Comcast also molests SIP. From: NANOG <nanog-bounces+jbazyar=verobroadband.com@nanog.org> on behalf of "Aaron C. de Bruyn via NANOG" <nanog@nanog.org> Reply-To: "Aaron C. de Bruyn" <aaron@heyaaron.com> Date: Tuesday, August 23, 2022 at 7:47 AM To: Michael Brown <michael@supermathie.net> Cc: North American Network Operators' Group <nanog@nanog.org> Subject: Re: Looking for contact within Comcast Xfinity I ran into this a few days ago. Both the random agent I talked to and our sales rep said they can't disable the security edge service without increasing the cost of service for all of our accounts. Apparently it costs more to not molest DNS traffic leaving your network. They can temporarily disable it, but they said it will turn back on when the modem is rebooted. It seems to only affect TCP and UDP port 53. I fixed it by setting all of our routers to use DoH and DoT exclusively. They can't intercept and molest that traffic. -A On Tue, Aug 23, 2022, 05:39 Michael Brown <michael@supermathie.net<mailto:michael@supermathie.net>> wrote: If anyone from Comcast Xfinity is on this list, can you please reach out to me? We're getting increased reports of xFi Advanced Security customers being unable to access hosted sites and attempting to open tickets has had no success. Thanks, Michael Brown