Re: RCA cable modem Deny of Servic

["Gabriel A. Maggiotti" <gmaggiot () ciudad com ar>]

-----Mario Lorenz wrote ---------
[...]
> >         If you   connect to the second device  (10.x.x.x) on port 80,

RCA cable
> > modem reset the user connection with inet. I proved it with my own
wan
ip 10.1.1
> > .x and with other  cablemodem users  IP's in the same wan.   All of
them  reset
> >  when I remotly  connect to port 80 of the cablemodems.

> This is probably more a software bug or an annoyance than a DOS
> vulnerability.
> You should not be allowed connect to the 10.x.x.x IPs anyway. Your
> Provider
> can fix this with a simple filter rule either provisioned into each
> cable
> modem or on the CMTS. It has always been good practice to separate
> Customer
> networks and Management networks (to which the 10.x.x.x Modem IP's
> belong).
> That is not cable modem specific. Write an advisory about your Cable
> Provider
> acking proper security measures, not about the cable modem :)

---------------------------------------------------

Do you relly think that if you connect to (10.x.x.x) on port 80 and
cablemodem reset
is not a DOS?
I understand that could be becouse of a default misconfiguration, but
i'm very sure
that RCA vendors dont want the cablemodem reset when you connect to it.
And I think that by default cablemodem  must have 2 separated devices.

If I'm wrong please let me know.

Regard, Gabriel A. Maggiotti