 mboyPremium
join:2001-04-13
Little Falls, NJ | Copyright infrignement notices, but It aint me So for the past several days i have been getting the copright emails from comcast.
problem is that I have no idea who or what the files being downloaded are. I have not been downloading them FOR SURE!
File search by name does not come up on my PC.
My wireless is locked down TIGHT and my only desktop PC is virus and trojan free (spybot, malwarebytes, miscrosoft AV). I have no foreign connections in either my sonicwall or netgear wifi router connected to the sonicwall. WIfi is using wpa2-aes with a STRONG passphrase.
Could Comcast be sending them incorrectly? I notice their is no IP address listed in the letters, so cant see if it matches my current (which has been the same for several months). |
|
 tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3
 ·Comcast
| said by mboy: WIfi is using wpa2-aes with a STRONG passphrase.
Change the pass phrase to something very different.
Do you or have you EVER used WPS (Wi-Fi Protected Setup or (older) wi-fi simple config) or QSS (same idea, euro-style) one button setup?
Have you EVER allow a friend or guest on your network?
How many letters have you recieved?
Are you SURE they are from ComCast? (I think cc usually sends a physical letter) |
|
mboyPremium
join:2001-04-13
Little Falls, NJ | They have been by email only and shows I def do not watch.
NO, I have never used wifi protected setup.
Yes I have allowed my gf on my network, but she def isnt downloading anytihng and no one over on the days they are claiming (past week or 2).
I just received 3 more in a row. Very strange. |
|
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 | said by mboy:They have been by email only and shows I def do not watch.
Post the headers from one; remove your email address before you do. And your IP Address, if you don't want it known.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
mboyPremium
join:2001-04-13
Little Falls, NJ | Received: by 10.14.178.133 with SMTP id f5csp225777eem;
Fri, 1 Jun 2012 12:42:57 -0700 (PDT)
Received: by 10.68.225.9 with SMTP id rg9mr12684812pbc.137.1338579776513;
Fri, 01 Jun 2012 12:42:56 -0700 (PDT)
Return-Path:
Received: from qmta10.emeryville.ca.mail.comcast.net (qmta10.emeryville.ca.mail.comcast.net. [76.96.30.17])
by mx.google.com with ESMTP id rg2si5749290pbc.351.2012.06.01.12.42.55;
Fri, 01 Jun 2012 12:42:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of csa-noreply@comcast.net designates 76.96.30.17 as permitted sender) client-ip=76.96.30.17;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of csa-noreply@comcast.net designates 76.96.30.17 as permitted sender) smtp.mail=csa-noreply@comcast.net
Received: from imta08.emeryville.ca.mail.comcast.net ([76.96.30.77])
by qmta10.emeryville.ca.mail.comcast.net with comcast
id H7hK1j0021fpyzQAA7ivtL; Fri, 01 Jun 2012 19:42:55 +0000
Received: from qmta03-mdp2.potomac.co.ndcwest.comcast.net ([69.252.76.9])
by imta08.emeryville.ca.mail.comcast.net with comcast
id H7iv1j0100C2QX1087ivsN; Fri, 01 Jun 2012 19:42:55 +0000
Received: from omta02-mdp2.potomac.co.ndcwest.comcast.net ([69.252.76.6])
by qmta03-mdp2.potomac.co.ndcwest.comcast.net with comcast
id H0BJ1j001089PWD8P7kBUg; Fri, 01 Jun 2012 19:44:11 +0000
Received: from garee.cable.comcast.com ([172.24.5.93])
by omta02-mdp2.potomac.co.ndcwest.comcast.net with bizsmtp
id H7iv1j00520R4BQ017ivti; Fri, 01 Jun 2012 19:42:55 +0000
Received: from abuse-garee (abuse-garee [127.0.0.1])
by garee.cable.comcast.com (Postfix) with ESMTP id CD38592F46
for ; Fri, 1 Jun 2012 15:42:54 -0400 (EDT)
Message-ID:
From: "Comcast Customer Security Assurance"
To: "Comcast Internet Subscriber"
Subject: Notice of Claim of Copyright Infringement.
Date: Fri, 1 Jun 2012 19:42:54 +0000 (GMT)
X-Mailer: sendEmail-1.52.mod2
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----MIME delimiter for sendEmail-729606.696245359"
This is a multi-part message in MIME format. To properly display this message you need a MIME-Version 1.0 compliant Email program.
------MIME delimiter for sendEmail-729606.696245359
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit |
|
mboyPremium
join:2001-04-13
Little Falls, NJ | Looks legit to me
Odd how they do not mention my IP address in the letter tho. |
|
| reply to mboy
A few things what protection are you using WEP WPA or WPA2?
Also have you called Comcast to see they sent the message? |
|
mboyPremium
join:2001-04-13
Little Falls, NJ | WPA2aes with passphrase that consists of characters, numbers, letters, etc and extremely difficult to even type. |
|
tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 | reply to mboy
I think I would check with CC security, BEFORE I decided what to do. (link is on the CC.net site and ANY csr should be able to direct you there. |
|
|
|
 pclover
join:2008-08-02
Santa Cruz, CA | reply to mboy
Usually they include the offending Modem MAC Address. You should verify if they match. I herd of this happen to someone before and the MAC address didn't math the modem form what was said in the email. |
|
| reply to mboy
said by mboy:Yes I have allowed my gf on my network, but she def isnt downloading anytihng and no one over on the days they are claiming (past week or 2).
mboy  , My understanding is that they'll also tap you if you are seeding/uploading and an "investigator" successfully torrents from your IP. Dates/times of infringement will be from when that happened.
You should thoroughly check your GF's devices aren't unknowingly uploading too. I've even seen compromised machines unknowingly doing this too.
Btw - Your headers look legit.
-Jim |
|
1 edit | reply to mboy
You don't have to be USING wifi protected setup to be venerable. What make and model router are you using?
Even worse, some routers are still venerable after it is completely turned off. ( assuming your didn't manually update the firmware ) |
|
mboyPremium
join:2001-04-13
Little Falls, NJ | I think that may have been it. Netgear wndr 4500 and it was enabled. I disabled it and so far no more emails from COmcast. |
|
| Did you change your WPA / WPA2 key after disabling WPS? |
|
| reply to mboy
Turn it back on and track the intruder if your sure. Get the MAC address. |
|
| Usually the first step in WIFI hacking is changing your MAC address so I am doubtful this would help.
Just disable WPS and pick a strong random key for WPA and you don't have to worry about it anymore. |
|
tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 Reviews:
·Comcast
| PLEASE use WPA2 AES or better for your primary any devices that support it, use a second, HIGHLY restricted AP and subnet for anything that doesn't.
basic MAC filtering or WEP is enough to remind those that don't intend to use your connection/probe your WLAN, stronger stuff is needed to keep out those that do. |
|
