-----Mario Lorenz wrote ---------
[...]
>> If you connect to the second device (10.x.x.x) on port 80,

RCA cable
>> modem reset the user connection with inet. I proved it with my own
wan
ip 10.1.1
>> .x and with other cablemodem users IP's in the same wan. All of
them reset
>> when I remotly connect to port 80 of the cablemodems.

>This is probably more a software bug or an annoyance than a DOS
>vulnerability.
>You should not be allowed connect to the 10.x.x.x IPs anyway. Your
>Provider
>can fix this with a simple filter rule either provisioned into each
>cable
>modem or on the CMTS. It has always been good practice to separate
>Customer
>networks and Management networks (to which the 10.x.x.x Modem IP's
>belong).
>That is not cable modem specific. Write an advisory about your Cable
>Provider
>acking proper security measures, not about the cable modem :)

---------------------------------------------------

Do you relly think that if you connect to (10.x.x.x) on port 80 and
cablemodem reset
is not a DOS?
I understand that could be becouse of a default misconfiguration, but
i'm very sure
that RCA vendors dont want the cablemodem reset when you connect to it.
And I think that by default cablemodem must have 2 separated devices.

If I'm wrong please let me know.

Regard, Gabriel A. Maggiotti

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]