W.O.W. → Motorola SB5101 "Baseline Privacy" Skipped

I recently switched to W.O.W from TMC.
The tech left before I could even sync the router with the modem.. he said my signals looked good and then he bolted.

This modem does not have much of a web interface but it's showing baseline privacy as being skipped, So I assume that means the modem is running in the clear.

I've tried resetting the modem several times, I also "reset to default"
but it's not helped.

I tried checking it with SNMP but this only seems to work with the cable unplugged, soon as it's online I lose it, Im guessing WOW must disable even read access on the client side.

I bought this modem 2nd hand from a junk store for 3 bucks a few years ago when I was with TWC and they started charging for modem rentals.

I know it's an older modem but It works fine for 15/1 service so I'd rather not replace it unless I have to.

Firmware: SB5101-2.12.2.0-GA-01-707-NOSH

Im in Columbus, Oh

anyone have any ideas? I know it's unlikely anyone sniffing traffic but I didn't have this problem coming from TWC.

Interesting that you say the 5101 will be fine for your use. I have a 5101 sitting on the shelf collecting dust because several years ago WOW! stopped supporting it by not providing firmware upgrades. At least that's what I was told when I had issues with internet speed. Rather than arguing about it I purchased a SA modem that they use as a rental so I am assured it will be up to date.

It's fine for my use 15/1, in so much as this is the same speed I was running on TWC with this modem for the last 2 1/2 years, So what I meant was that the modem even though it's old can handle the speed.

Like I said we just switched to WOW, under TWC this modem ran fine.
I've not speed tested it but the connection appears to be fine under WOW only I don't think baseline privacy is active.

as far as WOW support it's on the approved modem list.
»www.wowway.com/docs/wow/ ··· list.pdf

I haven't called them yet, When we called for a install appointment the CS rep kept trying to sell me "protection plan" kept harping about how with this monthly insurance they'd even trouble shoot my modem.. apparently normally (according to CS rep) they won't if it's YOUR modem.

The install tech wouldn't even wait around 2 mins for me to sync the router up to the modem so I could check the status, he was like "well this is your setup, call if you have any problems" and then he bolted.

I got a feeling im gonna get cold reception from them when I call because we didn't get the monthly insurance BS, that's assuming I can get someone who even knows what BPI is.

MAYBE I buy a new Doc3 modem and this all goes away.. then again maybe not.
The 5101 can handle 15/1 and unless something physically went wrong with it when switching to wow.. (which seem unlikely) Im trying to avoid the expense of a modem replacement.

Wide Open West is too flat out stupid to enable BPI. Period. This has been brought to their attention repeatedly. They explicitly REFUSE to enable even BPI - standard for nearly a decade now - or take any actions to secure their network when issues are brought to their attention.

So you're saying this is universal across all WOW service? or it's isolated to my area?
I tried searching this problem out and didn't run across anyone else having this problem so it didn't seem common to me.
Am I to understand that you also have this problem with WOW Root?
They explicitly refused to enable BPI? What was their reasoning for not?
Please share the history with me, First time I've had wow service so they're new to me.

I know it is on the approved list but when I was having problems with inconsistent speed a few years back several well informed people told me that since WOW! will not provide a firmware update the modem "may" have been the reason for the problem.

In retrospect its possible that it was not the modem causing the problem although I do remember again trying to use the 5101 after a while with the new modem and it again was having some issues. I went back to the SA modem and it has been very reliable. If the 5101 works for you that's good.

WOW refuses to turn on BPI system wide. Period.They just don't understand or care what BPI is, what it does, or even that it exists. Most of the "experts" don't comprehend what an IpFilter is or how it's used to implement stealth traffic interception.They refused to provide a reasoning, but I've had three employees including one that is supposedly a senior DOCSIS engineer explicitly say they have no intention of turning on BPI and consider it "unnecessary." They also considered it "unnecessary" to change the SNMP community strings on core networking gear, because users totally couldn't just put themselves on the 10.0.0.0/8 network that WOW keeps exposing. And what could anyone possibly do with the RO v2 community after all? (That's me being sarcastic of course.)

Of course, they did finally change the service password seed on the Arris modems when users started calling in with useful diagnostic data. Nevermind that the only "risk" is that someone will find a filename they can't do anything with, or gasp! Find out that there's a separate sFlow for VOIP traffic to make it more reliable! THE HORROR!
Didn't fix anything else of course.

Thanks Root, This is disappointing to hear.
I can't understand why they wouldn't implement it, But I guess you just saved me about 70 bucks on a new modem :/
We switched to wow because TWC kept increasing the price on us, so we jumped over to WOW which had a promotion for HALF the price (same speed) TWC wanted for the next 12mo

I hate TWC but one thing I can say for them.. they actually have BPI implemented.
I guess we'll deal with it till something else comes along, I know the odds of anyone sniffing the traffic is probably pretty small but It's alarming that an ISP would ignore this simple layer of security.
It gives you kinda a dirty feel.

You think that's bad, like I said, default SNMP community strings. On the core equipment. Which was very easy to access. They don't just ignore the super simple stuff that would have absolutely no impact - they aggressively ignore the significant infrastructure stuff and pretend they're magically immune to even the most cursory of probing. Hell, I found their entire core because I typo'd a command while working on something internally.

Yep. Typo'd a 10net address and that was all it took. And when I brought it to their attention in a responsible fashion, they did nothing but argue how it was totally secure for the exclusive reason "because we say it's secure."

Yes, best practices dictate that SNMP communities are changed from default. But ultimately, you can't do any harm with just RO access. Back when I had WOW, I used to keep MRTG graphs of the traffic on their core routers just for giggles.

As for BPI, that's just inexcusable. Unfortunately it's nothing new for WOW. They couldn't even properly provision customer-owned modems for years. WOW's been a second-rate provider since they dropped the logo above.

They did not always have it enabled, fwiw. I remember when they took over Adelphia here it become disabled for some time but then it became enabled out of the blue, not sure why..maybe some policy change. At the time, they used their own solution instead of BPI, whatever that was but it must have worked.

I also know the small regional carrier Metrocast does not utilize BPI even now, at least up this way.

It certainly is not necessary to have enabled.

Didn't test the RW strings, did you? Yeah. The all new Juniper gear went straight off a cliff as soon as PSE left the building, too... to describe it as insecure is as to describe the ocean as slightly damp. But hey! Users totally can't get at the CMTS, right? You know, except for all the times they can - which is all the time, because they still over-announce all the 10net. In fact, the only thing between users and the supposedly secure bootfiles is IpFilters on the modems.They've never been anything but a second rate provider, that's just a fact. The difference is, they used to give enough of a shit to at least TRY to improve. Now? They just try to shout down or discredit anyone who points out that their entire infrastructure is an FCC reportable data breach waiting to happen. Nevermind the continued attempts to reimplement NebuAd in the same already declared illegal fashion.

Sorry, did I say waiting to happen? I should say "likely in progress, but good luck finding it out."As one of the people directly involved in things, I can actually speak authoritatively to what was up with Adelphia's setup. The Maine territories were not original build-outs, but almost exclusively acquisitions. Most of the acquisitions up north frankly, involved having to call a locksmith and having techs boot systems to single-user. Former employees were, shall we say, not pleased.

End result, many of the configurations up there were whatever had been last set, until new gear could be brought in. Priority for gear was determined by business which went by plant and existing. All I know about the ranking was that 864MHz pre-DOCSIS was top of the list - presumably because it was the easiest.This is utterly wrong and false in every possible regard. Per CableLabs and literally all of its members, BPI is not only a MANDATORY FEATURE (meaning failure to have it since 1.0 makes your equipment non-compliant) but must be enabled for all areas with no exceptions. There's a reason for that - the reason being, leakage as a result of failure to enable BPI is not only extreme but is also immediately a failure to protect PII.

The FCC takes an absolute zero tolerance approach with PII disclosure, and in cases where an MSO is clearly being negligent - e.g. failing to enable BPI - may pull their license. It is not called "Broadband Privacy Interface" or "Baby Protecting IP." It is Baseline Privacy Interface, and the "Baseline" is for a damned reason.

I remember the buy-out. However as i saw, overnight going from Adelphia - TW when the modems came back up BPI was skipped (it was enabled with adelphia prior). I posted about this specifically in the forums at the time and a TW employee who worked on the back end of things PMed and stated that they used a different in-house solution. Now, I have no clue if the TW-proper systems in the next city over had the same deal or not. I just know it became disabled at the migration and was disabled for quite awhile.

I will PM him again right now, even though he no longer works there, maybe he can expand on what was used.

Two somewhat large ISPs do not use BPI that we know of, W.O.W. and Metrocast (at least up here) so either no one pays attention to it or there is more going on in the background than we may know.

I left long before the time TWC took over Maine, but my guess would be that Adelphia rolled Maine out as a Cisco uBR/CNR deployment. Configuration management with that was a special level of stupid. The kind you only achieve by applying a shovel to your skull several dozen times. Everything about CNR was incompetent at best ("what do you mean only one person can ever log in to it at a time, but it's not enforced?!") which made it one of the top reasons I was glad to get out. I had no interest in beating something that incredibly stupid into behaving on a regular basis - the crap with the 'dumb' CMTSes in the build-out regions was hellish enough.

Probably TWC had to try and do configuration recovery and conversion without having the signing keys or CNR, and there was a whole song and dance to do it "right" on the early uBRs which involved CNR. IIRC, TWC's "in house" was actually acquired from Crack-Home ahem sorry @Home. And getting a mess like that back to a sane state takes literal months. Unless you want to turn everybody's cable service off for like a week - yeah, that'd fly.What's going on in the background is that they're both incompetent, simple as that. Metrocast isn't large - they have about 164,921 customers total. To put that in perspective: the New Jersey regions sold to Comcast by Adelphia around '00 were about 125,000 active subscribers. (And that wasn't even all the regions in the state.) WOW is a whopping 13th, giving them absolutely zero excuse for being demonstrably more incompetent and less technically capable than RCN who is in 15th with less than HALF the customers, to say nothing of Buckeye Cable who sits in 25th out of 26th - yet still manages to enable BPI+ and managed to offer 110/5 in 2012!

So there are exactly ZERO excuses for WOW's incompetence and offerings. If the font of misery that is Buckeye can somehow manage to beat you to 110 by THREE YEARS despite having a total of ~130,000 customers and no business sales to your over 700,000 residential subs before the "business service" scam? Either you're incompetent and negligent, or just taking everyone for a ride.

mmm just got my first bill from them.
They got me down for that protection plan BS they was trying to sell me even though I told them no on the phone

Gonna call them tomorrow, I'll bring up the BPI issue then although im not expecting much

No, this was back in my younger days, and my parents were already sick of getting cease and desist letters due to my curiosity.

well.. let see.
Got some foreign guy (no surprise there)
First order of business I got the protection plan removed.. that was actually not much hassle.

Then I asked to be sent to a tech.. well "I can help you" he says (unlikely but ok)
I tell him my modem is showing BPI being skipped.. which I can only assume means it's disabled.

He says everything looks fine over here, How do you see that? where do you see that?
I explain the modem has a web page that displays status info.

I tell him near as I can tell the connection is fine just BPI is being skipped.
He says well it's fine over here, when ever you have a inconvenience like that you need to contact the mfg. since it's not one of their modems.

I ask him if they have BPI enabled on their end?
*he hesitates.. I can smell the goo between his ears melting thru the phone*
he quietly says no..
I say, YOU DON'T have BPI enabled on your end? (just so im sure I heard correct)
.... NO (a little louder this time)

I say.. well that's the problem.

He puts me on hold while he checks on something (tries to find a script on the computer covering the question im to assume)
He comes back and says he's "sending some signals to my modem"
It reboots, comes back up.. yup still skipped.

So he puts me on hold again.. comes back.. another reboot.
At this point he says everything is fine, looks fine, he asks why browser im using?
That's irrelevant but I humor him with an answer.. nothing comes of it.

Then he blames it on possible wifi interference, when that doesn't jive he blames it on the router.
It's not one of their devices so they can't help me, I'll have to contact the mfg.

I ask him simply if they have BPI/SEC on their end, He already answered early on but now he's blaming everything else so I ask again.

He avoids answering for the longest time keeps dodging the question by telling me I need to contact the mfg.

I told him this was a docsis standard and that I don't call ford when my car has a flat.

I ask him if he understands what BPI is, he says yes.. I ask him again is it enabled on your end? Now he tells me he does not have that information.
I ask him to transfer me to someone who does.

He puts me on hold for like 5 mins.. maybe he's looking stuff up, asking someone else or really is trying to transfer me. (I have no idea which.)

He comes back and tells me no one in the tech department is answering.
So I ask for their email, he can't give me that information.

Again he tells me I'll need to contact the mfg.
So we've hit a complete dead end, he doesn't know, cant' find out, can't transfer me and wont give me the email of someone who does.

So I ask him for the model number of the current docsis 3.0 modem they're issuing to customers as rentals.. he hesitates and him hauls around.
I told him worse case scenario I'll buy a brand new 3.0 modem and if the problem persists then we know its your fault.

He puts me on hold again, eventually coming back with a list of modems they issue.. all Arris, I ask him if they issue the sb6121 because that's the one I've eyed a few times.. but no they don't issue that one.

later I look up the modem numbers every one of them are router/modem gateways, but I want a simple modem, no wifi or other BS.

I honestly see no point in wasting the money on replacement at this immediate time since im fairly confident it won't fix a thing.

If I thought calling back and getting a different rep would get me anywhere, but im pretty sure that's a waste of time.

lol I guess they're living up to their name Wide Open West.

Using a WOW owned modem won't make any difference - they have built profiles for each modem they support. Their tftp server doesn't know the difference between a modem they own and one you own. If you really want to have some fun go to their website and find their executive management page. All WOW employees have an email address of FirstName.LastName@wideopenwest.com. Maybe you could try asking all their executive management?

I was quite surprised when I got a foreign CSR when I called WOW! recently. Wasn't aware they had gone that route but I guess it must have coincided with their job reductions last year. It is still possible to speak to someone in Colorado and I think Alabama but they don't make it easy.

The guy I spoke to couldn't even get me a new remote, I can't imagine anyone over there would know anything about what you were asking.

Time to drop this ISP before they drop off the face of the Earth. Anyone that knows those exploits--use them to fix their network. Because we all know that they can't.

UPDATE: Tonight had an outage, after about 15mins of checking wires, reboots, etc
It finally came back up, I decided to go take a look in the modems logs and I noticed BPI is no longer marked "skipped" it's marked "done" meaning operational.

I don't know when it happen or the why or how.