Comcast.net login

Without going into too much detail, my organization needs to send out bulk emails for resale certificates to our vendors/customers every six months or so. These bulk emails were delivered using Gammadyne by one of our programmers in the past. Before he left the company, he went over and verified the setting back in October with our other developer. Now the certificates need to go out and suddenly the settings are failing. Here's the output from the error message:
Server: outlook.office365.com Result: FAILED, code 3010: SMTP authentication failed.
Transcript:
220 MN2PR02CA0012.outlook.office365.com Microsoft ESMTP MAIL Service ready at Mon, 5 Feb 2024 19:45:49 +0000 EHLO c-ipaddress.hsd1.me.comcast.net 250-MN2PR02CA0012.outlook.office365.com Hello [x.x.x.x] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8 AUTH XOAUTH2 504 5.7.4 Unrecognized authentication type [MN2PR02CA0012.namprd02.prod.outlook.com 2024-02-05T19:46:35.011Z 08DC25D82EED5450]
I was aware of something going out from Microsoft in the past few months with regards to bulk email and changes so they would go out successfully, but I'm not if this has anything to do with that release. For those interested, here are the settings we're using in the outgoing SMTP settings:
SMTP server: outlook.office365.com (We've also tested smtp.office365.com) SMTP Auth: OAuth-Microsoft Port: 587 Username: username@companydomain.com
When the test begins, we're taken to the Microsoft login portal where he enters his password, then it fails after that

If so, how much information about the account did you provide/remember? I just got denied for the third time. Lss I created my account in 2007, stopped playing around 2010 & picked up playing again in 2020. I played a lot in 2020, maxed a couple skills & was playing on bonds. So about 6 months ago I was getting the itch to start playing again, mind you when I was playing in 2020 it was entirely on mobile and I had my username and password saved directly on my phone and it would automatically sign me in when I opened the app. I attempt to sign in after first updating the app, it directs me to the jagex website to sign in since I use a username login. I honestly remember before signing in directly on the app with my username but maybe not idk.. Needless to say I try logging in and it won’t let me on. Used the exact login I was using a few years ago and nothing, even tried some other passwords, nothing. So I put in a request to access my account, denied. They’re asking information from 15+ years ago. 15 years ago I mailed in cash to them in order to have my membership, so what information than my location at the time could I provide? Security questions are no good & so vague I have no idea what my answers would’ve been when I was 10. Passwords.. I only ever used one that I know of but they want 3 of the earliest you can remember or something like that. So I guess just give them two others that I could possibly used at some point? I’m literally to the point where I will beg them to give me access to my account. I don’t understand how I’m supposed to remember minuscule details about my account from 2007. Oh and the worst part is that I actually know the login information to the email address that I believe this account is connected to, but it’s a comcast.net email and there is absolutely no way to access that email even if I log into it on the xfinity website. I just really want this account back so I can play again..

Comcast/Xfinity raising its prices on opening night for the Kraken and the Blazer's preseason is a low-brow move, sure. But screwing people is also normal for them, and something the Blazers have been fighting (or saying they're fighting) for the better part of 16 years.
To younger Blazer fans, this may seem like a unique problem. It isn't. Nor is the team making a generic statement about looking for solutions. This has happened consistently since 2007, when the Blazers made a deal with Comcast that put all games on Comcast Sports Net - one of the more expensive TV viewing options in the region at the time, with no access for Dish/DirecTV customers.
As time went on, CSN became more accessible to streaming services like YoutubeTV. But the popularity of streaming didn't really take off until 2019 - Blazer fans had already been watching games on the high seas, at bars, or at their ONE friend who actually had Comcast's house for well over a decade. For all of the talk about fixing accessibility of games through Comcast by the Blazers, nothing significant was achieved for the entirety of that first 10 year deal - and in 2017, the Blazers turned around a re-upped with Comcast.
That deal still provided no coverage for Dish and DirecTV customers. A CSN/NBCSN standalone stream was available for streamers, but you had to have a Comcast login to access it. (This is all very similar to Pac-12 Network, although not completely the same - even Pac-12 is accessible to other cable providers, like Charter, as well as DISH). This deal also came with an agreement to nix all KGW broadcasts - the only outlet, besides the occasional national game - that many Blazer fans held on to in order to still (legally) watch their team.
Again, the Blazers launched this deal with promises to expand coverage. Again, that didn't happen.
So, forgive the fans for not holding their collective breath in 2021 when the Blazers touted their deal with ROOT Sports - a network exclusively held on - you guessed it! - Comcast - as a new and improved broadcast strategy. The Blazers can throw distribution numbers in your face and boast about how good this deal will be, but ultimately, we are in an even worse place than we were 3 years ago. ROOT has less streaming options, including a geofenced requirement to be in OR, WA, or AK to watch their streams on mobile. DirecTV and FUBO offer the channel for streamers, which I concede, does at least open up more avenues for folks, although DirecTV is the most expensive streaming service available and FUBO - through both personal experience and Reddit anecdote - is low quality.
Blazer fans are used to getting screwed. Whether it's Bavetta and Javie in Game 7, knees (just, like, in general), the Soviet Union - you name it. If not for those things, we'd likely be entering the fourth decade of the Great Blazers Dynasty. Sheed would have a statue out front. The 200 level would still come with all-you-can-eat anything. It would still be called the Rose Garden.
Back to my point: the Blazers' statement yesterday rings hollow, and the defense from insiders like Marang and Highkin seems patronizing and misguided. Fans are in an entirely helpless position and wrestling with the fact of either watching low-quality streams, buying a VPN and praying, or paying the same price as 300 level half-season tickets to buy a streaming service to watch their favorite team.
The Blazers have fudged this up for 16 years, continue to fudge it up, and, despite what they say, seem uninterested in fixing it. They continue to attach their broadcast deals to Comcast and then hope it gets better. Usually, when we get screwed, we can at least fall back on the organization for some nostalgia and optimism. Hard to do that when it's the organization that keeps screwing you. The schtick is getting old.

Hoping I can get someone to read through two configs with me and confirm them as ready to go.
One of them is strictly running NAT and the other is running BGP (upstream) to OSPF for the NAT Router.
I'm enjoying getting to know Vyos but I'm not sure I've got these setup correctly!
​
Also, I get a /29 from my upstream and I can only get one Edge to create an active session. The other won't....not sure why (via BGP)
​
​
Here are the two configurations, cleaned. Public IPs have been removed and replaced with Public.IP.#.subnet. My ISP provides with with a /24 as you'll see.
I've included one Edge config and one NAT config.
NAT routers are successfully running VRRP. Beyond that, not sure if I've got the NAT config totally correct or not (I think it is). Two configs are identical minus the IPs (OSPF and interfaces).
​
Edge Routers are identical configs minus interface IPs. Thanks for looking!
​

#Edge set interfaces ethernet eth0 address 'dhcp' 

set interfaces ethernet eth0 mtu '9000' set interfaces ethernet eth0 vif 19 description 'Management EdgeRouter' set interfaces ethernet eth0 vif 19 address '10.11.19.2/30' set interfaces ethernet eth0 vif 19 mtu '9000'
set interfaces ethernet eth0 vif 21 address '10.11.21.2/30' set interfaces ethernet eth0 vif 21 address '10.11.21.13/30' set interfaces ethernet eth0 vif 21 address '10.11.21.17/30' set interfaces ethernet eth0 vif 21 description 'Core-Edge-1 / Core-1 / Core-2' set interfaces ethernet eth0 vif 21 mtu '9000'
set interfaces ethernet eth0 vif 98 description 'Fiber Feed 1' set interfaces ethernet eth0 vif 98 address '2001:559:a000::67/126' set interfaces ethernet eth0 vif 98 address 'Public.IP.Lookback.32' set interfaces ethernet eth0 vif 98 address 'Comcast.Public.IP.29'
set interfaces loopback lo address 'Loopback.IPv6.28' set interfaces loopback lo address '10.10.1.2/32'
set policy prefix-list AS#-IN rule 65535 action 'permit' set policy prefix-list AS#-IN rule 65535 le '0' set policy prefix-list AS#-IN rule 65535 prefix '0.0.0.0/0' set policy prefix-list AS#-Prefixes rule 10 action 'permit' set policy prefix-list AS#-Prefixes rule 10 prefix 'Public.IP.0.24' set policy prefix-list6 AS#-IN rule 10 action 'permit' set policy prefix-list6 AS#-IN rule 10 prefix '::/0' set policy prefix-list6 AS#-OUT rule 10 action 'permit' set policy prefix-list6 AS#-OUT rule 10 prefix 'Public.IPv6.0.36' set policy route-map AS#-IN rule 10 action 'permit' set policy route-map AS#-IN rule 10 match ip address prefix-list 'AS#-IN' set policy route-map AS#-IN rule 20 action 'deny' set policy route-map AS#-OUT rule 5 action 'permit' set policy route-map AS#-OUT rule 10 action 'permit' set policy route-map AS#-OUT rule 10 match ip address prefix-list 'AS#-Prefixes' set policy route-map AS#-V6-IN rule 10 action 'permit' set policy route-map AS#-V6-IN rule 10 match ipv6 address prefix-list 'AS#-IN' set policy route-map AS#-V6-IN rule 65535 action 'deny' set policy route-map AS#-V6-OUT rule 10 action 'permit' set policy route-map AS#-V6-OUT rule 10 match ipv6 address prefix-list 'AS#-OUT' set policy route-map AS#-V6-OUT rule 65535 action 'deny' set protocols bgp address-family ipv4-unicast network Public.IP.0.24 set protocols bgp address-family ipv6-unicast network Public.IPv6.0.36 set protocols bgp neighbor Comcast.Public.IP address-family ipv4-unicast route-map export 'AS#-OUT' set protocols bgp neighbor Comcast.Public.IP address-family ipv4-unicast route-map import 'AS#-IN' set protocols bgp neighbor Comcast.Public.IP remote-as '7922' set protocols bgp neighbor Comcast.Public.IP address-family ipv4-unicast set protocols bgp neighbor Comcast.Public.IP address-family ipv6-unicast route-map export 'AS#-V6-OUT' set protocols bgp neighbor Comcast.Public.IP address-family ipv6-unicast route-map import 'AS#-V6-IN' set protocols bgp neighbor Comcast.Public.IP ebgp-multihop '255' set protocols bgp neighbor Comcast.Public.IP remote-as '7922' set protocols bgp neighbor Comcast.Public.IP address-family ipv4-unicast set protocols bgp neighbor Comcast.Public.IP address-family ipv6-unicast route-map export 'AS#-V6-OUT' set protocols bgp neighbor Comcast.Public.IP address-family ipv6-unicast route-map import 'AS#-V6-IN' set protocols bgp neighbor Comcast.Public.IP capability dynamic set protocols bgp neighbor Comcast.Public.IP remote-as '7922' set protocols bgp parameters router-id 'Public.IP.Loopback.32' set protocols bgp system-as '#'
set protocols ospf area 0.0.0.0 network '10.10.1.2/32' set protocols ospf area 0.0.0.0 network '10.11.19.0/30' set protocols ospf area 0.0.0.0 network '10.11.21.0/30' set protocols ospf area 0.0.0.0 network '10.11.21.12/30' set protocols ospf area 0.0.0.0 network '10.11.21.16/30' set protocols ospf default-information originate always set protocols ospf default-information originate metric-type '2' set protocols ospf interface eth0.19 authentication md5 key-id 1 md5-key 'password' set protocols ospf interface eth0.19 network 'point-to-point' set protocols ospf interface eth0.19 passive disable set protocols ospf interface eth0.21 authentication md5 key-id 1 md5-key 'password' set protocols ospf interface eth0.21 network 'point-to-point' set protocols ospf interface eth0.21 passive disable set protocols ospf parameters abr-type 'cisco' set protocols ospf parameters router-id '10.10.1.2' set protocols ospf passive-interface 'default'
set protocols static route 0.0.0.0/0 next-hop Comcast.Public.IP.29 set protocols static route Public.IP.0.24 blackhole
set service ssh set system config-management commit-revisions '100' set system conntrack modules ftp set system conntrack modules h323 set system conntrack modules nfs set system conntrack modules pptp set system conntrack modules sip set system conntrack modules sqlnet set system conntrack modules tftp set system console device ttyS0 speed '115200' set system name-server '1.1.1.1' set system name-server '10.0.11.25' set system syslog global facility all level 'info' set system syslog global facility local7 level 'debug'

#NAT Router #This one 

set interfaces ethernet eth0 mtu '9000'
set interfaces ethernet eth0 vif 21 address '10.11.21.6/30' set interfaces ethernet eth0 vif 21 address '10.11.21.14/30'
set interfaces ethernet eth0 vif 21 description 'Core-Edge-1 / Core-Edge-2' set protocols ospf interface eth0.21 authentication md5 key-id 1 md5-key '1234567890' set protocols ospf interface eth0.21 dead-interval '40' set protocols ospf interface eth0.21 hello-interval '10' set protocols ospf interface eth0.21 network 'point-to-point' set protocols ospf interface eth0.21 priority '1' set protocols ospf interface eth0.21 retransmit-interval '5' set protocols ospf interface eth0.21 transmit-delay '1' set interfaces ethernet eth0 vif 21 mtu '9000'
set interfaces ethernet eth0 vif 30 address '10.11.30.1/30' set interfaces ethernet eth0 vif 30 description 'Core-Dist-2' set protocols ospf interface eth0.30 authentication md5 key-id 1 md5-key '1234567890' set protocols ospf interface eth0.30 dead-interval '40' set protocols ospf interface eth0.30 hello-interval '10' set protocols ospf interface eth0.30 network 'point-to-point' set protocols ospf interface eth0.30 priority '1' set protocols ospf interface eth0.30 retransmit-interval '5' set protocols ospf interface eth0.30 transmit-delay '1' set interfaces ethernet eth0 vif 30 mtu '9000'
set interfaces ethernet eth0 vif 31 address '10.11.31.1/30' set interfaces ethernet eth0 vif 31 description 'Core-Agg-1' set protocols ospf interface eth0.31 authentication md5 key-id 1 md5-key '1234567890' set protocols ospf interface eth0.31 dead-interval '40' set protocols ospf interface eth0.31 hello-interval '10' set protocols ospf interface eth0.31 network 'point-to-point' set protocols ospf interface eth0.31 priority '1' set protocols ospf interface eth0.31 retransmit-interval '5' set protocols ospf interface eth0.31 transmit-delay '1' set interface ethernet eth0 vif 31 mtu '9000'
set interfaces ethernet eth0 vif 32 address '10.11.32.1/30' set interfaces ethernet eth0 vif 32 description 'Core-Agg-2' set protocols ospf interface eth0.32 authentication md5 key-id 1 md5-key '1234567890' set protocols ospf interface eth0.32 dead-interval '40' set protocols ospf interface eth0.32 hello-interval '10' set protocols ospf interface eth0.32 network 'point-to-point' set protocols ospf interface eth0.32 priority '1' set protocols ospf interface eth0.32 retransmit-interval '5' set protocols ospf interface eth0.32 transmit-delay '1' set interfaces ethernet eth0 vif 32 mtu '9000'
set high-availability vrrp group Management_Devices interface 'eth0.21' set high-availability vrrp group Management_Devices hello-source-address '10.11.30.1' set high-availability vrrp group Management_Devices address 'Public.IP.1.29' set high-availability vrrp group Management_Devices priority '200' set high-availability vrrp group Management_Devices vrid '10'
set high-availability vrrp group Parish_Homes interface 'eth0.21' set high-availability vrrp group Parish_Homes hello-source-address '10.11.30.1' set high-availability vrrp group Parish_Homes address 'Public.IP.2.29' set high-availability vrrp group Parish_Homes priority '200' set high-availability vrrp group Parish_Homes vrid '11'
set high-availability vrrp group Businesses interface 'eth0.21' set high-availability vrrp group Businesses hello-source-address '10.11.30.1' set high-availability vrrp group Businesses address 'Public.IP.3.28' set high-availability vrrp group Businesses priority '200' set high-availability vrrp group Businesses vrid '12'
set high-availability vrrp group Public_1 interface 'eth0.21' set high-availability vrrp group Public_1 hello-source-address '10.11.30.1' set high-availability vrrp group Public_1 address 'Public.IP.4.29' set high-availability vrrp group Public_1 priority '200' set high-availability vrrp group Public_1 vrid '21'
set high-availability vrrp group Public_2 interface 'eth0.21' set high-availability vrrp group Public_2 hello-source-address '10.11.30.1' set high-availability vrrp group Public_2 address 'Public.IP.5.29' set high-availability vrrp group Public_2 priority '200' set high-availability vrrp group Public_2 vrid '22'
set high-availability vrrp group Public_3 interface 'eth0.21' set high-availability vrrp group Public_3 hello-source-address '10.11.30.1' set high-availability vrrp group Public_3 address 'Public.IP.6.29' set high-availability vrrp group Public_3 priority '200' set high-availability vrrp group Public_3 vrid '23'
set high-availability vrrp group Public_4 interface 'eth0.21' set high-availability vrrp group Public_4 hello-source-address '10.11.30.1' set high-availability vrrp group Public_4 address 'Public.IP.7.29' set high-availability vrrp group Public_4 priority '200' set high-availability vrrp group Public_4 vrid '24'
set high-availability vrrp group Public_5 interface 'eth0.21' set high-availability vrrp group Public_5 hello-source-address '10.11.30.1' set high-availability vrrp group Public_5 address 'Public.IP.8.29' set high-availability vrrp group Public_5 priority '100' set high-availability vrrp group Public_5 vrid '25'
set high-availability vrrp group Public_6 interface 'eth0.21' set high-availability vrrp group Public_6 hello-source-address '10.11.30.1' set high-availability vrrp group Public_6 address 'Public.IP.9.29' set high-availability vrrp group Public_6 priority '100' set high-availability vrrp group Public_6 vrid '26'
set high-availability vrrp group Public_7 interface 'eth0.21' set high-availability vrrp group Public_7 hello-source-address '10.11.30.1' set high-availability vrrp group Public_7 address 'Public.IP.10.29' set high-availability vrrp group Public_7 priority '100' set high-availability vrrp group Public_7 vrid '27' set high-availability vrrp group Public_7 no-preempt
set high-availability vrrp group Public_8 interface 'eth0.21' set high-availability vrrp group Public_8 hello-source-address '10.11.30.1' set high-availability vrrp group Public_8 address 'Public.IP.11.29' set high-availability vrrp group Public_8 priority '100' set high-availability vrrp group Public_8 vrid '28'
set high-availability vrrp group Public_9 interface 'eth0.21' set high-availability vrrp group Public_9 hello-source-address '10.11.30.1' set high-availability vrrp group Public_9 address 'Public.IP.12.29' set high-availability vrrp group Public_9 priority '100' set high-availability vrrp group Public_9 vrid '29'
set high-availability vrrp sync-group Sync_Management member Management_Devices set high-availability vrrp sync-group Sync_Parish_Homes member Parish_Homes set high-availability vrrp sync-group Sync_Businesses member Businesses set high-availability vrrp sync-group Sync_Public_1 member Public_1 set high-availability vrrp sync-group Sync_Public_2 member Public_2 set high-availability vrrp sync-group Sync_Public_3 member Public_3 set high-availability vrrp sync-group Sync_Public_4 member Public_4 set high-availability vrrp sync-group Sync_Public_5 member Public_5 set high-availability vrrp sync-group Sync_Public_6 member Public_6 set high-availability vrrp sync-group Sync_Public_7 member Public_7 set high-availability vrrp sync-group Sync_Public_8 member Public_8 set high-availability vrrp sync-group Sync_Public_9 member Public_9
del service conntrack set service conntrack-sync interface eth0.30 set service conntrack-sync interface eth0.31 set service conntrack-sync interface eth0.32 set service conntrack-sync mcast-group 225.0.0.50 set service conntrack-sync failover-mechanism vrrp sync-group Sync-Management set service conntrack-sync failover-mechanism vrrp sync-group Sync_Parish_Homes set service conntrack-sync failover-mechanism vrrp sync-group Sync_Businesses set service conntrack-sync failover-mechanism vrrp sync-group Sync_Public_1 set service conntrack-sync failover-mechanism vrrp sync-group Sync_Public_2 set service conntrack-sync failover-mechanism vrrp sync-group Sync_Public_3 set service conntrack-sync failover-mechanism vrrp sync-group Sync_Public_4 set service conntrack-sync failover-mechanism vrrp sync-group Sync_Public_5 set service conntrack-sync failover-mechanism vrrp sync-group Sync_Public_6 set service conntrack-sync failover-mechanism vrrp sync-group Sync_Public_7 set service conntrack-sync failover-mechanism vrrp sync-group Sync_Public_8 set service conntrack-sync failover-mechanism vrrp sync-group Sync_Public_9 set service conntrack-sync listen-address 10.11.30.1 set service conntrack-sync sync-queue-size 8
set nat source rule 10 outbound-interface 'eth0.21' set nat source rule 10 source address '10.10.0.0/16' set nat source rule 10 translation address 'Public.IP.1.29' set nat source rule 10 description 'Management Devices'
set nat source rule 11 outbound-interface 'eth0.21' set nat source rule 11 source address '10.0.0.0/20' set nat source rule 11 translation address 'Public.IP.2.29' set nat source rule 11 description 'Parish Homes'
set nat source rule 12 outbound-interface 'eth0.21' set nat source rule 12 source address '10.0.96.0/20' set nat source rule 12 translation address 'Public.IP.3.28' set nat source rule 12 description 'Businesses'
set nat source rule 13 outbound-interface 'eth0.21' set nat source rule 13 source address '100.75.0.0/19' set nat source rule 13 translation address 'Public.IP.4.29' set nat source rule 13 description 'Public 1'
set nat source rule 14 outbound-interface 'eth0.21' set nat source rule 14 source address '100.75.32.0/19' set nat source rule 14 translation address 'Public.IP.5.29' set nat source rule 14 description 'Public 2'
set nat source rule 15 outbound-interface 'eth0.21' set nat source rule 15 source address '100.75.64.0/19' set nat source rule 15 translation address 'Public.IP.6.29' set nat source rule 15 description 'Public 3'
set nat source rule 16 outbound-interface 'eth0.21' set nat source rule 16 source address '100.75.96.0/19' set nat source rule 16 translation address 'Public.IP.7.29' set nat source rule 16 description 'Public 4'
set nat source rule 17 outbound-interface 'eth0.21' set nat source rule 17 source address '100.75.128.0/19' set nat source rule 17 translation address 'Public.IP.8.29' set nat source rule 17 description 'Public 5'
set nat source rule 18 outbound-interface 'eth0.21' set nat source rule 18 source address '100.75.160.0/19' set nat source rule 18 translation address 'Public.IP.9.29' set nat source rule 18 description 'Public 6'
set nat source rule 19 outbound-interface 'eth0.21' set nat source rule 19 source address '100.75.192.0/19' set nat source rule 19 translation address 'Public.IP.10.29' set nat source rule 19 description 'Public 7'
set nat source rule 20 outbound-interface 'eth0.21' set nat source rule 20 source address '100.75.224.0/19' set nat source rule 20 translation address 'Public.IP.11.29' set nat source rule 20 description 'Public 8'
set nat source rule 21 outbound-interface 'eth0.21' set nat source rule 21 source address '10.100.0.0/20' set nat source rule 21 translation address 'Public.IP.12.29' set nat source rule 21 description 'Public 9'
set interfaces loopback lo address '10.10.1.3/32'
set protocols ospf area 0.0.0.0 network '10.10.1.3/32' set protocols ospf area 0.0.0.0 network '10.11.21.4/30' set protocols ospf area 0.0.0.0 network '10.11.21.12/30' set protocols ospf area 0.0.0.0 network '10.11.30.0/30' set protocols ospf area 0.0.0.0 network '10.11.31.0/30' set protocols ospf area 0.0.0.0 network '10.11.32.0/30' set protocols ospf area 0.0.0.0 network 'Public.IP.1.29' set protocols ospf area 0.0.0.0 network 'Public.IP.2.29' set protocols ospf area 0.0.0.0 network 'Public.IP.3.28' set protocols ospf area 0.0.0.0 network 'Public.IP.4.29' set protocols ospf area 0.0.0.0 network 'Public.IP.5.29' set protocols ospf area 0.0.0.0 network 'Public.IP.6.29' set protocols ospf area 0.0.0.0 network 'Public.IP.7.29' set protocols ospf area 0.0.0.0 network 'Public.IP.8.29' set protocols ospf area 0.0.0.0 network 'Public.IP.9.29' set protocols ospf area 0.0.0.0 network 'Public.IP.10.29' set protocols ospf area 0.0.0.0 network 'Public.IP.11.29' set protocols ospf area 0.0.0.0 network 'Public.IP.12.29' set protocols ospf parameters abr-type 'cisco' set protocols ospf parameters router-id '10.10.1.3' set protocols ospf passive-interface 'default' set protocols ospf interface eth0.21 passive disable set protocols ospf interface eth0.30 passive disable set protocols ospf interface eth0.31 passive disable set protocols ospf interface eth0.32 passive disable
set service ssh set service ntp set system config-management commit-revisions '100' set system console device ttyS0 speed '115200' set system host-name 'RiverNet-Core-Router-3' set system time-zone America/New_York set system syslog global facility all level 'info' set system name-server 10.0.11.25 set system name-server 1.1.1.1 set system login user admin authentication public-keys mykey key 'AAAAC3NzaC1lZDI1NTE5AAAAIFXVfCtyGhgz+xBfqg0Kn1lFb1+/BktnvqEJpHW5V0/4' set system login user admin authentication public-keys mykey type 'ssh-ed25519'
set system option performance latency
​

EDIT: More sites: login.tailscale.com, my bank account, Synology's login service. phmschools.org
Edit 2: appears to be a routing issue effecting numerous people in the area. The odd this is it's just random sites.
I'm on MetroNet in Granger, I have a static IP in the 152.117.94.65 - 152.117.94.126 range. I can't get to my Tesla via the app, I can't log into us.account.battle.net or https://www.phmschools.org There are more sites but those are the main ones that are important.
From my understanding MetroNet purchased this block of IP addresses from some European company, which is getting blacklisted. I've already had them change my IP, which remedied the problem for several weeks but now it's back and they refuse to give me a new IP. Let alone the fact that updating DNS records with a new IP isn't convenient. Their solution was to email all the webmasters to see if they will unblock my IP, which isn't my job, and I highly doubt it will be successful.
Unfortunately this leaves me in a circumstance of going back to Comcast business. It might not be as fast, but at least it's reliable. I just wanted to post this here so others considering the switch know what they are getting into.

I am unable to reset the password for my ~20yr old comcast.net email account. The email is not tied to any active service anymore to my knowledge. I can still access the inbox and send/receive emails on my phone, but I would like to be able to actually login to ensure continued access to the account and adjust settings. Trying to reset the password just creates a loop of going to xfinity.com/password which then tells me to go back to xfinity.com/password.

Hi, I'm able to login to my account. Then I click "check my email" from the sidebar.
​
This brings me to https://xfinityconnect.email.comcast.net/, which redirects to https://xfinityconnect.email.comcast.net/resources/static/activate.html
​
If I select "Activate Now" it brings me to https://connect.xfinity.com/appsuite/#!!&user_status=new&inviteCode=LONGCODEREMOVEDFORTHISPOST
Which eventually just reditects to https://connect.xfinity.com/appsuite/ which further redirects to https://www.xfinity.com/hub/?cid=cust.
​
Once it stops redirect the page says "Looking for email?You can now check your Comcast email by selecting your account icon in the navigation menu or using this link."
​
this link redirects right back to https://xfinityconnect.email.comcast.net/resources/static/activate.html
and now we start all over again... no way to see my actual email. What do i do?
​

The Scent of Stealth: Cyber-espionage Intrusion Analysis – A recent Chinese APT intrusion into a manufacturing company
Bloodhounds are dogs prized for their ability to sniff out targets. Towards the end of April 2023, ReliaQuest turned the tables when we picked up on suspicious activity that suggested the use of Bloodhound—a tool for analysis of Active Directory (AD) rights and relations.
GreyMatter Intelligent Analysis enabled us to escalate an initial summary of events to the targeted client, a manufacturing company (“KILO-32325”), within 15 minutes. The company confirmed the activity was suspicious and then engaged the ReliaQuest Threat Hunting team, a specialized unit under our Threat Research Team.
About three weeks later, despite KILO-32325’s efforts to contain the intrusion, we detected a remote interactive login to a service account intended for Windows Virtual Machine Management on a licensed server. At this point, we re-engaged with the client. Let’s follow the trail of evidence that has led us to attribute this intrusion to a state-sponsored group operating in the interest of the People’s Republic of China (PRC).

Mining Data, Missing Malware: What Happened and Why?

What we discovered, and what we didn’t, provided a wealth of insight into the motivation behind this intrusion. Financially motived threat actors—particularly those focused on single or double extortion via ransomware and data theft—often operate in broad strokes. They aim to discover and exfiltrate, or at least impact, all data located on file servers, network shares, SharePoint sites, etc. During this intrusion, the threat actor focused on targeted exfiltration of research-and-development data, initially targeting documents about IT configurations and network topology, most likely for additional discovery.
What’s more revealing is that, despite having about a month of network and critical-infrastructure access, the threat actor didn’t deploy ransomware—or any malware at all. By matching those insights with the fact that our Threat Intelligence team has not (so far) discovered initial access broker listings, exposed credentials, or data sales related to this intrusion, we’ve arrived at the highly likely conclusion that espionage was the objective.

Initial Access

As April 2023 wound down, the threat actor appears to have used a combination of tactics to gain initial access to KILO-32325’s environment: two attacks, password guessing, and vulnerability exploitation. Notably, they first successfully authenticated to KILO-32325’s firewall using a local firewall account. KILO-32325 believes that a vulnerability in their FortiGate firewall was exploited for initial access.
Following authentication to the local firewall account, the threat actor moved on to try authenticating to a service account intended for backups 20 times in two minutes, striking out on each attempt. That seems to be the end of their password guessing for the backup account.
Two days later, we observed the backup account KILO-32325-backupsuccessfully authenticating to make use of Microsoft O365 services. On the same day, a VPN authentication was established using the local firewall account which was followed by the usage of a second service account, KILO-32325-change, in a remote interactive login onto a domain controller. Both the O365 and VPN network access was most likely accomplished through offline password cracking or the use of already obtained valid credentials.
Fast-forward to about two weeks after initial access. A second, local firewall account was authenticated to from the threat actor’s IP address 96.70.174[.]189. This was a patched firewall, so it’s not clear if this account was acquired during initial access in April through exploitation of the firewall or was the result of additional vulnerability exploitation. But it wasn’t until mid-May that the threat actor again authenticated to the VPN with a new account, admin@[KILO-32325].com.
After authenticating to the VPN using admin@[KILO-32325].com, the attacker then performed a remote interactive login to a license server, using a different highly privileged service account that was intended for Windows virtual machine management. We didn’t see any password guessing for either of these accounts, which lends support to the theory that the threat actor probably relied on offline password cracking and valid credentials.
In total, the threat actor used four service accounts, including an additional database service account obtained after first initial access, and two local firewall accounts for network edge access. All authentications came from the IP address 96.70.174[.]189, a Comcast Business IP address leased to a SOHO Fortinet router with an exposed management console.
Where was the MFA?
You’re probably wondering why an MFA tool didn’t factor into the initial-access story. KILO-32325 did have an MFA solution, which included all the affected domain accounts used in VPN authentications. But because each of them were service accounts and not used interactively, they hadn’t been manually validated and set up with MFA. When MFA is deployed across an organization but edge cases exist, you can see how a false sense of security might settle in.

Discovery and Lateral Movement

Over about one month of access, the threat actor focused primarily on Living off the Land (LotL) commands, to blend into KILO-32325’s environment. They employed RDP for lateral movement and actions on objectives.
During April 2023, using the privileged KILO-32325-changeaccount, as well as a compromised database service account, KILO-32325-sql, the threat actor conducted a wide range of host and account discovery actions, including the Bloodhound-like Lightweight Directory Access Protocol (LDAP) enumeration. The threat actor primarily conducted data discovery through SharePoint interaction. Data exfiltration was staged on the file server KILO-32325-FS-01. All files that the attacker viewed, downloaded, and accessed were related to operations and research and development, plus VPN and FortiClient configurations.
In May 2023, when the threat actor re-entered the environment, their activity featured the same tools and patterns; data discovery was again centered on SharePoint, and data exfiltration was staged on a second file server, KILO-32325-FS-02. Here are tools/commands they used for host and network discovery:

• mmc.exe
  • Opening Computer Management and DNS Manager Snap-ins
• net.exe
  • view /domain
  • view \\
  • use \\
  • group “domain computers” /domain
• dsquery.exe
  • dsquery subnet -limit 10000
• netstat.exe
  • netstat -nao
• nltest.exe
  • nltest /parentdomain
  • nltest /domain_trusts
• nbtscan.exe
  • This was used against numerous CIDR ranges after “dsquery” was run
• quser.exe

Ingress Tool Transfer

The threat actor additionally transferred tools into the environment for further discovery and stored it within the Downloads folder of the KILO-32325-change account. These tools were used against groups and users, probably for enumeration. Batch scripts were also interactively written to the disk via notepad.exe, potentially to avoid security measures (e.g., Mark-of-the-Web) that restrict the execution of untrusted content from the internet.
Here’s a sample of the tools and their usage:

• “local administrators \\”
• global.exe “domain computers”
• getu.exe \\\Administrator

Through partial-file analysis, we determined that the tool getu.exewas a renamed version of a free JoeWare utility. We determined that it was likely GetUserInfo, based on observed use that matched documented usage syntax.
Finally, command lines like the examples below indicate the threat actor was using the Impacket script wmiexec, a tool known to be used by financially motivated actors as well as state-sponsored actors, for executing remote commands.

cmd.exe /Q /c quser 1> \\127.0.0.1\ADMIN$\__1684228650.2245219 2>&1 cmd.exe /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__1684228650.2245219 2>&1 

Credential Dumping

During April 2023, the actor had used ntdsutil.exeto create a snapshot of the AD database, then dumped the HKLM/SYSTEM hive using the reg savecommand. Using ntdsutil.exeto acquire an NTDS.ditfile led to the exposure of more than 1,200 domain accounts.
The threat actor also harvested plaintext passwords for local administrator accounts for all servers and computers managed by the LAPS (Local Administrator Password Solution) used to manage local account passwords on domain joined computers. As this data is in NTDS.ditall local administrator accounts were considered compromised, in addition to the more sensitive privileged domain accounts.

Privilege Escalation

While blocked exploitation attempts for CVE-2020-1472were detected against several domain controllers, successful privilege escalation appears to have been achieved through valid account usage. Following LAPS credential exposure after an NTDS.ditdump, a local administrator account, KILO-32325-IT, ran Impacket WMIexec commands on different hosts; this points to the use of plaintext administrator passwords exposed in the LAPS file.
What’s more, as access was re-obtained in May 2023 via a highly privileged account, credentials for that account probably came from the exposed NTDS.dit. But regardless, given the privilege of the accounts initially compromised, the threat actor had the requisite permissions to realize most of their goals even without additional escalation.

Staging for Data Exfiltration

During April 2023, the threat actor was observed using WinRAR, masquerading as sap.exe, to stage data on KILO-32325-FS-01within the D:\drive. Like some of the discovery tools, this utility was brought into the environment by the threat actor tool and initially stored in the Downloads folder of the KILO-32325-changeaccount before being relocated to the D:\drive on the file server. Targeted data included spreadsheets detailing production instructions for stable operations and reports on production metrics, which were staged using the following command line.

SAP.exe a d:\APPS\.rar -k -r -s -v512m -hp d:\ 

After the threat actor reauthenticated to the environment, they targeted KILO-32325-FS-02. To archive and encrypt data using the password “Justx9ajsa,” they used WinRAR, masquerading as dell.exe, located in:

C:\dell\updatepackage\dell.exe 

In this instance, the threat actor used the existing Dell updatepackage folder to hide their renamed WinRAR, and archived data remotely through the UNC path. Remember how we observed the threat actor using notepad.exe to interactively write BATCH scripts to disk? Many of those were deleted, but we found that the following file path executed the archiving by calling dell.exe

C:\dell\updatepackage\1.bat 

That process also saved output to the file path…

C:\dell\1.txt 

…with the command line:

dell a qa.rar -k -r -s -v1024m -x*.hst -x*.dat -m1 -hpJustx9ajsa \\ KILO-32325-FS-02\Folder1\Folder2 >> .\1.txt 

WinRAR was also renamed as citrix.exe but we didn’t discern any use attached to that name.

Persistence

We didn’t detect any evidence of endpoint persistence, such as scheduled task creations, service installations, or network configuration changes. In all cases, access to the domain was achieved through valid accounts.
A new MFA device was seen being enrolled for admin@[KILO-32325].com, as well as KILO-32325-backup. As we said earlier, this doesn’t seem to show explicit persistence, but rather a requirement to use the account.

Defense Evasion

Throughout the intrusion, the threat actor deleted Windows event logs to avoid detection through interactive use of Event Viewer during RDP sessions. They also frequently deleted their tools and batch scripts, such as dell.exe(WinRAR) and global.exe(enumeration utility), to shrink their footprint.
This paid off in April 2023, as some of the compromised hosts were not forwarding Windows logs and did not have functioning EDR agents. By May 2023, KILO-32325had expanded EDR coverage to all hosts and additionally rectified logging gaps, drastically improving detection and available telemetry.

Impact and C2

Despite the visibility gaps, no malware or command-and-control (C2) implants seemed present at any stage of the intrusion. When you consider that the threat actor maintained access to the environment for nearly a month, all signs point to a non-financially motivated threat actor. Their actions were centered almost exclusively on data discovery, exfiltration, and gathering credentials, suggesting espionage as a motive.

Trail of Cyber-crumbs: Attributing the Attack

Adding up all the above factors, including privileged knowledge of the data targeted staged for exfiltration, we’re highly confident that the threat actor was operating in the interest of the PRC. The tactics, techniques, and procedures (TTPs) and victim entity echo those of attack campaigns carried out by an actor or actors acting in the interest of the PRC. Although we can’t attribute this intrusion to a specific group, let’s talk through the evidence we have.
Consider the TTPs; initial access stemming from a likely compromised SOHO Fortinet router, a focus on VPN and firewall compromise, password spraying, and use of valid accounts are all known are all known to be used and preferred techniques used by actors backed by the PRC. And post-access, the focus on LotL activity, log clearing, and password-protected archives are consistent with espionage-focused APTs, as is the absence of malware.
There is a notable difference in how recent APT groups targeting critical manufacturing and infrastructure perform credential dumping. Firstly, if a compromised account is privileged, some threat groups use that account to dump the Local Security Authority Subsystem Service (LSASS) process. We didn’t observe LSASS dumps, but given the visibility gaps, we can’t say with certainty it did not occur. Alternatively, the usage of ntdsutil.exeto harvest credentials from domain controllers by creating installation media is another common technique. We did detect ntdsutil.exe, but credential dumping was achieved by creating a snapshot of the NTDS.dit file.
Unfortunately, infrastructure and TTPs are often the same across a lot of APT groups’ activity, making definitive attribution difficult. But it does enable defenders to focus on en masse detections, rather than countless specific detections tailored to each APT group.

Conclusions

Espionage, especially the nation-state variety, is a daunting threat for any organization. The events above have shown how valuable it is for threat actors to fly under the radar for as long as possible, maintaining access and collecting data (the two primary objectives). Detection isn’t easy when threat activity blends into a compromised environment, masquerading as normal.
Thankfully, the distinction between espionage and financial objectives is slim. Why thankfully? Well, although espionage may be a part of an organizations’ threat-defense model, for most entities, it’s hardly a primary concern. Although there might be long-term business impacts if intellectual property is stolen, short-term operations will largely escape impact. But a financially motivated threat actor will employ many, if not all, of the TTPs detailed above, and simply move one more step right into Impact, the last MITRE Tactic, to encrypt or destroy data and inhibit network operations. As defenders, focusing on “detecting left” (as early as possible following initial access) enables us to account for both espionage and extortion simultaneously, through security controls and detections targeting the same TTPs.
The ReliaQuest GreyMatter security operations platform empowers customers to investigate, detect, and respond to the threats that matter most. The platform increases visibility, to help you get the most out of existing security investments, and reduces the complexity of the DIR lifecycle. This ultimately allows ReliaQuest and our customers to efficiently counter known and emerging threats. We provide customers with detection capabilities and actionable intelligence to mitigate the efforts of espionage and financially motivated threat actors alike.

Mitigations

Based on this case study, here are some recommendations to help protect your organization from similar threats:

• Update and apply patches to all network-edge devices, particularly Fortinet appliances.
• Ensure that no network-edge devices have publicly exposed management interfaces.
• Implement GPOs preventing/restricting remote interactive logins to service accounts.
• Use device certificates for remote authentications, to mitigate the risk of exposed credentials.
• Require MFA for all remote authentications, at a minimum.
• Ensure MFA is properly configured for all required accounts.
• Run all EDR solutions in prevent/block modes, rather than detect, to proactively prevent actions on objectives.
• Implement GPOs specifying RDP timeouts and session terminations, to reduce the risk of stale RDP connections subject to hijacking.
• Enforce a robust password policy and management solution requiring rotations.
• Audit service and local accounts to ensure each account has a documented owner and purpose.
• Segment and properly secure sensitive data.

Prior to Xfinity getting rid of the My Account App & options on the web there was a way to disable auto-authentication on my network. I know because I had this disabled. After the switch to the new Xfinity app & website the option to disable this has disappeared & been re-enabled on my account. I do not want this on. How can I disable it?
Here is the link I found to disable it but the actual link in the help section no longer works & throws a 503 error.
https://www.xfinity.com/support/articles/online-tv-through-partner-sites

How can I opt out of using auto-authentication? If you'd like to opt out of using auto-authentication, sign in to My Account and select Turn Off under Auto-Authentication. You must be the primary account holder to use this feature.
https://login.comcast.net/myaccount/userprofile

For clarification, I am the primary account holder. Thanks for anyone that can help.

I followed the instructions on Xfinity's website to opt out of auto authentication with no luck. I get a 503 error when I click on the My Account link, and I don't see the option to opt out on the Xfinity app or on browser when logging in normally. Does anyone know how to opt out of auto authentication through the Xfinity app? The account management features in general haven't been working properly on browser for several months, so I'm hoping to fix this through the app.

I went to login to Coinbase from my work computer which has bing as its default search bar. Instead of typing coinbase.com in, I just entered coinbase into the search bar to pull it up.
The first result was an ad that looked like it would direct you to coinbase but the URL is honorcafe.online.
If you click on that, it redirects to www17coinbase.z13.web.core.windows.net which appears to be the login screen for coinbase.
I just entered a random email like cryptotrader@comcast.net and a random password like iluvcrypto48, you can enter anything, it’s not a real login. But upon pressing continue, it says “"'Your coinbase account has been blocked due to suspicious login attempts. Contact customer service at Toll Free +1-833-444-7097 to verify and unlock your account."
I didn’t call the number to investigate any further, maybe I will. But clearly, this is a scam designed to target newbie traders who are trading on the exchange and don’t bother to take a second look.

This morning I tried logging in to my XFinity account via my macintosh laptop, using the login portal on login.xfinity.com. Everything went okay - Password accepted, and 2FA code sent via SMS. I entered the 2FA code, and then...
Was redirected to a warning via Chrome that said:
"The connection to xfinity.comcast.net is not secure. You are seeing this warning because this site does not support HTTPS."
I backed out immediately and tried again on a different computer entirely, this time a PC running the latest version of Chrome. I got the same error.
As far as I can tell, the login.xfinity.com portal is legit, so I have no idea why it was redirecting me away to a .net domain. This made me highly suspicious, so I called in to Xfinity tech support.
They were absolutely zero help whatsoever. They couldn't understand my concern about being redirected from their login portal to an insecure website, and they couldn't even answer my question about whether or not Xfinity/Comcast legitimately owns xfinity.comcast.net. They just asked me if I needed help resetting my password over and over again.
Since then I've been able to log in without that error cropping up, and I've since changed my password accordingly. But the redirect still makes me highly suspicous and VERY nervous.
Has anyone else seen this behavior? Can anyone please advise as to whether or not I was redirected to a malicious man-in-the-middle attack from Xfinity's legitimate website?

I am trying to help my mother-in-law out. She can't remember any passwords, and her computer crashed. I rebuilt it for her, but without her original password (she had the Mac set to auto-login so didn't know it) I can't unlock the keychain or find any other way to retrieve what her Comcast email password was.
She moved a few years ago into CharteSpectrum area, so no longer lives at the address where she had Comcast service. However, she never switched over to the Spectrum email address and had been continuing to use her Comcast.net email address.
I spent over an hour with her and Comcast support on the phone, but we kept going around in circles. Anything they try to verify they keep pulling up the address and are trying to verify her information against the information for the people who live there now. That isn't going to work. They keep saying to use the online password reset, which doesn't work on Spectrum (it says to log in to your home WiFi), but even if I try that at my house which is Comcast it gives me the same message when i try to reset her email address.
I think this is a brick wall ---
* She cannot remember her password
* She no longer lives at the address where she had service
* The old phone number she had (landline) has been disconnected
* She seemingly has no way to reset the password for this email account
Does anyone have any ideas that may help her out? I have found information on Comcast help pages that say you can keep using your account/email even after leaving Comcast, but nothing covers this use case or how she could reset the password. Perhaps the support agent just didn't know where to look to authenticate her against the previous account information, so maybe there is hope it can be fixed but right now it is feeling like a lost cause.

swann swhdk 880508 This one is a bit older, unfortunately. I've spent about a month looking at it here and there and I just seem to find the same directions over and over that have been copy pasted from the piss poor manual. I tried to set up an SMTP email notification. Made a separate new email just for this. When I test it says it cannot send. Now, I know I did something to test at the internet connected to it properly but for the life of me I can no longer remember what it was. I did go downstairs with my laptop and checked that the wire connection is functional. I'm still not entirely sure what PPPOE is. I tried to set up the dynamic DNS login SwannDVR.net and at my end it says that it is connected but when I try to log into it with the direct link to my system it just slowly loads of page for an extended period, like a couple minutes, then gives me an error page. This is also true if I try to use my laptop.
I genuinely think at this point the problem is Comcast. They've locked out that cable modem so hard and now I can't even do pork forwarding on it. I've genuinely had to go backwards in technology just to play Minecraft with my kid. I went as far as to set us up a separate router that is only used so we can do local network Minecraft.
I don't need anything special. I just wanted to inform me if it's his activity in my driveway and it is set up for that except for the network stuff. The rest is just there as evidence. Hell, the only reason I set it up when it was cold was because we had somebody home but stuck in bed and when people came over she couldn't check the front door.

This doesn't seem to be against sub's guidelines, but I apologize if it is. I frequent this sub a lot for tips and tricks, so thought I would post here.
Today I received an email to my personal email account via Outlook. It legitimately looks to be from Paypal: https://imgur.com/a/NKV8RjX
It is an invoice stating I made a purchase with COSMOS(ATOM). I have never even heard of this company/site, but the more immediate suspicion of fraud was that, despite coming to my personal address, an email of "bigbam@comcast.net" was listed on the invoice.
When I login to my PayPal account, I indeed show no invoices. So, taking one for the team, I went and clicked the invoice link and it indeed did take me to PayPal and had the option to pay the invoice. Here is what that looked like: https://imgur.com/a/kK4FN2v
I decided to take it a step further and called the number listed on the Invoice. While it wasn't in broken English, it was still worded in a weird way. I thought I would call and see what happens, maybe try to sort it out? I expected your typical call screening, automated messages and prompts to get to a real person. Instead it rang several times, then had a distinct clicking sound as if it was being transferred (?), then after a few more rings a gentleman with a very heavy Indian accent picked up, paused about a good 5 seconds before speaking and then said, "Thank you for calling Customer Service..." You could also clearly hear multiple other people in the background talking.
I immediately hung up at this point, further suspecting this is a scam because, if nothing else, you would think they would say the name of the company you're calling and not just "customer service". If it is indeed a scam, I'm not smart enough to figure out how it plays out. Meaning, they seem to be going direct through Paypal and using a real company, but with a fake number. Since they're going through PayPal, can't that be tracked? Or does it not matter? If someone unfortunately were to pay this, does it not matter if it's a "scam" because you williningly did it?
Or am I even dumber, and this is not a scam, and there's something else going on? Note I did forward this invoice and email onto PayPal's fraud team.
A visit to COSMOS/ATOM shows it seems to be a way to track/purchase(?) crypto, but there doesn't seem to be any direct way to pay on their site and the number in the invoice is certainly no where to be found on the site.
Even if I'm not smart enough to figure out the scam, if it is indeed one, maybe this post will help others...

I wanted to share some information regarding new world and Steam Deck. First when New World works, it works very well. However it does not always work.
If you have or are getting a Steam Deck, first check out https://www.youtube.com/watch?v=b5NHmMDX2PI He goes through some steps to help get you started. There is a decent chance that you will be up and running just from that video however if you are not, then hopefully I can help.
Getting New World to work on my steam deck I encountered 2 separate issues. Basically you should be able to start the game and get as far as character selection. Once you select your character you will be put in queue like normal, or if there is no queue you may receive an error “unable to connect to the server. Please confirm your internet connection and try again“. Some people have claimed just trying over and over will get them through, I have not seen that work. However after playing with it for a week the one thing that seems to make it work is Ad-Hoc network. IE using your phone, or another computer as a hot spot and NOT using your router or wireless access point. I have had it work on both my Phone and off my PC however if I connect my steam deck to the same router that the PC is connected to, it will not work. I do not have the ability to test using a hardwire connection.
Note also If you attempt to log in on steam deck and get the unable to connect error. You may have trouble logging into desktop as well. Logging and receiving “ERROR CODE: Could not connect to Server: Login has expired Please try again. (Status -120). The quickest solution I have found is to completely exit the game and restart.
The other issue you may have is they game may crash during log in. It appears that the game has trouble with rendering all of a town at once. The easy solution is to log out in the wilderness, then run into a town. I also experienced several crashes when teleporting into towns.
Networks used- College Staff, College Public(both behind firewalls)Home network(Comcast) with a Netgear M60 mesh and Asus RT-AX86U on both devices I used guest, or the primary wife’s. I tried using 2.4 and 5 each exclusively. With and without ipv6, with and without UPnP. With and without PiHole. With and Without DMZ. The only thing I found that made any difference was using an ad-hoc network with a windows desktop hardwired to either router. IPhone on Verizon
If anyone has anything they would like me to try that they believe would allow me to connect to an access point please let me know. I have exceeded my network knowledge and do not quite understand how an ad-hoc works better than an instructor connection on the same network. Also I should add in ALL cases the steam deck was less than 4 feed from its connection. Ideally I would like to figure out what I can do
I would love to see this game supported fully, but until then, if this helps anyone who is having issues then I feel the hours I spent setting up different network environments was worth it.\
​
EDIT - Just to update some other trouble shooting things I have tried since the initial post. peyones970 was able to resolve the issue by going to a 2.4ghz network. While that was unsuccessful for me I had seen others mention it during initial troubleshooting. zeus99es Was able to solve some of the connection issues by using Googles DNS(8.8.8.8) Based on the fact that this had resolved his issues, I tried using Comcast's DNS and Cloudflares DNS(1.1.1.1) At one point using Comcast's DNS at the router level I was able to connect. I then tried forcing it on the client so that I could enable the pi-hole on the router and it did not work. When I tried to go back to Comcasts on the router I was unable to reproduce the results. It may solve some issues but it doesn't appear to the be primary problem. Again, connecting through a desktop on the network using the same DNS as a direct wifi solves it. Thank you again for those that have given ideas. Hopefully something helps someone! At this point I honestly can not tell if this is a driver issue on Valves side or bad net code on AGS's side.
EDIT on 9-16-22, Less than week after this post was made things magickly started working. I had not changed anything within my network since 9-11-22. While there was a minor update to New World on the steam deck There was a 1.2 MB update and things were happy after that. I also have been able to log into cities. Since I did nothing to make this work, I cant help people try new things at this point. I did ask around and others are still having issues connecting so it wasn't a universal fix. If your seeing this in the future. Good luck! I will edit again if it breaks.
​

Recently, I’m seeing more and more posts of people losing access to their att.net or sbcglobal.net email accounts. If you’re still using ISP email (AT&T, Comcast, etc.), please consider switching away ASAP, before it’s too late. ISP email is unreliable, running on archaic systems, and may be impossible to recover if you randomly lose access. Unfortunately, they won’t care, and there’s pretty much nothing you can do about it.
The best thing to do is owning your own domain name and have email setup, but this will be complicated for most users out there.
The next best thing is a free Gmail or Outlook.com account. There are many more providers out there, but currently these are probably the 2 most reliable, secure, and free. Choose one, set it up, set up all multi-factor authentication and recovery options carefully, login to all your online accounts and update the contact and login methods to your new email, and then set your att.net/sbcglobal.net account to forward all mail to your new Gmail or Outlook.com account.
Do this today. Email is your castle. Everything in your digital life is linked to it, such as your bank accounts, password resets, verification codes, and more.
Edit: Also, don’t use work email for personal use.