DANCCS
@sbcglobal.net
| Security with Cable Modem and ComCast?
Hi,
I know that the Cable modem is not Safety as DSL modem because Cable modem service uses a shared cable line to provide service to an entire neighborhood. Essentially, all cable customers in the region belong to the same local area network (LAN). Without any security measures in place, anybody in the neighborhood might technically be able to click on their Windows Network Neighborhood icon and actually see the computer names and addresses of their neighbors on the service. If a customer enables file sharing on any drives, neighbors could even download copies of their data.
But, anybody knows if Comcast has some kind of firewall, or some way to make secure the network?... |
|
EG
The wings of love
Premium
join:2006-11-18
Union, NJ
1 edit | »www.birds-eye.net/definition/b/b···ce.shtml  |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
 ·Comcast
| :)
--
Think outside the Fox... Opera |
|
netcool
Premium
join:2008-11-05
Englewood, CO
| reply to DANCCS
That used to be a big problem with Pre-DOCSIS CMTS.
Now with DOCSIS all packets are encrypted back to the CMTS using BPI.
There are also cable filters in place on the CMTS.
»noc.caravan.ru/ciscocd/cc/td/doc···xtocid18 |
|
PrntRhd
join:2004-11-03
Fairfield, CA
·Comcast
·Comcast Formerly ..
| reply to EG
Exactly.
Also, if you run a SOHO router, the PCs are further secured by another hardware firewall. |
|
swintec
Premium
join:2003-12-19
Alfred, ME
 ·RapidVPS
·surpasshosting
 ·Sprint Mobile Broa..
 ·VoicePulse
·RoadRunner Cable
| reply to netcool
said by netcool  :That used to be a big problem with Pre-DOCSIS CMTS. Now with DOCSIS all packets are encrypted back to the CMTS using BPI. There are also cable filters in place on the CMTS. » noc.caravan.ru/ciscocd/cc/td/doc···xtocid18 This was always the case back when we had Adelphia. Then one morning when Time Warner did the cut over to there system and took control of the modems, instead of baseline privacy saying "Done" it said "Skipped"...I do not know what TW uses in place of BPI, but i always found it odd as to why they do not use it.
--
Usenet Accounts |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable
| reply to DANCCS
said by DANCCS :
Hi,
Essentially, all cable customers in the region belong to the same local area network (LAN). Without any security measures in place, anybody in the neighborhood might technically be able to click on their Windows Network Neighborhood icon and actually see the computer names and addresses of their neighbors on the service. If a customer enables file sharing on any drives, neighbors could even download copies of their data.
No. It is not one Lan. You cannot see the upstream of other customers, and they cannot see your downstream. Yes, the data is present on the coax, but it cannot be accessed with a cable modem. |
|
grazed
join:2006-10-15
Havertown, PA
| said by K Patterson :said by DANCCS :
Hi,
Essentially, all cable customers in the region belong to the same local area network (LAN). Without any security measures in place, anybody in the neighborhood might technically be able to click on their Windows Network Neighborhood icon and actually see the computer names and addresses of their neighbors on the service. If a customer enables file sharing on any drives, neighbors could even download copies of their data.
No. It is not one Lan. You cannot see the upstream of other customers, and they cannot see your downstream. Yes, the data is present on the coax, but it cannot be accessed with a cable modem. It sure can.
How do you think people run unregistered modems? Not that I know the technicalities of it all, but it relies on packet interception to retrieve config files, Serial numbers, and MAC ID's of neighboring modems. |
|
EG
The wings of love
Premium
join:2006-11-18
Union, NJ | said by grazed :Not that I know the technicalities of it all, Hmmm.. |
|
tmh
@comcast.net
| said by EG :said by grazed :Not that I know the technicalities of it all, Hmmm.. |
|
MacLeech
The one and only
Premium
join:2001-07-14
SoCal
2 edits | reply to grazed
said by grazed :How do you think people run unregistered modems? That's a completely different issue then accessing your neighbor's computer.
I've hacked plenty of modems when it was possible and needed to know nothing from any other modem or end user computer on the network. It was between me and the ISP servers.
How do you propose the modem listens to the other modems on the local segment? It can't do it directly, it has to wait for the data processed by the CMTS.
This is also why the netBIOS and other OS level sharing ports are usually blocked at the modem and CMTS. |
|
XPAMD
Premium
join:2002-06-08
united state
·ViaTalk
| reply to swintec
said by swintec :said by netcool :That used to be a big problem with Pre-DOCSIS CMTS. Now with DOCSIS all packets are encrypted back to the CMTS using BPI. There are also cable filters in place on the CMTS. » noc.caravan.ru/ciscocd/cc/td/doc···xtocid18 This was always the case back when we had Adelphia. Then one morning when Time Warner did the cut over to there system and took control of the modems, instead of baseline privacy saying "Done" it said "Skipped"...I do not know what TW uses in place of BPI, but i always found it odd as to why they do not use it. Sounds like something specific to your area and/or related to the switch from Adelphia to TW. My TW Division has Baseline Privacy enabled.
Or a PO'd employee that didn't want Time Warner "deleted that option" and no one @ TW has noticed it. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to DANCCS
When I first got DSL, I was able to see the files on a couple of neighbor's computers. Using NetBIOS. I can't say that cable and DSL are different in regard to security, other than the means used by the cable and DSL operators to secure their networks.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable
| reply to grazed
Yes, you can change the MAC of a cable modem by surgery. That would let you run an unregistered modem so long as the other modem with that MAC was turned off.
It is physically impossible to see a neighbor's upstream. The cable modem does not have a receiver that can be tuned to those frequencies. |
|
Marcer
VIP
join:2007-07-08
Hamilton, ON
·Mountain Cable
| said by K Patterson :It is physically impossible to see a neighbor's upstream. The cable modem does not have a receiver that can be tuned to those frequencies. Not only that, the Port to Port isolation @ the Tap would severely degrade the signal before it would enter the neighbour's drop. |
|
delusion FTL
@algx.net
| reply to K Patterson
I think the poster was more concerned about opening up the network in windows and seeing all his neighbors (and them seeing him). Rather than neighbors "sniffing" his traffic. This has been stopped by the cable modems no longer allowing in and out traffic over those ports that are used.
Broadcast packets can obviously still be captured. |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH | reply to Marcer
A good point! |
|
