Chaldo
join:2008-03-18
West Bloomfield, MI
2 edits | Why they SWAT/POLICE WARRANT Well you all are saying "no way" for that? Well you must think for a second.....
There are a couple reasons this user needs to get taken down fast.
1. MAC ADDRESS CLONING: Well since he is using someones MAC address to get on the internet, what ever he is doing is going under the person who pays mac address, like bandwidth usage, but most importantly IF HE DECIDES TO HACK/DO SOMETHING ILLEGAL with that Connection the MAC will show up and they will look it up and probably bust the wrong person. So big crime is at stake here.
2. NODE/USAGE CLOG. If this Guy is cloging up his CMTS then he is affecting other peoples internet which could cost the company money (disconnects) Failure of businesses to operate on that node, a lot of things but one really important thing is VOIP. who ever is using voip will get degraded/or cut off and Phone is a very big priority its very important, what if a emergency happens and they need to call 911? There is another really big reason why they act fast.
You have to think really to these important things that have to be running because it screws up with a lot of emergency's/businesses/crime. | |
|
 Lazlow
join:2006-08-07
Saint Louis, MO | Re: Why they SWAT/POLICE WARRANT These modded modems have been around for YEARS. If it is such a problem why haven't the ISPs done something about it. Simple, except for the stupid cases (doing it during prime time), it is not worth the man hours to track them down. It is just not cost effective. | |
|
 | Chaldo
join:2008-03-18
West Bloomfield, MI | Re: Why they SWAT/POLICE WARRANT said by Lazlow:These modded modems have been around for YEARS. If it is such a problem why haven't the ISPs done something about it. Simple, except for the stupid cases (doing it during prime time), it is not worth the man hours to track them down. It is just not cost effective. Well, I know they have been out for years, but has any of them caused a problem that we are talking about right now? No, if you run one and you don't show it really by hacking/hogging the node/ or bragging or talking about it chances you won't get noticed. The cable company isn't going to waste money on tracking unless it becomes a huge problem. | |
|
| | | There are easy, electronic ways to render cloning and the majority of other DOCSIS hacking useless. It's just Virgin hasn't seemed to implement any of it yet.
Here's a 4 year old article on the subject:
»www.cable360.net/ct/operations/b···302.html | |
|
| | | said by Lazlow:These modded modems have been around for YEARS. If it is such a problem why haven't the ISPs done something about it. Simple, except for the stupid cases (doing it during prime time), it is not worth the man hours to track them down. It is just not cost effective. thats what i am sayin its not worth it i have had mine for a few mos and things are ok the only problem is scaning for macs most of charter i know blocks snmp scans | |
|
| | Lazlow
join:2006-08-07
Saint Louis, MO | Re: Why they SWAT/POLICE WARRANT The SNMP block is in the modems firmware. Change the firmware and you can turn it back on again. | |
|
| | | | | Re: Why they SWAT/POLICE WARRANT Easiest ways to shut this down is to control the speed at the CMTS and ignore what the modem is set for.
Adelphia did that YEARS ago among other things to defeat hackers when they were around. | |
|
| | | | Lazlow
join:2006-08-07
Saint Louis, MO
1 edit | Re: Why they SWAT/POLICE WARRANT ExAdelphite
You apparently do not understand how the current modded modems work. The CMTS identifies the modem by it's MAC address, the cloned modems can change their MAC address(or anything else on the modem) to whatever they want. Before the modded modem tries to connect to the CMTS it listens (SNMP) in on all the chatter that is going on in the line. When a customers modem is booting the modded modem listens in and writes everything down. After a while the modder has a pretty good collection of MACs and profiles, he can then pretend to be any of the other modems he chooses (using their profile). IF the modder is smart he will go to a different CMTS and grab MACS/profiles from that CMTS. On most systems the "watch for clone" system is on the CMTS level and not on a system wide level. On the systems that do use system wide clone watches there are other (much more complex) hacks. | |
|
| | | | | | | Re: Why they SWAT/POLICE WARRANT said by Lazlow:ExAdelphite You apparently do not understand how the current modded modems work. ...and you don't understand how extensive the anti hacking is or can get either.
Adelphia did track MAC addresses globally, they also sent out dynamic config files usable on 1 modem authorized against public key encryption. Just listing and cloning good in use MAC addresses wasn't good enough. You needed PHYSICAL access to an authorized modem to even get a chance to get the private keys since they weren't transmitted over the net, in which case you could only gain access that authorized modem had as long as it wasn't on.
Adelphia also limited direct modem to modem communication and used BPI+ to encrypt data streams too.
They didn't trust SNMP for ANY sort of security because they found early on how easy it was to get info to hack. | |
|
| | | | |  IgnitePremium,VIP
join:2004-03-18
UK | said by Lazlow:ExAdelphite You apparently do not understand how the current modded modems work. The CMTS identifies the modem by it's MAC address, the cloned modems can change their MAC address(or anything else on the modem) to whatever they want. Before the modded modem tries to connect to the CMTS it listens (SNMP) in on all the chatter that is going on in the line. When a customers modem is booting the modded modem listens in and writes everything down. After a while the modder has a pretty good collection of MACs and profiles, he can then pretend to be any of the other modems he chooses (using their profile). IF the modder is smart he will go to a different CMTS and grab MACS/profiles from that CMTS. On most systems the "watch for clone" system is on the CMTS level and not on a system wide level. On the systems that do use system wide clone watches there are other (much more complex) hacks. The 30Mbit hack is not cloning as that tier of service doesn't exist on the CMTS these guys are connecting to. There are no legitimate subscribers on this level of service on those modems they are using, they aren't cloning DOCSIS 3 subscribers. | |
|
| | | | | | Lazlow
join:2006-08-07
Saint Louis, MO | Re: Why they SWAT/POLICE WARRANT I do not know about the system these (article) guys are on but there are D2 systems that have 30Mbps speed tiers. | |
|
| | said by Chaldo:Well you all are saying "no way" for that? Well you must think for a second..... There are a couple reasons this user needs to get taken down fast. 1. MAC ADDRESS CLONING: Well since he is using someones MAC address to get on the internet, what ever he is doing is going under the person who pays mac address, like bandwidth usage, but most importantly IF HE DECIDES TO HACK/DO SOMETHING ILLEGAL with that Connection the MAC will show up and they will look it up and probably bust the wrong person. So big crime is at stake here. Completely wrong. While you are using someones elses MAC address you are using a unique IP address to surf etc and as such the owner of the mac cannot get accused of anything. The bandwidth usage is also a moot point as the hacker can only get online on a separate segment of the network and VM don't seem to track across segments (this is what makes it possible in the first place)
So big crime is at stake here. OMG please don't post when you have no understanding of the issues or technology used, you are just adding to the hysteria.
--
| |
|
| Chaldo
join:2008-03-18
West Bloomfield, MI
2 edits | Re: Why they SWAT/POLICE WARRANT said by nemo1966:said by Chaldo:Well you all are saying "no way" for that? Well you must think for a second..... There are a couple reasons this user needs to get taken down fast. 1. MAC ADDRESS CLONING: Well since he is using someones MAC address to get on the internet, what ever he is doing is going under the person who pays mac address, like bandwidth usage, but most importantly IF HE DECIDES TO HACK/DO SOMETHING ILLEGAL with that Connection the MAC will show up and they will look it up and probably bust the wrong person. So big crime is at stake here. Completely wrong. While you are using someones elses MAC address you are using a unique IP address to surf etc and as such the owner of the mac cannot get accused of anything. The bandwidth usage is also a moot point as the hacker can only get online on a separate segment of the network and VM don't seem to track across segments (this is what makes it possible in the first place) So big crime is at stake here. OMG please don't post when you have no understanding of the issues or technology used, you are just adding to the hysteria. Well, you do know IP addresses change overtime, and MAC's are NOT supposed to you have a unique MAC so if someone was hacking overtime and the IP's changed why would you look up by ip? I would look up my MAC because apparently they all are supposed to be UNIQUE. So yeah there is crime that could happen, someone the neighborhood down got charged with something because he left his wireless open and someone drove by and connected and did some big hacking, and they searched his mac and came to his house. You can change your IP very quick so why would you look up by IP if you have the MAC?
OMG please don't post when you have no understanding of the issues or technology used, you are just adding to the hysteria.[reply to this comment from me...] There is so much internet crime done with open wireless or hacked modems if you didn't realize now. So know your info before you decide to make fun of me. | |
|
| | | | Re: Why they SWAT/POLICE WARRANT AFAIK, due to legal requirements here in the US. CPE IPs are tracked along with time and MAC address they're assigned to. Cable ISPs also track modem MAC, IP, and account info. Such records have to be kept for at least several months.
That way if law enforcement personnel ever present a warrant to track particular illegal activity, it can be researched and turned over if need be.
It doesn't guarantee a particular user can be 100% identified nor is it fool proof, but it's a lead. | |
|
|
|
