Re: DOCSIS vulnerability

["Matthew S. Hallacy" <poptix () techmonkeys org>]

On Tue, Mar 12, 2002 at 11:49:22AM +0100, Rense Buijen wrote:
> Maybe your posts were rejected because this is very old news.
> This is known for ages, I have such a cable modem and indeed you can get
> the config file by TFTP; decode, alter, encode and upload it, but the
> ISP's are not stupid and most of the time this is NOT how they cap your
> cable modem, they throw traffic into a packeteer or use other methods to
> squeeze your bandwidth.

Interesting, I did not find anything like the url below via google searches,
as for the ISP's, this is how they're limiting bandwidth. I know for a fact
that it's possible on AT&T's network, as well as Charter Communications.

Then again, AT&T can't even figure out BGP or DNS. AT&T proudly implements
the SVRP(Scenic View Routing Protocol).

> All the info can be gathered by a tool like this:
> http://www.weird-solutions.com/_bin/bootpq.exe

It was much simpler for me, AT&T leaves the read community as 'public'.

> And a simple google search shows up hundreds of articles explaining how
> you can "hack" DOCSIS cable modems, unfortunately (unless you have a
> completely clueless provider) all these tricks wont work.
>
> E.g: http://lists.wi2600.org/pipermail/2600/2001-October/008668.html

What search terms did you use?

> Which dates from October 2001.

A few months after I found it =)

> (I tried it but my isp squeezes on the other end of the pipe, some
> things that you can alter though is bypass restrictions of how many
> computers could be connected right into the modem)

I find it disgusting (again and again) that ISP's can be this stupid.

 
> With kind regards,
>
> Rense