound.
Unbound is a validating, recursive and caching DNS resolver. It provides various modules so that DNSSEC (secure DNS) validation and stub-resolvers are possible.
It is getting difficult to surf as many sites initially were asking you to unblock your adware software and now are blocking access to just reading unless you disable your adware software.
Think I have posted the following before...that said most average consumers that utilize any of the big XX Internet broadband providers assume much.
A lot of it is relating to that of the assumed good nature of their local ISP....
The average non IT oriented consumer is totally defenseless. 
IE: today AT&T and Verizon are laughing at the net neutrality rules...basically just circumventing them while concurrently saying or writing "yeah sure we are in compliance" which in fact they are not...and for years now have done whatever will put money in their coffers no matter what rules are think the things done by the FCC were good; only thing was it was only done on paper but the stick was never was a big enough to slap over the ISP's heads relating to compliance. 
DNS hijacking
DNS hijacking or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

These modifications may be made for malicious purposes such as phishing, or for self-serving purposes by Internet service providers (ISPs) and public/router-based online DNS server providers to direct users' web traffic to the ISP's own web servers where advertisements can be served, statistics collected, or other purposes of the ISP; and by DNS service providers to block access to selected domains as a form of censorship.

Rogue DNS server

A rogue DNS server translates domain names of desirable websites (search engines, banks, brokers, etc.) into IP addresses of sites with unintended content, even malicious websites. Most users depend on DNS servers automatically assigned by their ISPs. Zombie computers use DNS-changing trojans to invisibly switch the automatic DNS server assignment by the ISP to manual DNS server assignment from rogue DNS servers.[citation needed] A router's assigned DNS servers can also be altered through the remote exploitation of a vulnerability within the router's firmware. When users try to visit websites, they are instead sent to a bogus website. This attack is termed pharming. If the site they are redirected to is a malicious website, masquerading as a legitimate website, in order to fraudulently obtain sensitive information, it is termed phishing.

Manipulation by ISPs

A number of consumer ISPs such as Cablevision's Optimum Online, Comcast, CenturyLink, Time Warner, Cox Communications, RCN, Rogers, Charter Communications, Plusnet, Verizon, Sprint, T-Mobile US, Virgin Media, Frontier Communications, Bell Sympatico, UPC,T-Online, Optus, Mediacom, ONO, TalkTalk, Bigpond (Telstra), and TTNET use DNS hijacking for their own purposes, such as displaying advertisements or collecting statistics. This practice violates the RFC standard for DNS (NXDOMAIN) responses, and can potentially open users to cross-site scripting attacks.

The concern with DNS hijacking involves this hijacking of the NXDOMAIN response. Internet and intranet applications rely on the NXDOMAIN response to describe the condition where the DNS has no entry for the specified host. If one were to query the invalid domain name (for example www.example.invalid), one should get an NXDOMAIN response - informing the application that the name is invalid and taking the appropriate action (for example, displaying an error or not attempting to connect to the server). However, if the domain name is queried on one of these non-compliant ISPs, one would always receive a fake IP address belonging to the ISP. In a web browser, this behavior can be annoying or offensive as connections to this IP address display the ISP redirect page of the provider, sometimes with advertising, instead of a proper error message. However, other applications that rely on the NXDOMAIN error will instead attempt to initiate connections to this spoofed IP address, potentially exposing sensitive information.
Thank you Mike.  I used to use this application and it worked well at the time for my home wintel desktops / laptops.
I've been trying different dns servers with my Frontier Communications gateway and I learned today that many of the functions of my dvr stop working when I change the dns server from the addresses dynamically supplied by frontier. The tv still received channels and the tv guide still worked but on-demand and search stopped working. I get an error that says "not authorized".
Way back here configured my Verizon (today it is a Frontier box) combo box to bridge one ethernet port to the wan piece and left the coax connected IP verizon stb's on the original network.  This put the television stuff on the original FIOS IP network and the computer stuff on another internal IP network.  You can also just put one ethernet port in a DMZ (totally open) and connect a firewall to it (like maybe a ddwrt'd device).
I'm a little disappointed that I am stuck with Frontier's dns servers but not enough to install a second router. I like to keep it simple and will just leave well enough alone. The system is fast enough to serve my purposes.
With a more powerful router, you'd be able to put the DVR in it's own VLAN with the ISP's DNS while giving all other devices a DNS of your choosing.
Or... can you specify the IP settings in the DVR?
video321 said:
With a more powerful router, you'd be able to put the DVR in it's own VLAN with the ISP's DNS while giving all other devices a DNS of your choosing.
Or... can you specify the IP settings in the DVR?
To what end? Everything is working well the way it is. I thought that changing the dns server might speed things up a bit but it isn't necessary.
Not just to speed things up, but rather get away from your ISPs servers -- which is the basis of the thread.
Not so much related to speeding things up but rather using public DNS servers for just all of the computers / tablets / wireless things on your home network rather than the ISP provided DNS servers and keeping the Frontier devices using Frontier DNS servers.  
You can also just change the DNS entries on all of your internal networked devices (wired or wireless) and leave the STBs as they are.   
It is just a PITA to do this.  
All my Frontier / Verizon STB's (and DVR) have their own DHCP IP configurations on the FIOS Frontier combo box using MOCA or CatXX.  
What would be a decent router/wireless access point that has 802.11ac at a fair price and can run dd-wrt? That is assuming that dd-wrt is the way to go.