Security Basics mailing list archives
Re: Comcast Cable Setup Security Issue
From: James Kelly <jim () essistants com>
Date: Tue, 20 Jul 2004 14:47:33 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't know what was up with this guys set up... this is what you get for following the instructions. I just plugged in my cable modem, plugged that into my home made linux router.... then from there plugged the internal nic into my switch. I proceeded to throw that cd away. As far using your own modem, yeah I bought mine. You just have to call them and give them some info in regards to the modem. All in all I have had good experiences with comcast. Jim dave kleiman wrote: | Ken, | | You actually have to install software to utilize Comcast's cable network? | | So in your scenario, where you removed the Router installed and reconnected, | if you add/switch computers behind the router do you have to | install/reinstall? | | You have no option to use your own cable modem? | | Vote Adelphia, and no I do not work them. | | | | ______________________________________ | Dave Kleiman, CISSP, CISM, CIFI, MCSE | www.SecurityBreachResponse.com | | | | | -----Original Message----- | From: Gandalf The White [mailto:gandalf () digital net] | Sent: Sunday, July 18, 2004 22:14 | To: security-basics () securityfocus com | Subject: Comcast Cable Setup Security Issue | | Greetings and Salutations: | | I am beginning to get a feel for why Comcast is at the top of the list for | zombie spam boxes. | | I just set up an account for a friend who had a connection on the Comcast | cable network. | | The instructions on the included CD-ROM (as soon as the CD started up) was | to turn off all Anti-Virus and Firewall software on the computer. I called | up Comcast tech support and told them that I was I was nervous about doing | this, but I was assured that my computer would *only* be talking to the | Comcast activation server. Lets just ignore that the computer would be | talking to all the other machines on my local cable segment also. | | I had a router with firewall in between the computer and the Comcast network | so I went ahead and deactivated the anti-virus and firewall software on the | computer. | | I got half way through the activation and all of the sudden the process | dies. Claimed I could not reach the HTTPS server or that I had not | activated within the time allowed. I tried everything to start up the | process again with no success. | | Called Comcast tech support. The tech (he was very efficient and nice) told | me to DISCONNECT THE COMPUTER FROM THE ROUTER AND PLUG THE COMPUTER DIRECTLY | INTO THE CABLE MODEM. This made me EXTREMELY nervous. I now have a | computer (that was patched and up to date of course) ... BUT ... The | antivirus and personal firewall software was PURPOSEFULLY turned off. By | Comcast instructions. He walked me through connecting to the Comcast | website and finishing up the activation steps. I tried (in the middle of | his instructions) to ask if I could hook back into my router for a modicum | of protection and was told no, I had to finish the setup. | | When I finished the setup (again, he was very nice and pleasant) I rebooted, | hooked the computer back to the router/firewall, verified my antivirus and | firewall were working and indeed everything worked fine. | | Being a computer / security professional I was (of course) thinking about | all the very bad things that could happen to this computer while following | Comcast's instructions. | | I know (and I think it is almost criminal) that many cable companied hook | PC's up to a cable modem *all the time* without antivirus / firewall / | updates / any kind of protection. But you would think that an installation | would not require you to take away any kind of protection that a computer | has. I can see some overzealous PC owner deleting the anti-virus and | firewall software just to get their cable modem working. | | Ken | | | |- ---------------------------------------------------------------------------
| Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off | any course! All of our class sizes are guaranteed to be 10 students or less | to facilitate one-on-one interaction with one of our expert instructors. | Attend a course taught by an expert instructor with years of in-the-field | pen testing experience in our state of the art hacking lab. Master the skills | of an Ethical Hacker to better assess the security of your organization. | Visit us at: | http://www.infosecinstitute.com/courses/ethical_hacking_training.html |- ----------------------------------------------------------------------------
| | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA/WjE3IzKSZsd6+oRAtwgAKDE2iyXXaJXZ8D++wGMjpITkojeQgCfecOZ ocYAFQFJMHQmzMqTvl8ZM0w= =zpa1 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- Comcast Cable Setup Security Issue Gandalf The White (Jul 19)
- RE: Comcast Cable Setup Security Issue dave kleiman (Jul 20)
- Re: Comcast Cable Setup Security Issue James Kelly (Jul 21)
- RE: Comcast Cable Setup Security Issue BUGTRAQ (Jul 21)
- RE: Comcast Cable Setup Security Issue dave kleiman (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- RE: Comcast Cable Setup Security Issue Burton M. Strauss III (Jul 21)
- Re: Comcast Cable Setup Security Issue Calvin Maready (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- RE: Comcast Cable Setup Security Issue Michael Cecil (Jul 21)
- RE: Comcast Cable Setup Security Issue dave kleiman (Jul 20)
- RE: Comcast Cable Setup Security Issue Steve Hillier (Jul 20)
- RE: Comcast Cable Setup Security Issue mike (Jul 21)
- RE: Comcast Cable Setup Security Issue Burton M. Strauss III (Jul 21)