security concerns with cable splitters

[NSweaney at tulsacash.com (Nathan Sweaney)]

All sensitive data is encrypted, but I'm concerned that if the attacker
is able to intercept/inject packets, he could infiltrate the system
using something like BeEF of any old exploit that would then let him
pivot & attack the data from the inside before it gets encrypted.

Also, while this particular occasion prompted the question, I'm also
interested just in general.  If I tap into my coax at home in front of
my modem, can I see anything?  How would I go about trying?  Can my
neighbors view my stuff?  


-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Chris
Frederick
Sent: Thursday, April 02, 2009 2:52 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] security concerns with cable splitters

Nathan Sweaney wrote:
> The crazy thing is that the customer actually considerd the security
implications and asked ahead of time.  

April 1st was yesterday. ;)

> So my question is, if an intruder had uninhibited access to the coax 
> that was split off upstream from the cable modem, is there anything 
> they can do with it?

I would assume that anything that is plugged in front of the modem would
be able to sniff all traffic going through the line.  However, any
router/server/firewall that the traffic goes through on the internet can
also do this.  This is why all the credit card processing is wrapped in
ssl (I would hope).  If you are worried about sniffed traffic, I would
concentrate more on securing the traffic (ssl/vpn/etc...) rather than
focus on any single point of compromise to the line.

If you are worried about a DOS, if they DOSed your cable line it would
probably affect a wide area (everyone connected to your feed at the end
of the block) so it would probably be noticed and fixed within a few
hours.

That's my two cents...

Chris

P.S.  I also have a funny story related to this.

I have a MythTV box that had a failing capture card, rather than replace
the card, I "pulled a Larry" and soldered two signal boosters directly
to the coax lead on the card.  I had to leave about inch and a half
unshielded due to the narrow working space.  The extra juice and the
unshielded segment began broadcasting the signal over the air.  After
several months, I moved from suburbia, to a "small town".  A few weeks
later I had a semi-angry cable guy knock on the door complaining that
the small airplanes landing a few miles down the highway were picking up
the signal and were complaining about the interference.  I asked why it
wasn't an issue in the suburban location, and he said the noise ratio in
the cities are a lot higher and more difficult to track down so they
just adjust the tolerance to cope with the higher interference.  So in a
suburban/city environment, less then $30 at home depot can broadcast
your cable signals several hundred feet, and go unnoticed for quite a
while.  ;)

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com