dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
29
Vomio
join:2008-04-01

Vomio to hm

Member

to hm

Re: Trail of Pierre Poutine leads to open Wi-Fi connection

How about something simple like a cloned / hacked modem and a fixed/forced IP and MAC.

Rogers seems to be very cautious about their modems and stifling tales of hacks and I know that this is not the place to discuss such things.

So, I won't discuss it further other than to say that insecure connection and drive-by sniffing might possibly give you all the information you need for use later.
Expand your moderator at work

Ott_Cable
@teksavvy.com

Ott_Cable to Vomio

Anon

to Vomio

Re: Trail of Pierre Poutine leads to open Wi-Fi connection

Would a cloned modem would ended up having the same IP address at all at different segments of the cable network? Looking at non-aggregated TPIA, there seems to be IP pools for each POI. Not sure how Rogers does it for their subscribers, but likely IP addresses are regional.

If both modem get the same IP, then something will be broken and get noticed. So cloning likely only works on different network segments.

BACONATOR26
Premium Member
join:2000-11-25
Nepean, ON

BACONATOR26 to Vomio

Premium Member

to Vomio
said by Vomio:

How about something simple like a cloned / hacked modem and a fixed/forced IP and MAC.

That is no longer possible with DOCSIS and the encryption methods that Rogers now uses. Cloning alone also does nothing.
BACONATOR26

BACONATOR26 to Ott_Cable

Premium Member

to Ott_Cable
said by Ott_Cable :

Would a cloned modem would ended up having the same IP address at all at different segments of the cable network? Looking at non-aggregated TPIA, there seems to be IP pools for each POI. Not sure how Rogers does it for their subscribers, but likely IP addresses are regional.

If both modem get the same IP, then something will be broken and get noticed. So cloning likely only works on different network segments.

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

hm
@videotron.ca

hm

Anon

said by BACONATOR26:

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

Rogers has had issues with dupe MAC's, as opposed to Videotron. I don't know Rogers network at all aside from what people tell me, but when it comes to dupe MAC's, Rogers is/was known to have issues.

So no clue if they fixed this up or what they do/did to address this problem. But we're not talking a long time ago either...

Ott_Cable
@teksavvy.com

Ott_Cable

Anon

Why can't it be as simple as a drive-by with a high gain wifi antenna (e.g. pringles can one) or even someone living in the same building stealing WiFi for accessing/uploading to the robocaller service?

hm
@videotron.ca

hm

Anon

said by Ott_Cable :

Why can't it be as simple as a drive-by with a high gain wifi antenna (e.g. pringles can one) or even someone living in the same building stealing WiFi for accessing/uploading to the robocaller service?

Because it was confirmed 5 people from the office on the other end of town. Or rather, 5 logins (assumed to be people since this wasn't denied).
Vomio
join:2008-04-01

Vomio to hm

Member

to hm
I wonder what versions of Docsis were running on the system? The weakest link and all that.

An approach to deal with problem duplicates is to take the legitimate insecure modem out of the equation temporarily. Even if the owner had changed their name/pass on the box, the CableCo's admin. is probably available.

On restart _it_ would be seem to be the clone on the system and might effectively get DoSed or not.

I'd guess with the right timing one would gain enough of a window to upload one's bulk email to the service for distribution.

Who knows what way this was all done, there are definitely more than a couple of ways to play the game.

The effect is pretty much the same.

The fox left the hen house long ago, I imagine all the windows at the crime scenes have nose marks all over them.

If somebody was going to blow the whistle on a participant they'd have probably done it long ago.

My guess is that what you are seeing is money being spent to appear to do something. "Better late than never." for political reasons.

"We exhausted all avenues, we even got Google out of bed to answer the phone."

--Vomio

The toybox Backtrack5 r3 is officially out today, check out what's new.

Eight Ball
@videotron.ca

Eight Ball to hm

Anon

to hm
Someone should notify Karl about this topic and he should write about this one. It will make Elections Canada and these investigators look stupid.

But in court documents, Mathews (an Elections Canada investigator) offers no possible explanation for how or why five campaign workers all signed on from the same IP address used by Poutine - and over a Wi-Fi signal nowhere close to their office.

Voodoo.
funny0
join:2010-12-22

funny0 to BACONATOR26

Member

to BACONATOR26
said by BACONATOR26:

said by Ott_Cable :

Would a cloned modem would ended up having the same IP address at all at different segments of the cable network? Looking at non-aggregated TPIA, there seems to be IP pools for each POI. Not sure how Rogers does it for their subscribers, but likely IP addresses are regional.

If both modem get the same IP, then something will be broken and get noticed. So cloning likely only works on different network segments.

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

so what if you temproarily disable the non clone and do your deed then walk off .....ya i can see that
funny0

funny0 to hm

Member

to hm
said by hm :

said by BACONATOR26:

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

Rogers has had issues with dupe MAC's, as opposed to Videotron. I don't know Rogers network at all aside from what people tell me, but when it comes to dupe MAC's, Rogers is/was known to have issues.

So no clue if they fixed this up or what they do/did to address this problem. But we're not talking a long time ago either...

think cogeco and you got more issues
funny0

funny0 to Vomio

Member

to Vomio
said by Vomio:

I wonder what versions of Docsis were running on the system? The weakest link and all that.

An approach to deal with problem duplicates is to take the legitimate insecure modem out of the equation temporarily. Even if the owner had changed their name/pass on the box, the CableCo's admin. is probably available.

On restart _it_ would be seem to be the clone on the system and might effectively get DoSed or not.

I'd guess with the right timing one would gain enough of a window to upload one's bulk email to the service for distribution.

Who knows what way this was all done, there are definitely more than a couple of ways to play the game.

The effect is pretty much the same.

The fox left the hen house long ago, I imagine all the windows at the crime scenes have nose marks all over them.

If somebody was going to blow the whistle on a participant they'd have probably done it long ago.

My guess is that what you are seeing is money being spent to appear to do something. "Better late than never." for political reasons.

"We exhausted all avenues, we even got Google out of bed to answer the phone."

--Vomio

The toybox Backtrack5 r3 is officially out today, check out what's new.

you all realize its long since past when hackers hacking you will tell you how or why its done cause every time they do it people toss them in jails.....