RE: ISP reconfiguring cable modem?

From: Tony Kava (securityfocus_at_pottcounty.com)
Date: 06/02/04

  • Next message: Kelly Martin: "SecurityFocus new column announcements" 
    To: security-basics@securityfocus.com
Date: Wed, 2 Jun 2004 16:47:07 -0500

    On 1 June 2004, David Schwendinger wrote:

    > I think an equally important question besides the "is it technically
    > possible" is: Is it or should it be legal for ISPs to reconfigure
    > equipment belonging to its subscribers, let alone doing it without
    > telling them about it?

    I think this has been hit on already, but I wanted to chime in as I was
    formerly employed by a cable modem ISP.

    Of course the TOS will allow your ISP to modify that modem's configuration
    at will. It is more polite to contact customers if they are singled out
    individually or at least post a clearly written policy / notice to explain
    how your company handles instances where you must stop or modify a user's
    internet service.

    The cable modem receives its configuration by TFTP when it boots. There are
    some SNMP variables that can be set remotely, but for the most part
    everything is set by the config file it downloads using TFTP. The config
    file is actually setting values for a number of OIDs (like a batch snmpset).
    For those interested in what the configurations can look like, the 'docsis'
    project has an open source tool and examples for generating config files
    from text file configurations. See http://tinyurl.com/2xbyt

    If my recollection is correct, you have the ability to setup port filtering
    and traffic rules in the cable modem configuration. You might, for example,
    prevent outgoing traffic destined for port 25 (other than to your mail
    servers) to keep viruses and spammers from wreaking havoc. This can keep
    that traffic from even traversing your cable plant. Of course there is
    always the option of blocking this traffic at any of the routers or
    firewalls along the way.

    If you detect a problem coming from one of your users' modems you would only
    need to change their modem's config filename (typically on your DHCP/BOOTP
    server) then issue a reset command to that modem. The reset can be
    accomplished by either using an SNMPset (best method for most modems) or by
    issuing a reset from the CMTS. I have found that with some modems the
    CMTS-issued reset did not always do the job.

    The modem will reboot and obtain the new configuration. I should hope that
    your ISP would contact you, but if your company is as large as Comcast, and
    your problem is as acute as theirs, they may not be able to do so. They
    could, however either send an e-mail (assuming they don't completely disable
    the user) or force the user's HTTP requests to a web page that explains what
    has happened to their access and provides a method of resolution.

    I would be interested to see how Comcast handles this issue. Internet users
    tend to be very defensive (and sometimes brutal) when you take away their
    internet access, especially if they are misusing it. I've spoken with more
    than one spammer after blocking their ability to send e-mail. When you
    explain that their deeds cause undue load on your mail servers their
    response is invariably that your company should have purchased additional
    servers just to handle their 'marketing'. Most spammers (and on another
    topic, day traders) insist that they are losing hundreds of thousands of
    dollars for every minute they are without service. 

    --
Tony Kava
Senior Network Administrator
Pottawattamie County, Iowa
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
  • Next message: Kelly Martin: "SecurityFocus new column announcements"

    Relevant Pages

    • Re: IIS6 - Response Buffer Limit Exceeded
      ... IIS does not "randomly reset configuration values". ... We are load balancing web servers and once in a while one of the ...
      (microsoft.public.inetserver.iis)
    • Re: How to send a fax from a scanned document?
      ... Hal Hostetler, My document shows on the Window Picture And Fax Viewer. ... does the Send Fax Wizard start? ... Configuration Wizard" and fill in the blanks as appropriate. ... the problem may be that your modem is not ...
      (microsoft.public.windowsxp.print_fax)
    • Re: How to send a fax from a scanned document?
      ... Configuration Wizard" and fill in the blanks as appropriate. ... the problem may be that your modem is not ... Properties, on Hardware tab, click "Device Manager"). ... To the moon and back with 64 Kbits of RAM and 512 Kbits of ROM. ...
      (microsoft.public.windowsxp.print_fax)
    • Re: /usr/sbin/adsl-start: line 217: 13409 Terminated
      ... i have configured ppp0 interface by using pppoe-setup command ... i am using same modem with the same modem ... Reinstalling Linux rarely fixes Linux, ... I am using Linksys AM300 ADSL modem, checked modem configuration & ...
      (Fedora)
    • Re: Dialup
      ... > Network Configuration - ... >> You can log on as root by using the username ... > hardware Modem shows up ... configure the settings and ...
      (Fedora)
    Loading