dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1249
share rss forum feed


Freedom

@charter.com

Cable modem BOOTP/DHCP ACK and Offers

Ever sense I started my subscription with Charter Internet service they bomb my firewall with other cable modem BOOTP/DHCP ACK and Offers. They pile up bloating my logs and really annoy the hell out of me.....

I called Charter and made them aware of the Security Flaw on there network showing every ones Private information on a public network. The response: We don't know what's going on!

The way I see it ...... if they are broadcasting cable modem Mac address to everyone on the public network I would be free to cancel my subscription and flash a cable modem with the apparent Public Mac Address they are providing for free!


msmisfit

join:2004-09-13
Lawrenceville, GA
kudos:2
Mind giving your general location?

I'm curious about what you are saying, because someone is filling my software firewall log with UDP packets every 2 SECONDS... all day long, and I can't find the source. The firewall log gives my router IP as the source.


passerby

@charter.com
reply to Freedom
What you are seeing is likely normal ARP traffic on the subnet. Search any one of the cable provider forums and you'll see it discussed numerous times.


Freedom

@charter.com
reply to msmisfit
I'm located in Georgia ..... I have performed a deep packet inspection and viewed the content of the packets and they are BOOTP/DHCP ACK and Offers to other cable modems. I can see the Mac addresses of the other cable modems.

A Mac Address is like your Social Security number you never give out to others on the network ..... I believe this to be a misconfiguration on Charters behalf which is a security threat to others in more ways than one.

I believe you could reconfigure a Cisco modem with the Mac address which they are broadcasting and receive free internet service. From a hacking perspective its a unnecessary misconfiguration security risk that Charter is imposing on there customers. What if a hacker knows my cable modems Mac address.

Take all these Totalitarian internet Laws Washington is forcing down our throats, you could easily be framed and sent to prison with no trial.

If you have no control over your own security you will find yourself waddling in a pool of urine.

haggelz

join:2010-07-04
Glendale, CA

1 edit

1 recommendation

reply to Freedom
said by Freedom :

The way I see it ...... if they are broadcasting cable modem Mac address to everyone on the public network I would be free to cancel my subscription and flash a cable modem with the apparent Public Mac Address they are providing for free!

Perhaps you should read more about DOCSIS technology and its security features. Its not that easy. Not to say it hasn't been done but the security risk is relatively minimal in this day in age. No way comparable to SSN, especially if the CMTS is configured correctly.


Freedom

@charter.com
A Mac address is a permanent identification number assigned to a network device. There are no 2 devices in this world assigned the same Mac Address.

Mac addresses on network devices are used to prosecute criminals in the court of law.

Ethically you shouldn't be able to prosecute a individual if the system can be easily manipulated!


Freedom

@charter.com
reply to haggelz
We are living in a technological age, its a rather easy task!

»www.cisco.com/en/US/tech/tk86/tk···34.shtml


cork1958
Cork
Premium
join:2000-02-26
So, for s**ts and giggles, try it and see what happens!


DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:16

1 recommendation

reply to Freedom
You do realize the modem is connected to a SHARED downstream channel? That in effect creates a LAN out of all the nodes connected to that same CMTS downstream port. MAC address broadcasts are normal in that environment, especially when the modems and PCs don't have assigned IPs yet.
--
Two is one, one is none. If it's important, back it up... Somethimes 99.999% availability isn't even good enough.


WNC_Guy

@charter.com
reply to Freedom
There are lots of reasons for ARP floods (or storms as we used to call them)....
»www.cisco.com/en/US/products/hw/···08.shtml
»www.cisco.com/en/US/products/csa···arp.html

The good thing is IPv6 eliminates ARP ... wish we could get there some day...

haggelz

join:2010-07-04
Glendale, CA

1 edit

1 recommendation

reply to Freedom
said by Freedom :

A Mac address is a permanent identification number assigned to a network device. There are no 2 devices in this world assigned the same Mac Address.

Read this »en.wikipedia.org/wiki/DOCSIS#Security

As of docsis 1.1 BPI+ environments, there is a digitally signed security key tied to the mac address in the modem. If the CMTS is configured correctly, a mac address IN ADDITION to the embedded security key is required to gain access to the network.

Also, there are other factors to consider. Like the CPE mac address assigned to the allocated DHCP IP address from charter. If you got framed in court you could say that this mac address does not match any of your equipment


DaSneaky1D
what's up
Premium,MVM
join:2001-03-29
The Lou

1 recommendation

reply to WNC_Guy
IPv6 does not eliminate ARP.