Security Basics mailing list archives
RE: ISP reconfiguring cable modem?
From: Tony Kava <securityfocus () pottcounty com>
Date: Thu, 3 Jun 2004 09:21:51 -0500
On 3 June 2004, Joshua M. Jones wrote:
Let me throw this scenario at you folks. What if you owned your own cable modem and the ISP DID modify your modem such as flashing the firmware? I have a good example of that. The Motorola has a way of uncapping or editing your config file as you will. What legal rights does the ISP have upgrading a personal modem that bought from an online store? That would be another interesting topic to discuss as I am sure many ISP's are implementing their own ways to prevent abusers stealing more bandwidth.
This is an important topic. While the ISP does not have to update your modem's firmware to change its restrictions, some modems have shipped with bugs that allowed the user to mess with their configuration. I recall (and was able to duplicate) an issue with older Com21 modems wherein the modem would attempt to boot from the ethernet port. If you could get it to successfully boot from the ethernet port you would have complete control of the modem. The ISP I worked at only allowed its own modems on the network so that made this a non-issue. It is my understanding that ISPs do update firmware of modems that have been purchased elsewhere. I can understand their desire to protect their network, but I am a fan of informing the customer. Their TOS probably covers this somewhere, but most customers will not read their TOS or at most only skim over it. A couple years ago I was able to use SNMP tools to gather statistical data about my cable modem. Cox had allowed read-only access to my modem using the 'public' community name. One day my graphs stopped working. Cox had disabled SNMP access to a modem that I owned (it was not provided by them). Better yet, when I e-mailed or called Cox no one would admit that anything was changed. Instead I was usually told that was I was trying to do was against the rules. The problem I had with this is that they removed access to my own piece of equipment. They have the argument that it is on their network, but I was not notified of a change nor would they admit to the change when I initially spoke with their tech support representatives. Eventually they told me that the change was to prevent people from stealing service. Although SNMP access does provide you with some important configuration information (TFTP server, frequencies), all of this information is available by the web interface on most newer modems including mine. If you are still reading after your rambling, I can tell you that there are at least a few easy ways to tell if your customers are messing around with their modems. I had scripts that ran multiple times each day. The scripts would enumerate our modems from the CMTS, check the bandwidth limits on the modem using SNMP, and generate a log of modems that did not match the service for which they were paying. Of course, if someone uncaps their modem they will probably disable SNMP access to hide this fact. That's why I also logged modems that did not respond to SNMP. The other time-tested method is to meter the bandwidth usage of your modems (all or maybe a suspicious subset). When you measure usage that exceeds their bandwidth limitations you investigate. I apologize for being so long-winded in my reply. The points I wanted to make are that 1. ISPs do have methods of detecting abuse without being invasive and 2. I personally dislike ISPs that are not upfront with customers or quietly make changes to customer-owned equipment. -- Tony Kava Senior Network Administrator Pottawattamie County, Iowa --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: ISP reconfiguring cable modem? David Gillett (Jun 01)
- <Possible follow-ups>
- RE: ISP reconfiguring cable modem? David Schwendinger (Jun 01)
- RE: ISP reconfiguring cable modem? Burton M. Strauss III (Jun 02)
- RE: ISP reconfiguring cable modem? Tony Kava (Jun 02)
- RE: ISP reconfiguring cable modem? Tony Kava (Jun 03)
- RE: ISP reconfiguring cable modem? Joshua M. Jones (Jun 03)