dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
802
Rakeesh
join:2011-10-30
Phoenix, AZ

Rakeesh

Member

More than 3 mac addresses

So the cable modem limits how many IP addresses we can have at a time by restricting the number of mac addresses it will permit in its switch port per session. Ultimate (which I'm on) sets this to 3.

Would Cox react badly if I were to change that limit on my own?

I think I want 5 for a little technical project I'm working on (related to working on my CCIE.) I'm a bit on the disabled side so my income is limited, and therefore I don't want to buy a business account.

I'm not hell bent on doing this, just passively interested. I do have other ways of accomplishing what I'm trying to do, but this would be the best route(TM).

billaustin
they call me Mr. Bill
MVM
join:2001-10-13
North Las Vegas, NV

billaustin

MVM

I would like to know how you plan to change the MAC limit on your own.

odog
Minister of internet doohickies
Premium Member
join:2001-08-05
Atlanta, GA

odog to Rakeesh

Premium Member

to Rakeesh
You can't change the limit on your own. Or at least you shouldn't be able to, and likely won't be able to. If you do, it is akin to theft of service so I would probably start working on how to prevent it.

Hard Harry7
join:2010-10-19
Narragansett, RI

Hard Harry7 to Rakeesh

Member

to Rakeesh
To answer your question; very badly. Are you talking about hacking the config? That takes some doing and is against ToS. But if your going to try, why post here? Did you seriously think you would get a positive reaction from Cox?

stanley_qaz
Premium Member
join:2003-03-17
Gilbert, AZ

1 recommendation

stanley_qaz to Rakeesh

Premium Member

to Rakeesh
Do you really need more than three public IP addresses?

Isn't there a way you could attach a router to your modem as one of the three allowed devices and use a range of private IP addresses behind it for your additional devices, possibly port-forwarding to them if direct external access is needed?

U456781384
join:2014-05-09
Johnston, RI

1 recommendation

U456781384 to Rakeesh

Member

to Rakeesh
Technically a modem can bridge up to 32 MAC addresses (it may be more with the newest DOCSIS standard). For Business Customers Cox used to allow up to 8, if you wanted more public addresses than that you would have to purchase a CIDR block.

While yes it may be technically possible to hack the modem and change the configuration file to allow more than 3 MAC addresses doing so would be illegal. If Cox caught you doing this they would terminate your services (at the least) and prosecute you (at most).
Rakeesh
join:2011-10-30
Phoenix, AZ

Rakeesh to odog

Member

to odog
said by odog:

You can't change the limit on your own. Or at least you shouldn't be able to, and likely won't be able to. If you do, it is akin to theft of service so I would probably start working on how to prevent it.

They'd really consider it theft of service? Well I guess I won't then.

odog
Minister of internet doohickies
Premium Member
join:2001-08-05
Atlanta, GA
Nokia BGW320-505

odog to U456781384

Premium Member

to U456781384
said by U456781384:

Technically a modem can bridge up to 32 MAC addresses (it may be more with the newest DOCSIS standard). For Business Customers Cox used to allow up to 8, if you wanted more public addresses than that you would have to purchase a CIDR block.

While yes it may be technically possible to hack the modem and change the configuration file to allow more than 3 MAC addresses doing so would be illegal. If Cox caught you doing this they would terminate your services (at the least) and prosecute you (at most).

It is up to the chipset in the modem to decide "how many" devices it can support bridging. Most support up to 64 total(63 Ethernet/1 USB)

You can't really hack the config file anymore, we've pretty much locked that down 100%.
Rakeesh
join:2011-10-30
Phoenix, AZ

1 recommendation

Rakeesh

Member

said by odog:

It is up to the chipset in the modem to decide "how many" devices it can support bridging. Most support up to 64 total(63 Ethernet/1 USB)

You can't really hack the config file anymore, we've pretty much locked that down 100%.

You mean its protected CMTS side or CPE side? I peeked at the config files but haven't tried poking them. I do however know its still possible to change the CMTS side mac address, but I'm not terribly interested in doing that.

At any rate, when will IPv6 be around? This would equally solve my problem.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

1 recommendation

NormanS

MVM

said by Rakeesh:

At any rate, when will IPv6 be around? This would equally solve my problem.

Until Cox gets around to deploying IPv6 for customers, you can go with a tunnel broker:

»duckduckgo.com/?q=tunnel ··· ia=about

odog
Minister of internet doohickies
Premium Member
join:2001-08-05
Atlanta, GA

odog to Rakeesh

Premium Member

to Rakeesh
the chipset used in the modem dictates what the modem "can" support. The config file dictates what the modem is "allowed" to forward in the bridge table.

bbeesley
join:2003-08-07
Richardson, TX

1 recommendation

bbeesley to billaustin

Member

to billaustin
said by billaustin:

I would like to know how you plan to change the MAC limit on your own.

You can't. The number of MAC addresses is set by the variable Max_CPE in the modem configuration file.

You could try to push your own config to the modem but they are digitally signed and confirmed by the CMTS so attempting to do so would break your service and is technically illegal under Federal Law

For the OP, I would suggest getting a router that can support inbound VPN and using that to both expand the number of devices and give you the capability of remote access for your CCIE work.
Rakeesh
join:2011-10-30
Phoenix, AZ

4 edits

Rakeesh

Member

said by bbeesley:

You could try to push your own config to the modem but they are digitally signed and confirmed by the CMTS

That can't be the only thing is it? I've defeated stronger countermeasures in other systems.

For example on a Tivo unit you can re-flash the prom image with your own that doesn't do a signature check on the kernel, thus breaking the chain of trust, and in the process you modify the SHA1 hash stored in the image so that when the tivo phones home, it sends the expected kernel hash in its log files, while in reality the image doesn't match the hash value it sent.

This allows you to patch the tivoapp binary, which among other things permits you to ignore Cox's dreaded CCI byte.

If you were to hack the firmware of the cable modem, I imagine you could have one configuration file that the modem actually uses to tune its own network parameters, and have a second configuration file that is used for CMTS auditing (and any changes the CMTS pushes go to that, thus avoiding a DirecTV style "write and see if not changed" countermeasure back in 2001.)

There are a number of possibilities at any rate, that being just one of them.
said by bbeesley:

For the OP, I would suggest getting a router that can support inbound VPN and using that to both expand the number of devices and give you the capability of remote access for your CCIE work.

I've got something much simpler (and free) in mind.
Rakeesh

Rakeesh to odog

Member

to odog
said by odog:

It is up to the chipset in the modem to decide "how many" devices it can support bridging. Most support up to 64 total(63 Ethernet/1 USB)

You can't really hack the config file anymore, we've pretty much locked that down 100%.

Is this limit going to still exist in new modems going forward after the IPv6 rollout? Cisco intends on having this glorious IoT future, and if so, you may end up with a situation where a home user needs more than that. (Which I've got my own reservations about IoT, nonetheless that's what a lot of big companies have a vision of.)

CoxTech1
join:2002-04-25
Chesapeake, VA

CoxTech1

Member

IPv6 won't rely on increased CPE bridging table limits to allow more devices to be directly connected. Routers will still be relevant, what changes however is no longer needing to rely on NAT to connect everything. The router gets offered a block of v6 IP's which it delegates to the internal devices connected. Firewall strategy will become much more important once all devices on the home network become directly addressable.

Hard Harry7
join:2010-10-19
Narragansett, RI

Hard Harry7 to Rakeesh

Member

to Rakeesh
said by Rakeesh:

If you were to hack the firmware of the cable modem, I imagine you could have one configuration file that the modem actually uses to tune its own network parameters,

Let me know when you get that working.

bbeesley
join:2003-08-07
Richardson, TX

bbeesley to Rakeesh

Member

to Rakeesh
said by Rakeesh:

If you were to hack the firmware of the cable modem, I imagine you could have one configuration file that the modem actually uses to tune its own network parameters, and have a second configuration file that is used for CMTS auditing (and any changes the CMTS pushes go to that, thus avoiding a DirecTV style "write and see if not changed" countermeasure back in 2001.)

during bootup the CM obtains it's configuration via TFTP. it used to be fairly trivial to fool the modem into downloading a "custom configuration" from a PC attached to the modem, but this hack was broken by the implementation of shared-secret. The config file won't match cryptographically and will be rejected by the CMTS when the CM uploads the file as part of the registration process.

if you are interested in reading up on CM hacks, this link is a pretty good read. Just keep in mind that actually attempting to do this on a real cable plant violates at least two Federal laws that I am aware of.

»www.cedmagazine.com/arti ··· -cloning
Rakeesh
join:2011-10-30
Phoenix, AZ

Rakeesh to CoxTech1

Member

to CoxTech1
said by CoxTech1:

Firewall strategy will become much more important once all devices on the home network become directly addressable.

Aside from doing NATv6 (which is a thing as of a few years ago) you could replicate the same behavior by doing statefull packet inspection (called CBAC in Cisco's enterprise grade routers) which I believe third party firmwares have supported for a while now.
Rakeesh

Rakeesh to bbeesley

Member

to bbeesley
said by bbeesley:

during bootup the CM obtains it's configuration via TFTP. it used to be fairly trivial to fool the modem into downloading a "custom configuration" from a PC attached to the modem, but this hack was broken by the implementation of shared-secret. The config file won't match cryptographically and will be rejected by the CMTS when the CM uploads the file as part of the registration process.

No you don't have to do that, you just noodle with the modem's NAND chip containing the firmware. This isn't something I've done, but I'm aware of at least one Comcast user who does. Like I mentioned earlier, I've peeked but not poked. I'm honestly quite satisfied with the service Cox provides for internet, so I don't have any qualms about paying (especially considering the discounts I've negotiated.)

odog
Minister of internet doohickies
Premium Member
join:2001-08-05
Atlanta, GA
Nokia BGW320-505

odog

Premium Member

No you don't have to do that, you just noodle with the modem's NAND chip containing the firmware. This isn't something I've done, but I'm aware of at least one Comcast user who does. Like I mentioned earlier, I've peeked but not poked. I'm honestly quite satisfied with the service Cox provides for internet, so I don't have any qualms about paying (especially considering the discounts I've negotiated.)

you need two modems for that. Tweaking firmware does nothing unless you have stolen the MAC/cert from another.
Rakeesh
join:2011-10-30
Phoenix, AZ

1 edit

Rakeesh

Member

said by odog:

you need two modems for that. Tweaking firmware does nothing unless you have stolen the MAC/cert from another.

Oh MAC addresses are signed? Now THAT I didn't know. I'm guessing CableLabs is the signing authority? (Either that or they use the equally secure yet easier to manage Zero Knowledge Test.) If that's the case, then this person I know is probably account sharing or something.