1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Comcast Is Turning Customer Routers Into Public WiFi Spots

Discussion in 'Networking & Security' started by newtekie1, Jun 10, 2013.

  1. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,724 (6.22/day)
    Thanks Received:
    5,868
    “Are you a Comcast or Xfinity customer? If so, there’s an exciting new initiative Comcast is trying to make you be a part of without asking. Namely one where, if you’ve got the latest version of Comcast’s WiFi “gateway,” you’ll not only be broadcasting your own private signal, but a public one! That any Comcast subscriber can use! Without your knowledge!”
    http://www.uproxx.com/technology/2013/06/comcast-makes-customer-routers-public-wifi-points

    Now I will say that the article makes an extremely big deal out of this, and I don't believe it is nearly as big of a deal as they make it out to be. And they make such a big deal because of the author's obvious lack of knowledge on the subject.

    First, it is entirely possible to do this without affecting your bandwidth. Comcast has an insane amount of bandwidth, they offer a 200Mbps connection. So if you have a 50Mbps connection, that is 150Mbps that is going unused, that can be used by the public wi-fi without affecting your connection speed at all. Also, Comcast has a very good grasp of what the connection to your home is capable of.

    Second, they are wrong in assuming that if enough people connect to the public wi-fi it will eventually have to slow down your connection. QoS would prevent this, it would always give the private network priority. Also, if the connection is partitioned properly the public traffic will never use private bandwidth. If the line coming into your home is capable of 75Mbps and the router is set up to use a 15MBps connection for the public wi-fi, then it will get 15Mbps and only 15Mbps, while you happily get a constant 50Mbps and there is 10Mbps to spare. Yes, the public will have to share the 15Mbps, but for a public connection that is fine, even with a lot of users.

    Third, the claim that someone will figure out how to hop from the public to the private. Well, there have been routers with guest wi-fi on the market for years now and I don't know of a single instance of someone figuring out how to get onto the private network using a guest connection. Also, if the gateway itself actually is two different routers in one box then this would be physically impossible to do anyway.
    Crunching for Team TPU 50 Million points folded for TPU
  2. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,474 (10.33/day)
    Thanks Received:
    6,012
    Location:
    Chatsworth, GA
    LOL wow! I work for a telecommunications provider and my coworkers are baffled that they would do that.
    Crunching for Team TPU
  3. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,724 (6.22/day)
    Thanks Received:
    5,868
    I'm not, I'm sure it is a reaction to Google's public wi-fi efforts. Sort of a "Hey, look at us! We do that too!"

    To me it makes sense, and it is actually a good thing. Especially since I'm a Comcast customer and get to benefit from free public wi-fi. Though in today's day and age, I'm never really that far away from a Starbucks or McDonalds that offer's free public wifi anyway, but those places usually have horribly slow connection. This Comcast public wi-fi would actually be fast. And considering most homes in the Chicago/NWI area have Comcast connection capable of at least 100Mbps, and most are using the basic 25Mbps plan, that is a shitload of unused bandwidth Comcast has to play with.
    Last edited: Jun 10, 2013
    Crunching for Team TPU 50 Million points folded for TPU
  4. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,474 (10.33/day)
    Thanks Received:
    6,012
    Location:
    Chatsworth, GA
    We offer a form of free wifi but they are separate from the retail customers network and are ran off a wireless controller that is monitored. Would you want anyone on your home router that is not a member of your house hold without your permission?
    Crunching for Team TPU
  5. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,392 (4.75/day)
    Thanks Received:
    3,225
    that seems like a terrible thing to do. thankfully i am a FIOS customer and kicked Comcast down the road a long time ago.
  6. dir_d

    dir_d

    Joined:
    Sep 1, 2009
    Messages:
    848 (0.47/day)
    Thanks Received:
    110
    Location:
    Manteca, Ca
    Seems like an excellent idea as long as it basically on another vlan, connection or channel and has no effect on your connection at all. If comcast has the extra bandwidth it doesnt matter.
  7. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,724 (6.22/day)
    Thanks Received:
    5,868
    I already have a guest wlan available already for anyone to use, so yes.
    Crunching for Team TPU 50 Million points folded for TPU
  8. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,350 (6.30/day)
    Thanks Received:
    3,367
    Location:
    IA, USA
    Do you have a password on the guest WLAN?
    Crunching for Team TPU
  9. cadaveca

    cadaveca My name is Dave

    Joined:
    Apr 10, 2006
    Messages:
    13,773 (4.54/day)
    Thanks Received:
    6,857
    Location:
    Edmonton, Alberta
    I have both cable TV and internet on the same FIOS service. What Comcast is doing is technically no different. The routers are capable of running multiple connections on different domains, so traffic from one doesn't interfere with another. My actual connection is now 50 Mb/s, but only 19 Mb/s is allowed for internet service, via specific IP routing assigned to the internal switch. TV service offers up to 6 IP addresses via a separate domain using the remaining bandwidth, via the same switch, but when the devices connect, the custom firmware identifies the device as requiring the alternate domain. Setting that up to be for WiFi instead of TV makes perfect sense, and it is easy to see how they can regulate it to work for Comcast subscribers only. The only thing that sucks is you pay to electrically power the connection. They pump 100 Mb/s to your house, give you 50, leave 50 for public access. With the proliferation of devices already in existing homes, things like mobile WiFi within the Comcast network can work well, and travelling users won't remain on any one person's connection for very long. Setup up properly, there will be continuous highspeed WiFi available anywhere you go in any metropolitan center. It also covers the legal side of things of people using your connection, since the WiFi would be considered it's own private network.
  10. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,392 (4.75/day)
    Thanks Received:
    3,225
    awesome! now it is even easier to steal people's identities! all i have to do is spoof a comcast hotspot and packet log everything. i can then use their creds to steal their ACTUAL comcast wifi service and employ all sorts of malicious attacks without anyone knowing who i am! let the cyberwar begin!
  11. cadaveca

    cadaveca My name is Dave

    Joined:
    Apr 10, 2006
    Messages:
    13,773 (4.54/day)
    Thanks Received:
    6,857
    Location:
    Edmonton, Alberta
    technically possible, but I challenge you to actually do it.

    None's cracked Gabe Newell's STEAM account yet...since it's tied to his physical hardware. This is where the firmware comes in. You need some serious hardware hacking skills PLUS software to do this one, and few have those skills.


    Just sayin. I won't buy into your side of this myself, but at the same time, I'm the one that refuses to use a cellphone since I feel they are personal tracking devices. :p
  12. james888

    james888

    Joined:
    Jun 27, 2011
    Messages:
    4,282 (3.79/day)
    Thanks Received:
    1,425
    I personally don't like how users can't opt out of this. Or can they by using their own router?
    Crunching for Team TPU
  13. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,392 (4.75/day)
    Thanks Received:
    3,225
    i don't need to hack anything. all i have to do is setup a mobile hotspot called 'comcast' or whatever comcast is going to use as their naming convention and trick somebody to log into it. since i won't have any sort of encryption on i will get their login/pass in clear text and then use that to login to their actual comcast account using a proxy service to make me anonymous. i can pull up their billing address from their account, drive over there and login to their private wifi. now i am on their network get a list of valid mac addresses. log out. log back in, wipe the router log files and mount an attack.
  14. cadaveca

    cadaveca My name is Dave

    Joined:
    Apr 10, 2006
    Messages:
    13,773 (4.54/day)
    Thanks Received:
    6,857
    Location:
    Edmonton, Alberta
    That's using social engineering, and is hardly hacking in my books. Anyone can look over someone's shoulder and steal passwords, and I fail to see any skill involved. It's also not exactly THAT simple, but for current connections, most likely so. You can walk by someone(and you don't have to be that close, either) and steal CC data already. Big deal.
  15. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,392 (4.75/day)
    Thanks Received:
    3,225
    social engineering is how people obtain private information these days. i consider it hacking.
  16. cadaveca

    cadaveca My name is Dave

    Joined:
    Apr 10, 2006
    Messages:
    13,773 (4.54/day)
    Thanks Received:
    6,857
    Location:
    Edmonton, Alberta
    Meh. It's too easy to be considered hacking, in my books. I'm not saying the system is perfect, and at the same time, things like you mention aren't things that concern me. Here I sit in my livingroom, testing motherboards and crap all day, broadcasting it all via teamspeak that anyone can log into. Privacy is detrimental to my success.

    But everyone having access to high-speed WiFi, now that's something I can make money with. Bring it on.
  17. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,392 (4.75/day)
    Thanks Received:
    3,225
    yea, it isn't technically challenging but you still have to have an understanding of the underlying systems and the savvy to trick people.
  18. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,724 (6.22/day)
    Thanks Received:
    5,868
    No, I just have it throttled to 1Mbps on ports 80, 443, 53, 110, 25, 465, 587 and it drops to 56Kbps on any data transfer larger than 512KB. All other ports are limited to 1Kbps at all times. Anyone can access it, it works for doing basic tasks like checking email, or connecting a smartphone to so they aren't using their data connection. But not really practical for doing anything else and anyone that thinks they can hop on it to download massive files better be really desperate.

    They can opt out of it even if you use Comcast's routers. But, yes, you can also use your own equipment as well.

    That argument applies to any public wi-fi scenario.
    Last edited: Jun 10, 2013
    Crunching for Team TPU 50 Million points folded for TPU
  19. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,392 (4.75/day)
    Thanks Received:
    3,225
    yea, but now i can even collect comcast userid/passwords !

    for instance, if you sit in a starbucks and create a "starbucks-pub" hotspot you will attract people to login. but you really only get unencrypted info. so if they visit any https page then it is pointless.

    with a comcast guest public wifi i assume people who can login have to have a comcast account. i can capture their userid/password, get their entire account history, and target specific homes in my area. it also means i can use their credentials to login to any comcast public wifi spot across the country and it isn't like they would know. comcast is opening up a can of wormd with this.

    for this very reason i never ever login to a public wifi hotspot. i always use a 4g connection and from there use a VPN for anything identity related.
  20. v12dock

    v12dock

    Joined:
    Dec 18, 2008
    Messages:
    1,541 (0.75/day)
    Thanks Received:
    299
    Sounds like a easy way to double your bandwidth.
  21. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,724 (6.22/day)
    Thanks Received:
    5,868
    Again, that applies to pretty much any public hotspot and service.

    Just setup a public hotspot that points to your own custom DNS server. Redirect all DNS requests for Comcast.net, Yahoo.com, Gmail.com, ATT.net, etc. to your custom web server with sites for each one that looks identical to the real sites. Log what people put into the username and password fields on your custom site. When they click log in redirect them to the real site's login page, they'll think they entered the wrong password and log in again, this time successfully and never be wiser that they just gave their username and password away.
    Crunching for Team TPU 50 Million points folded for TPU
  22. OnePostWonder

    Joined:
    Dec 27, 2008
    Messages:
    579 (0.28/day)
    Thanks Received:
    107
    So would the people using your hotspot have the same external IP as you? If that were the case, talk about a legal nightmare. I know courts have already said an IP does not mean a person, but people are still capable of being convicted of a crime based solely on the fact that their IP requested or sent certain traffic.
  23. AsRock

    AsRock TPU addict

    Joined:
    Jun 23, 2007
    Messages:
    10,759 (4.14/day)
    Thanks Received:
    1,642
    Location:
    US
    By not having a wireless router ? hehe.

    What i am not understanding is how can they use your router to do this as they would need permission to do it. Sure if it was though the modem but router that shit don't even belong to them and maybe i should charge them $7 for rent as they used to for my modem lol.
  24. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,392 (4.75/day)
    Thanks Received:
    3,225
    Yup, but now I get the added benefit of connecting to any Comcast guest wifi hotspot across the country!!!
  25. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,724 (6.22/day)
    Thanks Received:
    5,868
    The public network is totally separated from the private, including having a separate public IP.

    It isn't your router, they are doing this on the routers they provide customers.
    Crunching for Team TPU 50 Million points folded for TPU

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page