Security Basics mailing list archives
Re: Comcast Cable Setup Security Issue
From: John Harmon <slackboyau () gmail com>
Date: Tue, 20 Jul 2004 17:43:17 -0400
I just recently moved into a new house and signed up for a new comcast account. Their setup is very different then it was even a couple of months ago. I was very hesitant to install the comcast "support" cd and I voiced my concern to the installer but he said that comcast wanted all customers to have comcast email addresses and so they started the new installation policy. I was curious about what was going to be downloaded and also about the new policy so as soon as the modem fired up I started snort and sniffed some traffic and then did some pings and traceroutes to see where I was. In these few short minutes I came to the conclusion that comcast drops you into some subnet where you are behind some kind of proxy/firewall/router where you don't actually have internet access but just have access to some comcast servers where you download the software and they can tftp a new config file to your modem(this is the config that the cable modem hackers are changing when they mess with the bandwidth caps that comcast puts on your modem). After the new config is downloaded your modem restarts and you are on the internet. I didnt turn off my firewall and/or antivirus during my install that I can remember and you have to do this setup without a router/firewall because of the network that you get dropped into. I am def not advocating this new policy because as soon as they send that new config file you are wide open. Instead they should go back to handing out public dhcp addresses and if they have to have all customers sign up for an email address put all new customers IPs behind a proxy where you sign up and then as soon as that is done take the IP out from behind the proxy...this way people can keep their antivirus and firewalls and also dont have to download the comcast "support" software. On Tue, 20 Jul 2004 11:38:26 -0400, Steve Bostedor <steveb () tshore com> wrote:
We have DSL as our backup line here. There was a time when the DSL line was down and the tech support wanted me to plug an unprotected computer directly into the modem much the same way. I refused to do it and they threatened not to help me. After asking for a more experienced "tech", I was able to get them to answer a question without rewiring my network. I think that's solution #2 in their list of canned solutions to read to you when you call. -----Original Message----- From: Gandalf The White [mailto:gandalf () digital net] Sent: Sunday, July 18, 2004 10:14 PM To: security-basics () securityfocus com Subject: Comcast Cable Setup Security Issue Greetings and Salutations: I am beginning to get a feel for why Comcast is at the top of the list for zombie spam boxes. I just set up an account for a friend who had a connection on the Comcast cable network. The instructions on the included CD-ROM (as soon as the CD started up) was to turn off all Anti-Virus and Firewall software on the computer. I called up Comcast tech support and told them that I was I was nervous about doing this, but I was assured that my computer would *only* be talking to the Comcast activation server. Lets just ignore that the computer would be talking to all the other machines on my local cable segment also. I had a router with firewall in between the computer and the Comcast network so I went ahead and deactivated the anti-virus and firewall software on the computer. I got half way through the activation and all of the sudden the process dies. Claimed I could not reach the HTTPS server or that I had not activated within the time allowed. I tried everything to start up the process again with no success. Called Comcast tech support. The tech (he was very efficient and nice) told me to DISCONNECT THE COMPUTER FROM THE ROUTER AND PLUG THE COMPUTER DIRECTLY INTO THE CABLE MODEM. This made me EXTREMELY nervous. I now have a computer (that was patched and up to date of course) ... BUT ... The antivirus and personal firewall software was PURPOSEFULLY turned off. By Comcast instructions. He walked me through connecting to the Comcast website and finishing up the activation steps. I tried (in the middle of his instructions) to ask if I could hook back into my router for a modicum of protection and was told no, I had to finish the setup. When I finished the setup (again, he was very nice and pleasant) I rebooted, hooked the computer back to the router/firewall, verified my antivirus and firewall were working and indeed everything worked fine. Being a computer / security professional I was (of course) thinking about all the very bad things that could happen to this computer while following Comcast's instructions. I know (and I think it is almost criminal) that many cable companied hook PC's up to a cable modem *all the time* without antivirus / firewall / updates / any kind of protection. But you would think that an installation would not require you to take away any kind of protection that a computer has. I can see some overzealous PC owner deleting the anti-virus and firewall software just to get their cable modem working. Ken --------------------------------------------------------------- Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf () digital net - O- TINLC WWW Page - http://digital.net/~gandalf/ Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html Trolls crossposts - http://digital.net/~gandalf/trollfaq.html ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
-- -= John M. Harmon =- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Comcast Cable Setup Security Issue, (continued)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- RE: Comcast Cable Setup Security Issue SMiller (Jul 22)
- RE: Comcast Cable Setup Security Issue Andrew Aris (Jul 23)
- RE: Comcast Cable Setup Security Issue roger . smith (Jul 22)
- Re: Comcast Cable Setup Security Issue Brett (Jul 21)
- RE: Comcast Cable Setup Security Issue Steve Bostedor (Jul 20)
- Re: Comcast Cable Setup Security Issue pingywon MCSE (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- Re: Comcast Cable Setup Security Issue pingywon MCSE (Jul 21)
- Re: Comcast Cable Setup Security Issue pingywon MCSE (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- Re: Comcast Cable Setup Security Issue John Harmon (Jul 21)
- RE: Comcast Cable Setup Security Issue tbishop (Jul 20)
- RE: Comcast Cable Setup Security Issue Herman F. Ebeling Jr. (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- RE: Comcast Cable Setup Security Issue Lopez, Jason (ISS Southfield) (Jul 21)
- RE: Comcast Cable Setup Security Issue Tim Sceurman (Jul 22)
- Comcast Cable Setup Security Issue - Follow-up InHisGrip (Jul 23)
- Re: Comcast Cable Setup Security Issue - Follow-up jpc (Jul 27)
- RE: Comcast Cable Setup Security Issue - Follow-up Burton M. Strauss III (Jul 28)
- Comcast Cable Setup Security Issue - Follow-up InHisGrip (Jul 23)
- RE: Comcast Cable Setup Security Issue SMiller (Jul 23)