OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Laurence Brockman (l.brockmanvideon.ca)
Date: Wed Feb 06 2002 - 10:34:55 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    In the states many companies will let you buy DOCSIS modems, here in Canada
    however, most Cable ISP's are not at that stage currently. Some have
    implemented DOCSIS on their networks (Including the one that I work for).

    The way the modems are throttled are by config files (And possibly via SNMP
    management as well), so to unthrottle the modem (And the modems should be
    capable of 10mbps both directions if not more) you would need to replace the
    modems config file.

    However, attempts to hack the config file and replace it with your own can
    be very difficult (Not saying it's not doable, but in all my trying on our
    network I haven't been able to). They have shared encrypted secrets in the
    DOCSIS config files, so even if you do manage to replace the config file on
    your modem with another one (Very difficult to do) the cable router will not
    accept the modem because the shared secret does not match.

    Also, the config file is specified on boot up by the Cable ISP's DHCP server
    (It should specify the TFTP server and the config file to download). So the
    challenge is, to spoof the DHCP server responses and force the modem to
    download a config file from your TFTP server.

    The problem with this, is that most cable routers have a DHCP helper IP
    address that they will forward the DHCP requests to, so it becomes very
    difficult to spoof the DHCP responses because you will never see the
    requests on either the ethernet side of your modem or the requests of other
    modems.

    It would be interesting to see what people come up with.

    Anyways, this is from experience working as a Unix admin on a cable network
    and not from reading any standards, etc so our implementation might be a
    little different the others.

    Laurence

    ----- Original Message -----
    From: "Blue Boar" <BlueBoarthievco.com>
    To: "Russell Handorf" <rhandorfmail.russells-world.com>
    Cc: <vuln-devsecurityfocus.com>
    Sent: Tuesday, February 05, 2002 10:52 PM
    Subject: Re: chaging your home IP address... could you take a bunch
    ofthem....probably... could you get something from it...maybe

    > Russell Handorf wrote:
    > >
    > > Jon is correct- the speed is determined via the modem. Back when
    > > excitehome was compromised by adrian lamo, I was privy to such access
    as
    > > well. On the computer havoc.corp.home.net there lay the 'help desk'
    > > interface, where the users settings were editable. I distinctly remember
    > > the speed being an editable option for the modems. However the only way,
    to
    > > my current knowledge, it to edit this information on the ISP side-
    still. I
    >
    > Ultimately, if the box is in your house, it's only a matter of how much
    > time you want to spend hacking it, and the agreement between yourself and
    > your provider.
    >
    > I do believe that many cable providers will allow their customers to
    > buy their own docsis compliant modems, no? I understand the config file
    > will come
    > from the ISP, of course. Well, the original config file...
    >
    > BB
    >