Security Basics mailing list archives
RE: ISP reconfiguring cable modem?
From: "Joshua M. Jones" <jjones () isgwichita com>
Date: Thu, 3 Jun 2004 08:11:13 -0500
Let me throw this scenario at you folks. What if you owned your own cable modem and the ISP DID modify your modem such as flashing the firmware? I have a good example of that. The Motorola has a way of uncapping or editing your config file as you will. What legal rights does the ISP have upgrading a personal modem that bought from an online store? That would be another interesting topic to discuss as I am sure many ISP's are implementing their own ways to prevent abusers stealing more bandwidth. -----Original Message----- From: Tony Kava [mailto:securityfocus () pottcounty com] Sent: Wednesday, June 02, 2004 4:47 PM To: security-basics () securityfocus com Cc: 'David Schwendinger' Subject: RE: ISP reconfiguring cable modem? On 1 June 2004, David Schwendinger wrote:
I think an equally important question besides the "is it technically possible" is: Is it or should it be legal for ISPs to reconfigure equipment belonging to its subscribers, let alone doing it without telling them about it?
I think this has been hit on already, but I wanted to chime in as I was formerly employed by a cable modem ISP. Of course the TOS will allow your ISP to modify that modem's configuration at will. It is more polite to contact customers if they are singled out individually or at least post a clearly written policy / notice to explain how your company handles instances where you must stop or modify a user's internet service. The cable modem receives its configuration by TFTP when it boots. There are some SNMP variables that can be set remotely, but for the most part everything is set by the config file it downloads using TFTP. The config file is actually setting values for a number of OIDs (like a batch snmpset). For those interested in what the configurations can look like, the 'docsis' project has an open source tool and examples for generating config files from text file configurations. See http://tinyurl.com/2xbyt If my recollection is correct, you have the ability to setup port filtering and traffic rules in the cable modem configuration. You might, for example, prevent outgoing traffic destined for port 25 (other than to your mail servers) to keep viruses and spammers from wreaking havoc. This can keep that traffic from even traversing your cable plant. Of course there is always the option of blocking this traffic at any of the routers or firewalls along the way. If you detect a problem coming from one of your users' modems you would only need to change their modem's config filename (typically on your DHCP/BOOTP server) then issue a reset command to that modem. The reset can be accomplished by either using an SNMPset (best method for most modems) or by issuing a reset from the CMTS. I have found that with some modems the CMTS-issued reset did not always do the job. The modem will reboot and obtain the new configuration. I should hope that your ISP would contact you, but if your company is as large as Comcast, and your problem is as acute as theirs, they may not be able to do so. They could, however either send an e-mail (assuming they don't completely disable the user) or force the user's HTTP requests to a web page that explains what has happened to their access and provides a method of resolution. I would be interested to see how Comcast handles this issue. Internet users tend to be very defensive (and sometimes brutal) when you take away their internet access, especially if they are misusing it. I've spoken with more than one spammer after blocking their ability to send e-mail. When you explain that their deeds cause undue load on your mail servers their response is invariably that your company should have purchased additional servers just to handle their 'marketing'. Most spammers (and on another topic, day traders) insist that they are losing hundreds of thousands of dollars for every minute they are without service. -- Tony Kava Senior Network Administrator Pottawattamie County, Iowa ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: ISP reconfiguring cable modem? David Gillett (Jun 01)
- <Possible follow-ups>
- RE: ISP reconfiguring cable modem? David Schwendinger (Jun 01)
- RE: ISP reconfiguring cable modem? Burton M. Strauss III (Jun 02)
- RE: ISP reconfiguring cable modem? Tony Kava (Jun 02)
- RE: ISP reconfiguring cable modem? Tony Kava (Jun 03)
- RE: ISP reconfiguring cable modem? Joshua M. Jones (Jun 03)