dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
20270
share rss forum feed


OSUGoose

join:2007-12-27
Columbus, OH
reply to simonduz

Re: My Beef with WOW Ultra TV internet

Could be worse, it could be Insight's half assed MultiRoom DVR, why or why cant TWC swap this garbage out now, you own us, do something!



Big Jimmy

@wideopenwest.com
reply to hudiat

Sorry for all that, I mistook you for the other guy whining about the Ultra TV, where in fact you're just piggy-backing and whining in general. You might want to start a new thread instead of hyjacking this one.

In related news, getting upset because a magazine said someone is good? How is it WOW's fault that a magazine said they did a good job? Call for service every day until they fix your problem, and if it's REALLY an issue, have Dan take a look at it. If there's a problem, he's proven himself time and time again to fix any problem that's within his power.


hudiat

join:2011-10-13
Reviews:
·Time Warner Cable
·WOW Internet and..

You misunderstand my magazine point. The point is the wow advertising of how good they are, is so overpowering, that they even quote bad sources.

The ego over there is so big they brag about that, and are blinded to issues. There is someone else on these forums also having regular issues in my area. When I brought that up they told me he is crying wolf, they checked and checked and found no issues. And now they think the same of me. 2 people in the same city, same issues, and they are just dismissing us as compulsive complainers. There is obviously a localized issue.

I have said before phone support has generally been good for me. It is specific to the Cleveland area that is horrible. Even more so the berea office, the one useful tech I had was based out of independence, I don't think it is coincidence.

So it's great you have good service, can anyone in the general berea area say they have had exceptional service? I'm not talking fixing your issue, but the tech doing something amazing to stand out. Like they advertise.

People I know in the Columbus area say they always have great service, but in the Cleveland area, specific to the berea office, me, and people I know don't experience that same quality.

There have been a few comments in /r/Cleveland over the past few months of people saying they were disappointed in WOW!, meanwhile in the discussion of the knology buy, most people said great things. Not just this forum, another discussion place, and people I know, the general feeling is the Cleveland market is less satisfied than everywhere else.


RootWyrm

join:2011-05-09

1 edit

said by hudiat:

You misunderstand my magazine point. The point is the wow advertising of how good they are, is so overpowering, that they even quote bad sources.

The ego over there is so big they brag about that, and are blinded to issues. There is someone else on these forums also having regular issues in my area. When I brought that up they told me he is crying wolf, they checked and checked and found no issues. And now they think the same of me. 2 people in the same city, same issues, and they are just dismissing us as compulsive complainers. There is obviously a localized issue.

Yeah. What's extra hilarious?

I can tell them exactly what is wrong in their configuration, and I have gone to great lengths to ensure I am NOT crying wolf. I happen to know a thing or twenty about DOCSIS, as I used to work for an MSO that was 20 times larger than WOW. I've gone so far as to contact the only person there with half a clue and asking him to check RF flap on my port at the CMTS.
Result: no flap. Determination: defective modem firmware shipped by WOW causing lockups on DPC2100r2. Cisco response: known defect, provider needs to upgrade firmware. WOW response: one count of "we don't have a support contract with Cisco," one count of "upgraded firmware failed in testing."
They refuse to respond to my questions about why ICMP is being blocked and why they have yet to implement basic security functionality, otherwise known as BPI+. A friend who is in engineering at a much larger MSO is in disbelief that anyone would even consider the things WOW claims are "normal."

And I will be speaking with them about their slanderous accusations and statements about me. When Mister Lawrence D Walden (LW463-ARIN) has staff that knows how to remove the Arris specific strings from the DPC2100 configuration file and how to NOT send 10net traffic out the L3 and XO interfaces, they can attempt to talk down to me.

The WORST part is that they're saddling their installers, who are [u]generally some of the best I've ever seen[/u] - a point I cannot emphasize enough - with operations and management that would be embarrassing for a tiny regional ISP. I mean seriously. You give me three guys who understand the difference between RG11 and RG6 from the junction and can explain signal loss competently, yet you can't find a single network engineer that knows how pointless and counterproductive blocking ICMP is?

EDIT:
By the way, if you're having network problems and support is being unhelpful?
Try this number. No guarantee on validity, since WOW apparently can't even be bothered to maintain their required POC information with ARIN.

hudiat

join:2011-10-13

Not to mention anyone on wow can acces their whole neighboorhoods modems. Including the router portion of combo units. Good security!


RootWyrm

join:2011-05-09

said by hudiat:

Not to mention anyone on wow can acces their whole neighboorhoods modems. Including the router portion of combo units. Good security!

Yes. WOW was notified privately, due to the severe risk associated with this, in December of 2011. They not only declined to address it, they denied that this was a security issue in a network with BPI+ actively disabled. I found it during troubleshooting. It's much, much worse than just that.

They were also notified in no uncertain terms that full access to a customer's modem could be obtained by attackers using known exploits and methods which are in the wild, as well as the fact that the Cisco DPC2100's were running a firmware version with a known security problem - specifically, CVE-2010-2025 and CVE-2010-2026. Contrary to WOW's claims, customer DPC2100's remain vulnerable. Go ahead. Test it.

I identified and privately informed them of no less than five major security or safety issues associated with their network and configurations, all of which have the potential to expose customer data and information. A NOC primate by the name of Mike who doesn't even know what a "DSL Access Module" is yet lists being an 'expert' with "D slam" on his resume basically replied that MITRE and Cisco and six CCIEs all had no clue.

To this day, a rogue modem can STILL take out or take over an entire region accidentally, to say nothing of intentionally. And no, you do not want to know just how dangerously vulnerable the UltraTV boxes are. Arris refuses to participate in the normal security community - including reporting to CERT or MITRE CVE - after being embarrassed by a vulnerability that let attackers take out the C3 at will, so there are vulnerabilities in the wild that you don't know about but attackers do. (Which frankly, is true of most anything.) ProTip: HMAC-MD5 does NOT protect sufficiently against orange Motos and bored kids with Google.

Suffice to say, anybody with actual malicious intent would have NO trouble taking over WOW's equipment and networks, and WOW would have absolutely no idea it was going on. Any customer on the network can access infrastructure gear in a number of extremely dangerous ways, because it's configured with insecure and unsafe defaults.

Yeah. I'm really crying wolf and complaining about dangerous security problems that they refuse to acknowledge despite having exact attack profiles explained is "chronic complaining."

richkut

join:2012-02-10
Cleveland, OH
reply to hudiat

I, too, am in the Greater Cleveland area (east side, serviced by the Valley View Office). I am sorry to hear that you are having such problems, but have you even tried to talk to local management about this? They always have been very receptive to me, so if the Techs are not living up to your expectations why don't you work your way up the chain of command? If this fails, perhaps you might consider the alternative carriers in town (AT&T, other cable providers, satellite providers or just over-the-air + web channels). Good luck, and please let us know if this works for you.
--
Rich K
South Euclid, OH


baess

join:2011-01-28
reply to RootWyrm

said by RootWyrm:

Yes. WOW was notified privately, due to the severe risk associated with this, in December of 2011. They not only declined to address it, they denied that this was a security issue in a network with BPI+ actively disabled. I found it during troubleshooting. It's much, much worse than just that.

They were also notified in no uncertain terms that full access to a customer's modem could be obtained by attackers using known exploits and methods which are in the wild, as well as the fact that the Cisco DPC2100's were running a firmware version with a known security problem - specifically, CVE-2010-2025 and CVE-2010-2026. Contrary to WOW's claims, customer DPC2100's remain vulnerable. Go ahead. Test it.

Hackers are usually aware of such things. And if not, if they read this they certainly will be now. Maybe you could have been a little more discrete.

RootWyrm

join:2011-05-09

said by baess:

Hackers are usually aware of such things. And if not, if they read this they certainly will be now. Maybe you could have been a little more discrete.

You might want to check the dates on things. It was reported to Cisco in January 2010, and Cisco delivered a fix in May of 2010, at which point it was publicly disclosed because a fix was available from the vendor and had been delivered.

The firmware delivered by WOW to the DPC2100r2's is from March 2006. It's so old, it still says Scientific Atlanta. Customers cannot update the firmware, as WOW overwrites with v2.0.2r1256-060303. WOW has been aware of this since before December 2011, and variously claims that they "do not have access" to fixed firmware and that the fixed firmware "failed validation."


Irie

@comcastbusiness.net
reply to simonduz

Tell them to disable your router (which they can do on the phone). Use your Ultra as your cable modem and hard drive only. Once they disable it from "broadcasting" you should be able to plug your own router into it and re-assemble your own wireless network.

I did this last night and all seems ok (I am using an airport extreme as my router and 3 airport expresses to extend my network range). I have a lot of stuff working off it that would not work when the Ultra was my router.


qbwaggle

join:2012-05-31
Troy, MI

1 edit

Irie, are you saying that WOW can put the gateway into "bridge mode" over the phone? WOW_Dan has stated in this forum that bridge mode isn't possible with this hardware... perhaps he's mistaken?

EDIT: Upon reading more threads, it seems that WOW_Dan is fairly adamant that bridge mode isn't possible with this hardware, nor will it ever be. Please ignore my previous question.