dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2083
share rss forum feed


hagbard72

join:2000-10-02
Kingsville

Modem security

This week I changed cable internet providers to a third party provider. They sent me a new modem, I connected four days ago. The other day I went into the modem's diagnosis page and it said I have three devices attached. I only have the router attached. I reset the modem, it then saw only one device. It stayed that way overnight and till a few hours ago, now its seeing three devices again.

I'm wondering if there's a security issue here? A cloned modem mac address? Don't know what, but it seems odd and worthy of investigation. Any ideas what's going on?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

If you only have your (own hopefully) router physically attached to your ISP's modem I wouldn't worry too much. They might be "virtual" devices.

The modem doesn't have wi-fi capability does it? If it does, and it's enabled, it might be seeing wireless devices somewhere.
--
Don't feed trolls--it only makes them grow!


hagbard72

join:2000-10-02
Kingsville
reply to hagbard72
Nope, it doesn't have wireless capabilities. I have heard of modem mac addresses being cloned and getting user info that way. Which is also rather odd is that I was getting email from my provider in my inbox now its directed to spam, I didn't do this.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit
said by hagbard72:

I have heard of modem mac addresses being cloned and getting user info that way.

Well even if your modem was getting your routers WAN side MAC address that wouldn't reveal much. Since MAC addresses are assigned in blocks to vendors one could determine the manufacturer of your router. That may enable hackers to target any known router vulnerabilities if they can determine the MAC.

BTW is your modem operating in bridge or router mode (with NAT & firewall)?
--
Don't feed trolls--it only makes them grow!


hagbard72

join:2000-10-02
Kingsville
reply to hagbard72
Router mode. Tried searching my the modem's mac address, came up empty.


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13
reply to hagbard72
Does it list what those devices are (maybe post a screenshot)? Also what model modem

Cudni


hagbard72

join:2000-10-02
Kingsville
reply to hagbard72
It doesn't list them. Its the DCM476.


John Galt
Forward, March
Premium
join:2004-09-30
Happy Camp
kudos:8
reply to hagbard72
Refresh the list.

Sometimes the connected client list is left over from configuration and testing.

Also, make sure you change the default password.


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS
reply to hagbard72
said by hagbard72:

Router mode. Tried searching my the modem's mac address, came up empty.

modem in router mode no personal router?


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
said by Cartel:

said by hagbard72:

Router mode. Tried searching my the modem's mac address, came up empty.

modem in router mode no personal router?

#1 By looking going through all of their topics/posts up to 180 days back

»/postlist/2121···tart&p=1

»/postlist/2121···thin&p=1

that they have their own RJ-45 router.

#2 However I don't know if their own RJ-45 router is connected to their modem combo OR not. Only they can answer that...
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


hagbard72

join:2000-10-02
Kingsville

1 recommendation

reply to John Galt
?? There's a password on a modem?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

Of course. It has built-in website for configuration right? In there somewhere should be a password. I never ever leave passwords at the default.

That said if it came from your ISP they probably have a backdoor into it anyway. That's why one should always have their own, 3rd party and secured, router behind whatever the ISP provides.
--
Don't feed trolls--it only makes them grow!


hagbard72

join:2000-10-02
Kingsville

1 recommendation

reply to hagbard72
Never heard of a password on a modem, a router, yes, but not a modem. I don't see anything for setting up such a password.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

Didn't you say you have your modem in router mode? If so it has a router in it.
--
Don't feed trolls--it only makes them grow!


hagbard72

join:2000-10-02
Kingsville

1 recommendation

reply to hagbard72
Ahhh....I see. Thought you were asking me if my router was in router mode (ie: access point vs bridge, etc). This modem has no router. Wonder if you can put a second router in front of the modem to firewall it?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

2 edits

1 recommendation

I see. Most "modems" from ISP's these days have a built-in router and wi-fi. Since the ISP can get into it from the WAN side regardless of what you do (change passwords etc), and hackers may be able to do the same, many don't rely on them for security--hence the second router.

I assume your modem only has one RJ-45 (ethernet) connector on it and that's going to your router. If that's the case (and you say it doesn't have a router function), I doubt it has any security features at all. Your router is your only line of defense in that case.

(My "modem" is in router mode and has NAT and the firewall enabled. My router is behind it so I have double NAT/firewalls. That doesn't necessarily provide more protection but I had trouble with putting the "modem" in bridge mode).
--
Don't feed trolls--it only makes them grow!


hagbard72

join:2000-10-02
Kingsville

1 recommendation

reply to hagbard72
That's correct. BTW, I reset the modem again yesterday and its been staying at one device since. It totally blows the tech's theory than anything passing through the router will add another number to the list. Maybe they investigated further, found something at their end, and fixed it...that's my hope at least.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

I wouldn't worry about it. Just secure your router etc and be happy
--
Don't feed trolls--it only makes them grow!

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

reply to StuartMW
said by StuartMW:

I see. Most "modems" from ISP's these days have a built-in router and wi-fi.

Why do you say that? My ISP tried to get me to use a junk Motorola surfboard modem with router, wifi, and parental stuff, etc on it when I upgraded and needed a DOCSIS 3 modem. It is a junk modem and has bad ratings. I got them to give me an outstanding DOCSIS 3 modem instead...the Surfboard 6141. It is a modem with no junk in it. I have two routers and routers, wi-fi that I would never use for security reasons... should never be built into modems IMO as it craps up the modem. TWC mostly gives out the Surfboard 6141 not the one other modem they have certified for DOCSIS 3 which is the combo one they tried to give me so I don't think most ISP's are giving out combo modems except when they temporarily run out of plain modems.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


MarkAW
Barry White
Premium
join:2001-08-27
Canada
kudos:16

2 recommendations

said by Mele20:

said by StuartMW:

I see. Most "modems" from ISP's these days have a built-in router and wi-fi.

Why do you say that? My ISP tried to get me to use a junk Motorola surfboard modem with router, wifi, and parental stuff, etc on it when I upgraded and needed a DOCSIS 3 modem. It is a junk modem and has bad ratings. I got them to give me an outstanding DOCSIS 3 modem instead...the Surfboard 6141. It is a modem with no junk in it. I have two routers and routers, wi-fi that I would never use for security reasons... should never be built into modems IMO as it craps up the modem. TWC mostly gives out the Surfboard 6141 not the one other modem they have certified for DOCSIS 3 which is the combo one they tried to give me so I don't think most ISP's are giving out combo modems except when they temporarily run out of plain modems.

You did notice he said most ISP's and what does all your gibberish have to do with what he or the op had to say?
--
We never really grow up, we only learn how to act in public.
Do not argue with an idiot. He will drag you down to his level and beat you with experience. (Hmm)
I have enemies? Good. That means I've stood up for something, sometime in my life.


Cthen

join:2004-08-01
Detroit, MI
Reviews:
·Verizon Wireless..

1 recommendation

reply to hagbard72
If you are using a router I am assuming that you have more than one computer connected? If so these are more than likely the devices that are being counted.

Some hardware manufacturer's firmware will list everything as a "device" no matter what it is that is connected.
--
"I like to refer to myself as an Adult Film Efficienato." - Stuart Bondek


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

1 recommendation

reply to Mele20
You ask

said by Mele20:

Why do you say that?

and then immediately state

said by Mele20:

My ISP tried to get me to use a junk Motorola surfboard modem with router, wifi, and parental stuff, etc on it...

Didn't you prove my point?
--
Don't feed trolls--it only makes them grow!


hagbard72

join:2000-10-02
Kingsville

1 recommendation

reply to Cthen
Well, its now reporting one and I have the same number of devices attached. Something else was going on.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to StuartMW
Maybe...LOL...touche...can't type that correctly...have no idea how to find it in Win 8...the OS from Hell.

BUT Oceanic did that only because they were out of the EXTREMELY POPULAR Surfboard 6141 then. I took the junk back and got a 6141.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

reply to Mele20
said by Mele20:

...I don't think most ISP's are giving out combo modems except when they temporarily run out of plain modems.

I disagree.

A "dumb" modem provides next to no protection from nasties on the internet. You'd only have "Windows Firewall" assuming you run WinXP or above. That's the equivalent of leaving all your doors and windows open and your valuables in plain view. Probably not going to end well. ISP's therefore provide their customers with modem/routers (& firewall) to provide minimal protection (most users will never change the password, customize the firewall etc).

ISP's also know that many people have multiple devices these days (PC's, tablets, phones, TV's, etc) and quite often those use Wi-Fi. It therefore makes sense to include that as well.

Additionally many households have children so it also makes sense to include "parental controls" etc.

Finally the technology to do all the above, in a single box, is both possible and relatively inexpensive. In short it makes perfect sense for ISP's to offer an "all-in-one solution" for their customers.
--
Don't feed trolls--it only makes them grow!


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit

1 recommendation

reply to Mele20
said by Mele20:

Maybe...LOL...touche...can't type that correctly...have no idea how to find it in Win 8...the OS from Hell.

BUT Oceanic did that only because they were out of the EXTREMELY POPULAR Surfboard 6141 then. I took the junk back and got a 6141.

Believe it or not, just because you and your ISP in paradise do it one way, that does not mean that most ISPs do it that way. Here on the mainland, many ISPs (both cable and telco based) are indeed pushing modem/router gateway boxes to their customers. In some cases, the customers have no choice (AT&T's U-verse comes to mind), and in some cases the customer can either insist on a standard bridge modem or purchase their own. But the ISPs are indeed pushing combo gateway boxes (which in most cases, the ISP has full control of) to their customers.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. -- US Constitution

When governments fear people, there is liberty. When the people fear the government, there is tyranny. -- Thomas Jefferson


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
reply to hagbard72
said by hagbard72:

Well, its now reporting one and I have the same number of devices attached. Something else was going on.

If the symptom returns, how about posting a screen shot of the modem status page, and also either a detailed description of what is connected to what (and how it is connected), or a simple diagram showing that information.

I know that when I was using a SamKnows monitoring box, and when I used a managed switch directly behind my cable modem, the cable modem would sometimes see the MAC addresses of those "passive" devices and display them as connected devices on its status page. I suspect that something similar is what happened in your case, but unless we know exactly what is physically connected to what, any remote diagnosis is going to be just a wild guess.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. -- US Constitution

When governments fear people, there is liberty. When the people fear the government, there is tyranny. -- Thomas Jefferson


hagbard72

join:2000-10-02
Kingsville
reply to hagbard72
I'll do that but so far its holding at one. The devices that are attached to the router are a computer and a switch. Attached to the switch is a TV and a Bluray player. Everything else is wireless.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit

1 recommendation

said by hagbard72:

I'll do that but so far its holding at one. The devices that are attached to the router are a computer and a switch. Attached to the switch is a TV and a Bluray player. Everything else is wireless.

What is needed for proper diagnosis is what is physically attached to the modem. The modem should not be able to see anything on the LAN side of a router if the only thing that is attached to the modem is a router's WAN interface. Unless the router involved is seriously mis-configured (or just plain defective), the modem should not be able to see the MAC address(es) of any device on the router's LAN (and MAC addresses are what a cable modem looks for to determine what devices are attached).

Shown below is a redacted screen shot of my modem's device status page:




My cable modem shows five MAC addresses because I have five devices with visible MAC addresses connected to the modem. Shown below is a diagram that shows that interconnection (the five devices are the Netgear router, the D-Link router, the Linksys router, and the WAN interfaces of my two server boxes):




For a while, I used a VLAN segment on my Netgear GS108E (managed) switch directly behind my cable modem, but I had to stop doing that and replace it with a non-managed ZyXEL GS105S switch because the cable modem would randomly detect the GS108E's MAC address, and that would prevent some other device from getting internet access (I only pay my ISP for five IP addreses, and they consider that each visible MAC address equates to an IP address whether it really does or not).
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. -- US Constitution

When governments fear people, there is liberty. When the people fear the government, there is tyranny. -- Thomas Jefferson


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
said by NetFixer:

What is needed for proper diagnosis is what is physically attached to the modem.

Already stated.

said by StuartMW:

I assume your modem only has one RJ-45 (ethernet) connector on it and that's going to your router.

»Re: Modem security

said by hagbard72:

That's correct.

»Re: Modem security

In other words. One connection from the modem to router and multple devices behind the router.

»Re: Modem security
--
Don't feed trolls--it only makes them grow!