RE: Comcast Cable Setup Security Issue

From: Burton M. Strauss III (BStrauss_at_acm.org)
Date: 07/20/04

  • Next message: Dave Dyer: "RE: Minimum password requirements" 
    To: <security-basics@securityfocus.com>
Date: Tue, 20 Jul 2004 15:56:46 -0500

    I realize these aren't good ways to run for the long term.

    However, I've done lots of trouble shooting and problem resolution in my
    day. The key questions are always "what did you change" and "what
    complexity can we remove to eliminate it as the cause". That's what they're
    doing...

    The fact that they are clueless idiots isn't relevant for THIS part of the
    discussion.

    I've also, sadly, got lots of experience w/ making these types of service
    calls and these simple steps - disable firewalls, connect directly to the
    modem - do solve more problems than you think.

    Face it: If the ISP can isolate it to something they don't support, such as
    your firewall, then they can direct you to contact the right party.

    (even if it's me to support my own broken Linux firewall script :-( )

    -----Burton

    > -----Original Message-----
    > From: Steve Hillier [mailto:securityfocus@mastermindtoys.com]
    > Sent: Monday, July 19, 2004 5:17 PM
    > To: security-basics@securityfocus.com
    > Subject: RE: Comcast Cable Setup Security Issue
    >
    >
    > I have e3xperience similar problems here in Canada with Rogers Cable.
    > Every time you deal with tech support, one of the first things they ask
    > you is to disable any personal firewall software you have installed for
    > the duration of the support call. I was also asked to make sure my
    > computer was connected directly to the cable modem, not through my
    > router.
    >
    > To add to their sins, Rogers has just recently teamed up with Yahoo! to
    > provide mail and personal webspace services. This is all fine and good,
    > except that you cannot access any of their services on-line unless you
    > use Internet Explorer or Netscape. So poor Opera users like myself are
    > stuck using an unsecure browser to view our email and maintain our
    > accounts on the web. (Once I get a little less frustrated, I think I'll
    > download Firefox and see if that makes a difference.)
    >
    > Needless to say, I'm not pleased with Rogers, their "technical" support,
    > or their decision to alienate some of their more web-savvy users. I like
    > to think that I do a good job keeping my machine secure from all the wee
    > beasties on the Internet, but help like I get from Rogers doesn't make
    > my job any easier.
    >
    > Guess I'll just have to switch ISPs.
    >
    > sph
    >
    >
    > > -----Original Message-----
    > > From: Gandalf The White [mailto:gandalf@digital.net]
    > > Sent: Sunday, July 18, 2004 10:14 p
    > > To: security-basics@securityfocus.com
    > > Subject: Comcast Cable Setup Security Issue
    > >
    > >
    > > Greetings and Salutations:
    > >
    > > I am beginning to get a feel for why Comcast is at the top of
    > > the list for zombie spam boxes.
    > >
    > > I just set up an account for a friend who had a connection on
    > > the Comcast cable network.
    > >
    > > The instructions on the included CD-ROM (as soon as the CD
    > > started up) was to turn off all Anti-Virus and Firewall
    > > software on the computer. I called up Comcast tech support
    > > and told them that I was I was nervous about doing this, but
    > > I was assured that my computer would *only* be talking to the
    > > Comcast activation server. Lets just ignore that the
    > > computer would be talking to all the other machines on my
    > > local cable segment also.
    > >
    > > I had a router with firewall in between the computer and the
    > > Comcast network so I went ahead and deactivated the
    > > anti-virus and firewall software on the computer.
    > >
    > > I got half way through the activation and all of the sudden
    > > the process dies. Claimed I could not reach the HTTPS server
    > > or that I had not activated within the time allowed. I tried
    > > everything to start up the process again with no success.
    > >
    > > Called Comcast tech support. The tech (he was very efficient
    > > and nice) told me to DISCONNECT THE COMPUTER FROM THE ROUTER
    > > AND PLUG THE COMPUTER DIRECTLY INTO THE CABLE MODEM. This
    > > made me EXTREMELY nervous. I now have a computer (that was
    > > patched and up to date of course) ... BUT ... The antivirus
    > > and personal firewall software was PURPOSEFULLY turned off.
    > > By Comcast instructions. He walked me through connecting to
    > > the Comcast website and finishing up the activation steps. I
    > > tried (in the middle of his instructions) to ask if I could
    > > hook back into my router for a modicum of protection and was
    > > told no, I had to finish the setup.
    > >
    > > When I finished the setup (again, he was very nice and
    > > pleasant) I rebooted, hooked the computer back to the
    > > router/firewall, verified my antivirus and firewall were
    > > working and indeed everything worked fine.
    > >
    > > Being a computer / security professional I was (of course)
    > > thinking about all the very bad things that could happen to
    > > this computer while following Comcast's instructions.
    > >
    > > I know (and I think it is almost criminal) that many cable
    > > companied hook PC's up to a cable modem *all the time*
    > > without antivirus / firewall / updates / any kind of
    > > protection. But you would think that an installation would
    > > not require you to take away any kind of protection that a
    > > computer has. I can see some overzealous PC owner deleting
    > > the anti-virus and firewall software just to get their cable
    > > modem working.
    > >
    > > Ken
    > >
    > > ---------------------------------------------------------------
    > > Do not meddle in the affairs of wizards for they are subtle
    > > and quick to anger. Ken Hollis - Gandalf The White -
    > > gandalf@digital.net - O- TINLC WWW Page -
    > > http://digital.net/~gandalf/ Trace E-Mail forgery -
    > http://digital.net/~gandalf/spamfaq.html
    > Trolls crossposts - http://digital.net/~gandalf/trollfaq.html
    >
    >
    > ------------------------------------------------------------------------
    > ---
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
    > off
    > any course! All of our class sizes are guaranteed to be 10 students or
    > less
    > to facilitate one-on-one interaction with one of our expert instructors.
    >
    > Attend a course taught by an expert instructor with years of
    > in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    > skills
    > of an Ethical Hacker to better assess the security of your organization.
    >
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > ------------------------------------------------------------------------
    > ----
    >
    >
    >
    >
    > ------------------------------------------------------------------
    > ---------
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get
    > $545 off
    > any course! All of our class sizes are guaranteed to be 10
    > students or less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab.
    > Master the skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > ------------------------------------------------------------------
    > ----------
    >

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Dave Dyer: "RE: Minimum password requirements"

    Relevant Pages

    • Re: Legal? Road Runner proactive scanning.
      ... relay checking. ... I think it's time to block 'em at the firewall, ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: Comcast Cable Setup Security Issue
      ... Comcast Cable Setup Security Issue ... By Comcast instructions. ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: Novice asks "OpenBSD best firewall?"
      ... Is there any purchaseable firewall software that I can buy that works ... > OpenBSD. ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: firewall setup
      ... 1- Check your 3 boxes have the FW as their GW (assuming internal FW's NIC ... >firewall and still keep their names. ... >Ethical Hacking at the InfoSec Institute. ... >pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: firewall setup
      ... If you're using a Linux firewall I suggest leaving the ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)