RE: ISP reconfiguring cable modem?
From: Joshua M. Jones (jjones_at_isgwichita.com)
Date: 06/03/04
- Previous message: acrypto_at_comcast.net: "RE: Outlook Web Access"
- Maybe in reply to: David Schwendinger: "RE: ISP reconfiguring cable modem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Jun 2004 08:11:13 -0500 To: "Tony Kava" <securityfocus@pottcounty.com>, <security-basics@securityfocus.com>
Let me throw this scenario at you folks. What if you owned your own
cable modem and the ISP DID modify your modem such as flashing the
firmware? I have a good example of that. The Motorola has a way of
uncapping or editing your config file as you will. What legal rights
does the ISP have upgrading a personal modem that bought from an online
store? That would be another interesting topic to discuss as I am sure
many ISP's are implementing their own ways to prevent abusers stealing
more bandwidth.
-----Original Message-----
From: Tony Kava [mailto:securityfocus@pottcounty.com]
Sent: Wednesday, June 02, 2004 4:47 PM
To: security-basics@securityfocus.com
Cc: 'David Schwendinger'
Subject: RE: ISP reconfiguring cable modem?
On 1 June 2004, David Schwendinger wrote:
> I think an equally important question besides the "is it technically
> possible" is: Is it or should it be legal for ISPs to reconfigure
> equipment belonging to its subscribers, let alone doing it without
> telling them about it?
I think this has been hit on already, but I wanted to chime in as I was
formerly employed by a cable modem ISP.
Of course the TOS will allow your ISP to modify that modem's
configuration
at will. It is more polite to contact customers if they are singled out
individually or at least post a clearly written policy / notice to
explain
how your company handles instances where you must stop or modify a
user's
internet service.
The cable modem receives its configuration by TFTP when it boots. There
are
some SNMP variables that can be set remotely, but for the most part
everything is set by the config file it downloads using TFTP. The
config
file is actually setting values for a number of OIDs (like a batch
snmpset).
For those interested in what the configurations can look like, the
'docsis'
project has an open source tool and examples for generating config files
from text file configurations. See http://tinyurl.com/2xbyt
If my recollection is correct, you have the ability to setup port
filtering
and traffic rules in the cable modem configuration. You might, for
example,
prevent outgoing traffic destined for port 25 (other than to your mail
servers) to keep viruses and spammers from wreaking havoc. This can
keep
that traffic from even traversing your cable plant. Of course there is
always the option of blocking this traffic at any of the routers or
firewalls along the way.
If you detect a problem coming from one of your users' modems you would
only
need to change their modem's config filename (typically on your
DHCP/BOOTP
server) then issue a reset command to that modem. The reset can be
accomplished by either using an SNMPset (best method for most modems) or
by
issuing a reset from the CMTS. I have found that with some modems the
CMTS-issued reset did not always do the job.
The modem will reboot and obtain the new configuration. I should hope
that
your ISP would contact you, but if your company is as large as Comcast,
and
your problem is as acute as theirs, they may not be able to do so. They
could, however either send an e-mail (assuming they don't completely
disable
the user) or force the user's HTTP requests to a web page that explains
what
has happened to their access and provides a method of resolution.
I would be interested to see how Comcast handles this issue. Internet
users
tend to be very defensive (and sometimes brutal) when you take away
their
internet access, especially if they are misusing it. I've spoken with
more
than one spammer after blocking their ability to send e-mail. When you
explain that their deeds cause undue load on your mail servers their
response is invariably that your company should have purchased
additional
servers just to handle their 'marketing'. Most spammers (and on another
topic, day traders) insist that they are losing hundreds of thousands of
dollars for every minute they are without service.
-- Tony Kava Senior Network Administrator Pottawattamie County, Iowa ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: acrypto_at_comcast.net: "RE: Outlook Web Access"
- Maybe in reply to: David Schwendinger: "RE: ISP reconfiguring cable modem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
