Rogers → [Modem/Router] Does the combined modem-router give Rogers access to the network

After a conversation with a Rogers technician, it would seem that the Rogers cable modem/router all-in-one device allows Rogers to see the data on the network switch backplane. Is that correct? Does the combined modem-router give Rogers access to the network switch, and thereby all computers connected to it?

With the original setup of the separate cable modem clearly Rogers had full access to it, be it layer 2 or layer 3 as those devices served TCP, but not to the computers connected to that cable modem if they were connected to a separate router with a separate network backplane, and if the router was configured not to route external flows internally.

Rogers has access to your admin page. If the employee is dishonest he/she can do further tinkering to access any devices that are connected to your gateway, but Rogers does not provide employees with access to your devices attached to your network.

I should also add that the screen on all call centre agents is recorded and monitored. It's highly unlikely anyone would get away with what I mentioned. Also they do not have access to any data that is being transferred on your network.

If my safeguard is recording the screen of the Rogers employee, then that's not a safeguard. There are numerous data breaches in the news that confirm that corporate policies against privacy breaches are not obeyed by the employees: »www.thestar.com/news/gta ··· tal.html

I wonder just how cable the new cable modem/routers are? Could the CGN3 model be "prwned" by an employee to capture all data on the network backplane?

Skip the syntax error in the word pwned...

I wonder just how cable the new cable modem/routers are? Could the CGN3 model be "prwned" by an employee to capture all data on the network backplane?

Not sure, but i think you were trying to say "how capable" instead of "how cable". I think in most cases, its more an issue of, does your modem password and wifi passphrase have sufficient random characters in it to prevent cracking by people who do just that, for the purpose of illegal downloading. There have been numerous instances recently of Rogers users finding huge unexpected downloads on their monthly bill, and along with it, the large cost, in some cases hundreds or thousands of dollars. Only explanation for it is cloned MAC addresses on the Rogers network, or weak modem passwords and/or WPA2 AES wifi passphrases that have been cracked. There is always the possibility of insider breaches, but that is the same for any organization with an IT structure that it relies upon.

With a wifi connection and cracked passphrase it would probably be fairly easy to monitor someone's network to see what they are up to as well as allowing access to the internal network. Wired would be more difficult, but with a DNS redirect to a server setup to spoof legitimate DNS servers, I suspect that anything you wanted to do online could then be monitored. And that DNS redirect would be a consequence of a weak modem password. DNSCrypt with OpenDNS might be the solution for that particular problem. To protect your internal wired network from any outside probing via wired connection, you would have to place it behind your own downstream firewall or router, that only you have control of.

If you use the CGN3 in gateway mode Rogers has access to your LAN. If you want to be secure you must place the CGN3 in bridge mode and use a good router as the gateway device ... In this way your LAN will be protected from unwanted accesses fom Rogers personnel.

Assuming that a Rogers employee lived closed enough to be able to access your Wifi signal (like in the same apartment building) then couldn't they just change a Guest network WPA2 password to something that they know and then easily access your network? If you don't use the Guest network that often then you may not know for a long time, if ever.

Or can you even see the password on the web UI? If so they could just note the password and then they are in.

For example, I live in a detached house and I can see my neighbours' (from both sides) SSIDs from some parts of my house. If they were using a CGN3 in Gateway mode and I worked for Rogers then it wouldn't be too hard to piggyback on their Wifi.

Another reason to use bridge mode.

I expect that it would be possible for that scenario to occur, but then I would also expect Rogers to record every change made to an account as well as the ID of the individual who changed it. Getting access to that record would probably be another matter altogether. As a policy, its worth conducting an occasional check on your own Rogers modem/router, looking for any evidence of an open or closed guest account transmitting from that modem/router. If you use inSSIDer as a monitoring tool, the intended and unintended wireless networks that are transmitted by that modem/router will rise to the top of the network list, due to the output power that can be detected by the application. You are right however, its a good reason to use bridge mode coupled with your own router.

By the way, this is somewhat off-topic, but there is (or was) a vulnerability in many routers due to the use of WiFi Protected Setup (WPS). This vulnerability leaves you susceptible to brute force attacks, even if you use WPA2. You may want to turn off WPS if you can. This may be fixed in newer routers.

The problem lies in the design of the WPS passcode, 7 digits are passcode, the other digit is checksum. The code is presented in two halves instead of all at once, which makes it possible to run through 4 digits instead of 7 when cracking the code. When a passcode is attempted, the router replies to the sender that the first half is incorrect or correct. So, all a hacker needs to do is cycle thru the first half of the code to find the first 4 correct digits, and then carry on with the last three, applying the checksum as necessary. The first half of the PIN only has 10,000 possible combinations which would only take 2.7 hours to guess all possible combinations. The second half of the PIN, due to the checksum value, only has 1,000 (103) combinations and would take 16 minutes to guess all possible combinations.

The other problem is that even with WPS disabled, many routers still responded to a WPS login attempt and did not limit the number of times that an attempt could be made. So, some companies have issued firmware updates to fix the situation, others may not have. There are applications out there that have been developed to conduct such attacks and apparently, as seen above this can take under 3 hours to accomplish. After that, your wireless network is wide open to the hacker. So, it is really important, if you have an older wireless router, to determine if a firmware update has been issued, and to update your router.

Ref article: »scotthelme.co.uk/wifi-in ··· ity-wps/

@DataLink Yes, I intended to write "capable", and not "cable". Thanks for pointing that out. Conversely, I would like to reiterate that I'm not asking about WiFi. WiFi is another beast, and one that everyone needs to educate themselves on how to use it securely and safely. I'm specifically asking about the network switch in the Rogers cable modem/router device. From the comments in this posting it would appear that yes indeed the employees do have access to the network switch which I find disconcerting. Here's why; with a proper network logging setup it is possible to track which devices have connected to the WiFI network. That's not the case with the network switch. A Rogers employee could sniff Ethernet frames without the user's knowledge.

Tech support employees only have access to the admin page. That page alone does not allow employees to sniff out the ethernet frames going through the network.

In theory I suppose it's possible. If you took someone with advanced networking skills and access to the network. Hell, I bet engineering could do it.
In theory.
In theory perpetual motion is also possible. Time travel, the God particle.

Reality is, it's not like there is a button that says "click here" for world domination. You'd need a serious reason to do it. Based on the complexity of what is involved, if you're capable, you probably don't work for Rogers, you'd have been recruited by anonymous or the NSA.

Anything you can imagine is possible, technology is full of holes waiting to be exploited by someone. They just need a reason. And no one has a reason to do that to your average customer.

Well said. Excellent post................

Unless I am misunderstanding the question, I would think the answer is yes.

I was at my brother-in-law's house and we were trying to configure his Rogers modem/router, as he had forgotten his wifi password. I thought if we could access the admin page we would simply change the password.

After getting frustrated trying to figure out the admin password (web searches) we finally called Rogers to see if they would tell us what the password was.

The agent asked why we wanted the password. After we told her, she did us one better(?) than providing the admin password to the router: She told us what his wifi password was!

That to me is very scary. I suggested that he go buy his own router and use the Rogers device as a modem only because it became very obvious that they could get this information. Even though they should (maybe would) not use this capability for personal unprofessional purposes, it makes no sense to me that:

- the login credentials to the router is (often) not known to the end user
- anyone aside from the end user has access to it.

edit: Although not everyone is savvy enough to configure their home network and some may view having a tech have access to their network a blessing, I am a firm believer that if one is going to purchase a product... they should learn how to use it (at least have some workable knowledge)... My car did not come with a chauffeur...

If you worry about unauthorized connections to your network, everyone saying bridge mode is right.

At the very least, even when using your own router disable gateway functions. Or at least configure the modems wireless, whatever you do, don't just leave it at default.

I won't describe how this is bad (don't want to provide the "how" to potential thieves) but leaving it as you got it makes it REALLY easy for someone to join your Wireless and use it. Like "click here" kind of easy.

And once in.. you foot the bill for their usage.

@cepnot4me
The notion that you put forth is that no one at Rogers, or any other ISP, is malevolent in nature, and that rather they are benign. That's hardly the case when evidence shows that ISPs are willingly handing over data to third parties.
»www.businessinsider.com/ ··· n-2013-6
I suspect that they monitor the ports on the network switch in their modem/router and are able to determine if excessive traffic is coming from port 2, and then shut that port down, fearing that it's a spambot process running on the device connected to port 2.

This is the whole point to the router/modem combos: ease of support. Also, Rogers doesn't want to deal with issues with 3rd party equipment, and frankly most people are incapable of properly configuring and securing their own routers.Don't confuse self-interest with malevolence. Business does what is best for business, always.

So, what it comes down to is this ...

Yes, the use gateway devices give cable operators the ability to not only see the devices connected beyond the modem, but also to potentially see the traffic on your lan and files etc. on the devices connected to the lan if there is no security in plance.

The "ability to" then comes down to "would they?" and then that comes down to "who can?".

So, would they, and if so, how far would they go?

As a business, they probably would not deliberately go beyond discovery of the MAC addresses of the devices connected to your gateway and thus in theory identifying those devices by manufacturer and model. If you had cascaded routers, even if unprotected, they probably would not go beyond the connections beyond the gateway. If you had a range extender or switch connected, then the devices connected to the extender or switch would normally be visible to the gateway too.

I would imagine they would NOT, as a business, go so far as to enter the devices or systems visible to the gateway, nor would they packet sniff on your LAN. They have other means to detect malware like spam and virusbots ... such as the service engines they used for throttling.

The risks of being sued or facing criminal charges are too high.

Now, as to malfeasance, yes, some employee COULD do all these things and more such as examining the content of your systems and monitoring the data on your LAN. The phone support technicians at work probably could NOT access beyond what the business needs permit. The higher level network techs seem to operate in their own world though and anything might be possible. The savvy phone support tech might be able to do this too but not from work where his activity is probably monitored too closely.

So, bottom line ... it's possible, but unlikely for business purposes. It's more possible in cases of malfeasance ... but again, one must ask why would they?

I'd worry more about malfeasant techs stealing CSN/MAC combinations to forge modems.

If you're that concerned why are you even a Rogers customer? Go sign up with a TPIA they have plenty of non-gateway modem options.

Sadly, it's intolerance to intelligent questions, discussion and online investigation that opens the door to consumer victimization.

People have a right to know what's going on. A right to know how secure their online activities or home networks are and who is snooping into their personal lives.

Rogers is no different than any other business. They're only as trustworthy as their employee's actions permit.

And with the HUGE data breaches being regularly reported these days Rogers customers have a RIGHT to step back and take another look at EXACTLY what really is going on.

No one can safely ASSUME Rogers is infallible.

But they don't (or Rogers won't let them) offer a combination of fast service (>100Mbps) and TeraByte (or unlimited) data caps.

As with any other purchasing decision you weigh the pros and cons.

The notion I put forth is this.
The possibility of your data being observed is possible. To think otherwise is foolish.
Ever notice how no one except BlackBerry claims to have leading edge security? No ISP will claim it can't happen, from external sources (NSA,google) to internal sources at an ISP, or even on the hardware level CISCO Or other hardware providers.

If you are connected to the Internet, your not secure. Doesn't matter who your ISP is.

Do bell techs make long distance calls to their girlfriends while working on a junction? They shouldn't, but they do.

Does anyone internally at Rogers look at your network, they shouldn't, but odds are someone has the know how to do it.

You propose a theory in this thread that your not 100% secure.
Your correct. You are not. No ISP is, it's not just Rogers.

Their support staff are there to help customers with problems no matter how ridiculous, so their access is designed around that type of support. Common support includes.

Setting up wireless security.
Changing network name or wifi password.
Checking logs.
Verifying connected devices makes sense.

"My dell PC will not connect!" " actually sir it is connected to our modem"

Now since what you propose is plausible then you also need to take in consideration that ISPS also provide you a way to keep people out.

Bridge mode.

That is due diligence right there.

As well you propose this to be a mass problem, however. You may not realize, no one at Rogers can do this to all gateway customers at once.
Our access is per account.
The most we can see is an entire node at once and even then, we only see signal levels and modem type, not administration pages which is where we need to be.

So YES. We can snoop around one device and be malicious if we have some advanced technical know how AND we aren't shut down immediately by the red flag that goes up to IT when we breach our user access. AND we actually choose to do this and risk our job.

We CAN'T do this to everyone at once, we CANT do it without being monitored. We CANT do it without being fired.

Plausible, yes. Reality... not gonna happen.

Ooh. Forgot one thing. If one device on your network has a problem. Let say your running a virus on bedroom PC that's causing trouble and you're red flagged.
Rogers shuts down the modem. NOT the port.
One device causes an issue your completely down. It's all or nothing.
I know this cause I get sent out to investigate you before they turn it back on (if you call and say it's all fixed).

I don't think anyone proposes that this is a mass problem - they are just saying that this is possible. And I would think that it is obvious that this is not unique to Rogers - it is the same for all ISPs.

Personally I am not as concerned about someone at the Rogers CO sniffing my network traffic - I am more concerned about someone knowing my Wifi password and being able to connect to my LAN. But I run my CGN3 in bridge mode and I have third party firmware on my router with WPS turned off.

But these types of issues will become more of a risk as the Internet of Things (IoT) becomes more prevalent. I have a Home Automation system that includes locks on two of my doors. The earlier version of my HA system did not do any authentication so anyone on my LAN (with enough knowledge) who was sniffing traffic could have figured out how to send a command to unlock my doors. That is no longer the case in later versions of this software.

I also have a "smart" irrigation controller so someone nefarious could connect to my LAN and turn on my garden sprinklers. Not too big a deal.

These types of risks are often not considered as manufacturers, including companies like Apple and Nest, focus more on ease of use than security. WPS is a perfect example of this.

Exactly. There's always a trade off with everything.
You want to connect to the Internet? This connects YOU to everyone, but also connects anyone to YOU.

Home automation is awesome, however simply by getting your less secure than someone who doesn't. You traded that security for ease of use.

If I had anything worth automating, I would be ok with that trade as the remote access to me, is more important than the possibility that I may be breached.

People don't weigh the odds.

What do you mean that I could get hacked?
What do you mean the nudes I sent my boyfriend could be stolen?
What do you mean my credit card was compromised after buying tickets online at ticketmaster?
What do you mean my information isn't 1000% secure?

The Internet is like accidental pregnancy. If you want to be 100% sure, abstinence is the only way.

You can buy all kinds of stuff to boost your odds, but the best you'll ever get to is 99%.

Know what your risking. Educate yourself on the You use, accept the potential risk by using it.

Me for example.

I post on DSLreports.
I knew coming here I was risking my JOB. My career.
I weighed my risks, I took protective measures to be 99% sure I minimized the risks. However, I could still get canned just by posting my opinion.
(My opinions do not necessarily reflect the opinions of Rogers or any of its employees or subsidiaries).

I've watched what I write. You won't see me post anything from my technical bulletins that end with a legal disclaimer. (Boring rhetorical stuff anyways).
I talk about what I think, what I'm told to say. What I was told that wasn't legally binding hush hush.

Still, if I rub someone the wrong way.

I knew the risk.

The TR-069 spec used with most modems can give ISPs some significant data on what is happening. I've seen demos of products (ex. Cisco Prime Home) which let the ISP see the router info (SSID, password, etc.), connection speed, list of LAN devices, WiFi signal strength (at a per device level), traffic data, and much more. As a support tool it can be amazing, but can also present some privacy concerns.