RE: ISP reconfiguring cable modem?

["Yvan Boily" <yboily () seccuris com>]

You really need to read the DOCSIS standards to get a handle on how cable
modems work.

Most cable modems are assigned a configuration via a file transferred from a
TFTP server (At least they were a few years ago...)

The cable plant runs on a separate address space and is not directly
addressable (if configured properly) from the computer connected to the
cable modem.

When you agree to the terms of service you agree to the configuration
provided by the service provider.  Tampering with the provided configuration
settings constitutes theft of service, and is punishable by heavy fines and
possibly jail time depending on where you are.

For more info see http://www.cablelabs.com


> -----Original Message-----
> From: Paul Kurczaba [mailto:paul () myipis com] 
> Sent: Thursday, May 27, 2004 2:12 PM
> To: security-basics () securityfocus com
> Subject: ISP reconfiguring cable modem?
>
> On this ZDNet article
> (http://zdnet.com.com/2100-1107_2-5218720.html?tag=zdaresources), it
> mentions that to help prevent spam, comcast could remotely 
> reconfigure the
> cable modem if it sees that user is sending out a bunch of 
> spam. How is it
> possible to remotely configure the cable modem? Would it be a 
> TCP/IP or
> cable signal that would reconfigure the modem? If it is 
> TCP/IP, couldn't a
> hacker screw up the modem? If it is a cable signal, what 
> happens if the
> cable user bought the modem at best buy or compusa (it wouldn't be ISP
> specific)
>
> -Paul Kurczaba
>
>
>
> --------------------------------------------------------------
> -------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and 
> get $545 off 
> any course! All of our class sizes are guaranteed to be 10 
> students or less 
> to facilitate one-on-one interaction with one of our expert 
> instructors. 
> Attend a course taught by an expert instructor with years of 
> in-the-field 
> pen testing experience in our state of the art hacking lab. 
> Master the skills 
> of an Ethical Hacker to better assess the security of your 
> organization. 
> Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------
> --------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------