Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ISP reconfiguring cable modem?

From: "oni () omgsoleetyes com" <oni () omgsoleetyes com>
Date: Fri, 28 May 2004 21:19:13 -0400
Cable modems are programmed to grab a configuration file via TFTP (if I'm not mistaken) from the HE (head end) upon gaining sync.
I work as a tech support rep for a local cable internet provider. We shut off modems all the time for abuse such as spam, or virii infections.
We use a web-based OS to disable and enable, and reset modems. All we do flip a switch to disable the modem, the OS writes a new config file for that one customer to tell the modem to not transmit any traffic when this config file is loaded onto the modem. After the config file is ready, we send a remote command to the modem telling it to reboot, once it reboots, gains sync, and gets the new (modified) config file it no longer transmits any traffic in or out.
Since the modem grabs a new config file every time it sync's up to the HE, and we have the ability to reset modems remotely.. We can disable abusers internet traffic as needed, and not make any perm. changes to the modem it self.. Thus if they can take their self-owned modems off of our system while we have them disabled, plug into another cable inet provider, and surf away because the other ISP is giving that modem a new fresh config file when it sync's up.
Thats the basic gist of how the DOCSIS standard works, and how cable modems don't need to be pre-configured by a cable internet provider like some adsl modems.
The whole process is pretty secure. The point of failure would be with the interface the employees use however, which can be exploited if the ISP doesn't know how to secure itself properly. 

-Ben

Paul Kurczaba wrote:


On this ZDNet article
(http://zdnet.com.com/2100-1107_2-5218720.html?tag=zdaresources), it
mentions that to help prevent spam, comcast could remotely reconfigure the
cable modem if it sees that user is sending out a bunch of spam. How is it
possible to remotely configure the cable modem? Would it be a TCP/IP or
cable signal that would reconfigure the modem? If it is TCP/IP, couldn't a
hacker screw up the modem? If it is a cable signal, what happens if the
cable user bought the modem at best buy or compusa (it wouldn't be ISP
specific)

-Paul Kurczaba



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html 
----------------------------------------------------------------------------







---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: