Hackers Nab Free 30Mbps Service > Hope Virgin Media isn't blowing smoke

reply to Warez_Zealot

Re: Hope Virgin Media isn't blowing smoke

Good post Digifalls.

reply to Digifalls
I'd be upset if I were one of the people you were temporarily disconnecting to find him. Did they get some type of credit for the outage?

reply to Digifalls
that's a cool story,

but 10 megs was crippling a node? that's kinda weak,

lemme guess you worked for buckeye eh?
--
At first I thought everyone on the highway was drunk but then I realized I was driving in Florida

reply to hamburglar_

reply to Frank

reply to Frank
Yeah, I gotta call BS on that one. 10/10 should in no way cripple a node. If 10 megs down or up at any time can cripple a node, and Comcast doles out 16mbit service + Powerboost so it's more like 22, then I feel sorry for the neighbors of the one guy who actually USES his connection.

I remember a year ago when I was on shaws 6 MB down, 1 MB up pakage... I was told I was kicking users off by doing 300-400 GB a month and saturating the node through BT (They said upload was causing errors, as cable can only do so much upload before it gets to be a problem). I believe 10 up would kill a lot of peoples connections.

What I don't believe is the cops busting the guys door down. Unhooking peoples wire, and seeing the guys net go down, isnt proof enough for a warrant...especially not for something like Cable theft. At most, they'd have d/c'd his wire, and watched his house in the future if any problems arose in the future.

reply to hamburglar_

reply to TraunaJ
This must have been well coordinated with 20 techs all unplugging stuff at the same time. And yes, with my phone service now relying on cable, I would expect at least a knock on the door to let me know what was going on. Maybe not an adjustment, but some communication.

reply to djrobx
Precisely! With what was apparently going on, I doubt you'd even notice your modem going offline for a mere 60 seconds with this guy's smart tactics practically hammering the whole node to death.

reply to PapaMidnight
10 Mbps UP, or the full bandwidth on DOCSIS 1.1. Make sense now?

reply to Ikarasu
As if cops haven't abused their power before.

reply to hamburglar_
you can't knock on the door and say you're going to work on the cable if you're trying to find someone stealing cable/internet services.

if you need that much up time you need to move back to POTS. OH wait! they'd disconnect you too without telling you if they needed to.

reply to Digifalls
So, the moral of the story: If you're going to steal cable service, make sure you stay under the radar of the company (eg. Don't hurt your node) and nobody will come and look for you?
--
Xenophase - British Columbia's premier online gaming community.

reply to Frank

reply to Digifalls
I designed an entire cable plant and system, and never did I see this happen. We did however did see a single modem inject noise into the system requiring we track it down. It may depend on the technology being used, but there are several ways to detect and "void" a non authorized modem. So if the cable operator did not implement security features then shame on them.

The modem HAS to download the proper file and certificate from the CMTS every single time it comes online. If a MAC comes online and there was not the security certificate exchange and file download then it is blocked. The file name changes constantly and the certificate is updated on occasion.

Second, there are plenty of hardware vendors that allow monitoring and blocking if a modem goes over its speed. Blocked if they exceed it.

Third, there are cloning detection methods. It is easy to do if you follow the pattern of how a mac is cloned.

There are a bunch of other methods that if implemented and watched, can eliminate this problem near 100%.

I just think that the cable provider you worked for used crappy hardware, bad security schemes, or just plain incompetence overall with how they operate. And I feel the same way about Virgin... in there upgrade "mode" I think they just let security go out the window.

You can also track a modem a lot easier without sending out techs. It really depends on the amps you use. It is really easy to track which node they are on. Then, track what AMP they are using. You can even sometimes just "ask" the modem some questions using SNMP and other methods (not usually, but "hackers" get sloppy). So you start sending messages and getting replies from the modem, go amp by amp (if you can talk to these amps, IE they are modern and configured to do so, you do not have to go anywhere), then once you get down to the amp you can look at power level to and from the modem then narrow it down to a specific TAP. Then, you may have to deal with maybe 8 customers depending on tap type. If your company uses high pass filters (this one did by design, I requested it on all non-internet customers) then you only have to worry about customers that have internet service. So then you are down to maybe 4 if that. Then disconnect them (or just "listen" to the line, but it is alot easier to just unhook them at this point).

All the above is done by sending 1 tech out for less than 10 minutes. However, it may take an hour or more to find them at from the data center/NOC/office... Properly designed cable systems function properly. Poor or lax design gets what you see with Virgin.

reply to hamburglar_
Don't have to tell you a single thing. MANY areas have a provision that you can most certainly take the service down before prime time (usually 5pm) with NO notice and with out an emergency requiring the down time. Further, you're not entitled to an outage credit until you reach a certain amount of time, usually 4 hours.

I really doubt that 60 seconds qualifies the end of the world and a credit for you. Also, don't you think you're being a little dramatic here? Cell phone calls drop all the time. So if you dropped a land line call, in terms of credit amount, you'd be talking about $0.20 for your time. However, that's just an example of what you'd get from a cell phone provider, if any. If your phone service is 3rd party VoIP over your cable.. your SOL..

Expectations and reality are two different things,.. there's NO way in the world you'd get a knock on the door when they're trying to find someone stealing service which would be, so you know, AFFECTING YOUR SERVICE including your telephone service.

Besides, who's to say that you could be the one they're looking for.. still think they need to knock on the door?

Little less dramatics next time.

reply to Frank
If it was a Docsis 1.X plant remember that the upload limit is only 9Mbps for the entire channel. Even for D2 upload is only 27Mbps, so taking over a 1/3 of the bandwidth would cause some serious issues during prime time.

On the other hand, anyone dumb enough to be doing this 24/7 from the same location deserves to get caught. If he had just limited himself to off peak hours, odds are pretty high they never would have bothered to track him down(not worth the effort).

Edit: guess I am a little slow today.

reply to keyboard5684
keyboard5684

With the modified firmwares on the modems it does NOT have to download the proper files. The firmwares shuts off the anti sniff filters, then it is a relatively easy thing to grab the certificate and mac of several modems(just takes time). Once you have enough it is really not the hard to recreate the algorithm. One does have to stay within the parameters of the account of the Mac you have cloned, but most systems have business accounts that have the high upload provisioning.

You can get close as you described, assuming the field techs have followed procedure (a lot do not). But as I stated in the earlier post, if you are not doing this in prime time it is usually not worth the ISPs time to track it down. Just look at the number of people who pirate regular cable. When they could not get my line cleaned up last spring, they went through every connection. There were over 90 houses pirating cable just between me and the node (removing them did a great job cleaning the signal).