RE: Comcast Cable Setup Security Issue

["BUGTRAQ" <bugtraq () telemussolutions com>]

I have comcast and did not run anything like what was mentioned below.  I
can use any cable modem I want provided I give Comcast the MAC address (and
a day or two to get it updated in the system). 

-----Original Message-----
From: dave kleiman [mailto:dave () isecureu com] 
Sent: Tuesday, July 20, 2004 3:25 AM
To: security-basics () securityfocus com
Cc: 'Gandalf The White'
Subject: RE: Comcast Cable Setup Security Issue

Ken,

You actually have to install software to utilize Comcast's cable network?

So in your scenario, where you removed the Router installed and reconnected,
if you add/switch computers behind the router do you have to
install/reinstall?

You have no option to use your own cable modem?

Vote Adelphia, and no I do not work them.



______________________________________
Dave Kleiman, CISSP, CISM, CIFI, MCSE
www.SecurityBreachResponse.com




-----Original Message-----
From: Gandalf The White [mailto:gandalf () digital net]
Sent: Sunday, July 18, 2004 22:14
To: security-basics () securityfocus com
Subject: Comcast Cable Setup Security Issue

Greetings and Salutations:

I am beginning to get a feel for why Comcast is at the top of the list for
zombie spam boxes.

I just set up an account for a friend who had a connection on the Comcast
cable network.

The instructions on the included CD-ROM (as soon as the CD started up) was
to turn off all Anti-Virus and Firewall software on the computer.  I called
up Comcast tech support and told them that I was I was nervous about doing
this, but I was assured that my computer would *only* be talking to the
Comcast activation server.  Lets just ignore that the computer would be
talking to all the other machines on my local cable segment also.

I had a router with firewall in between the computer and the Comcast network
so I went ahead and deactivated the anti-virus and firewall software on the
computer.

I got half way through the activation and all of the sudden the process
dies.  Claimed I could not reach the HTTPS server or that I had not
activated within the time allowed.  I tried everything to start up the
process again with no success.

Called Comcast tech support.  The tech (he was very efficient and nice) told
me to DISCONNECT THE COMPUTER FROM THE ROUTER AND PLUG THE COMPUTER DIRECTLY
INTO THE CABLE MODEM.  This made me EXTREMELY nervous.  I now have a
computer (that was patched and up to date of course) ... BUT ... The
antivirus and personal firewall software was PURPOSEFULLY turned off.  By
Comcast instructions.  He walked me through connecting to the Comcast
website and finishing up the activation steps.  I tried (in the middle of
his instructions) to ask if I could hook back into my router for a modicum
of protection and was told no, I had to finish the setup.

When I finished the setup (again, he was very nice and pleasant) I rebooted,
hooked the computer back to the router/firewall, verified my antivirus and
firewall were working and indeed everything worked fine.

Being a computer / security professional I was (of course) thinking about
all the very bad things that could happen to this computer while following
Comcast's instructions.

I know (and I think it is almost criminal) that many cable companied hook
PC's up to a cable modem *all the time* without antivirus / firewall /
updates / any kind of protection.  But you would think that an installation
would not require you to take away any kind of protection that a computer
has.  I can see some overzealous PC owner deleting the anti-virus and
firewall software just to get their cable modem working.

Ken



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------