dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
559592

xymox1
Premium Member
join:2008-05-20
Phoenix, AZ
ARRIS SB8200
MikroTik CCR1036-8G-2S+

2 recommendations

xymox1 to NetDog

Premium Member

to NetDog

Re: SB6190 Puma6 TCP/UDP Network Latency Issue Discussion

So with the Puma 7, its so close to the Broadcom in performance im not sure it matters..

Of course the Puma 6 is shit performance.

But the 7 looks good. If not for the DoS, reboot and UDP issues.

My Puma 7 firmware..

System: ARRIS DOCSIS 3.1 / PacketCable 1.5 Touchstone Telephony Modem
HW_REV: 7
VENDOR: ARRIS Group, Inc.
BOOTR: 2.1.20.480364
SW_REV: 7.0.0.26
MODEL: TM3402A
Options:
Firmware Build and Revisions
Firmware Name: TS11.01.053.9_091817_70.NCS.03
Firmware Build Time: Mon Sep 18 17:08:18 EDT 2017>

And its susceptible to the DoS with the phone going offline..

I had someone here on the forum hook to my computer and test this, so i have 3rd party confirmation.

Anon9659b
@comcast.net

3 recommendations

Anon9659b to xymox1

Anon

to xymox1
After recently getting burned by intel twice I'd rather stick with the Broadcom even if it was worse.

Anyone coming into this thread claiming their puma is flawless is going to be met with skepticism and for good reason.
If you think your puma is flawless the burden of proof is on you.
Just insisting your modem has no problems is not enough it's nice to have...
firmware version,
tier speeds,
DOCSIS channels,
any other info you can provide.
Plus the tests proving your modem is flawless and exactly how to recreate them.

xymox1
Premium Member
join:2008-05-20
Phoenix, AZ
ARRIS SB8200
MikroTik CCR1036-8G-2S+

4 recommendations

xymox1

Premium Member

said by Anon9659b :

After recently getting burned by intel twice I'd rather stick with the Broadcom even if it was worse.

Anyone coming into this thread claiming their puma is flawless is going to be met with skepticism and for good reason.
If you think your puma is flawless the burden of proof is on you.
Just insisting your modem has no problems is not enough it's nice to have...
firmware version,
tier speeds,
DOCSIS channels,
any other info you can provide.
Plus the tests proving your modem is flawless and exactly how to recreate them.

Plus in order to PROVE the flaw has been fixed we will need WAY more then one person..
xymox1

1 recommendation

xymox1

Premium Member

So Robert..

The best way to do this would be to first make sure you know how to get a new IP. Changing your WAN MAC address and rebooting should do that. So make sure you know how to do that. Then install the trial version of Deepfreeze. This will make sure your computer cannot be affected by anything. A reboot with deepfreeze on returns eberything back to exactly the same.

These steps will allow you to change you IP when we are done and will give you peace of mind I CANT do anything to your computer.

You should not have anything personal on the computer.

Thesea re just good general rules.

What would be perfect is a fresh install of Win on a old laptop or computer.

Then,, when your ready for someone to hook up to your comp, install Team Viewer. You can then watch EVERYTHING that the person does.

I would, in order

Check that your computer is hooked directly to your modem. I think you have a gateway that has a router in it. So I would need to look around in the modem web interface and look at its config to verify things. I would also verify firmware and the actual type of modem.

Then I would start pingplotter and make sure thats set up right. Get that going.

Then I would verify your IP. I would check with a internet based check your IP site and see what your IP was..

I would then setup my test program and aim it at your IP.

I would watch the results on your team viewer. The test takes like 15-20 mins to run. It would produce the stepper charts I have posted.

This would tell for sure if you were affected by the DoS.

I would then run a few more tests if you wanted. I would run some iPerf tests for UDP.

I would save all the results and transfer them to me so I had a copy.

When I was done I would have you change your MAC and reboot which would erase everything done and even erase Teamviewer install.

This would either prove or disprove your arguments. I would be HAPPY to admit I was wrong if I was wrong.

So let me know and we can work out a plan.

jtl999
join:2012-11-24
canada
(Software) pfSense
MikroTik CRS125-24G-1S-RM
Ubiquiti UniFi AP-LR

1 recommendation

jtl999 to robert_s2

Member

to robert_s2
said by robert_s2:

I don't want to publish the capture as it contains a lot of information that I don't want to disclose

if I were you I'd give xymox1 a copy of the pcap under NDA/some sort of agreement not to release it, and if you filter the pcap right you can exclude LAN devices and such.
treefiddy
join:2017-10-04

3 recommendations

treefiddy to xymox1

Member

to xymox1
said by xymox1:

said by Anon9659b :

After recently getting burned by intel twice I'd rather stick with the Broadcom even if it was worse.

Anyone coming into this thread claiming their puma is flawless is going to be met with skepticism and for good reason.
If you think your puma is flawless the burden of proof is on you.
Just insisting your modem has no problems is not enough it's nice to have...
firmware version,
tier speeds,
DOCSIS channels,
any other info you can provide.
Plus the tests proving your modem is flawless and exactly how to recreate them.

Plus in order to PROVE the flaw has been fixed we will need WAY more then one person..

i could rent a Fritzbox 6490 and i would give you guys access to a fresh installed pc to do your test. Just to prove that the Fritzbox is affected as well (if Robot is not willing to help).

But this would take me 2-3 weeks, i'll let you know. And lets wait for Robot first.

//edit: its cheap to rent one, see »www.routermiete.de/route ··· 90-cable

xymox1
Premium Member
join:2008-05-20
Phoenix, AZ
ARRIS SB8200
MikroTik CCR1036-8G-2S+

7 recommendations

xymox1

Premium Member

Click for full size
The above test for the Puma 7 was with firmware dated
Mon Sep 18 17:08:18 EDT 2017

We could have great fun testing it. You could rent it for like 2 days and return it.

Im all for it having new firmware that fixed things That would be awesome. Its just highly unlikely.

There is another possible explanation for only 5 seconds of DoS. the ISP put in place some firewall code that detects and stops the Puma DoS. That would make lots of sense and produce the results we are seeing.
treefiddy
join:2017-10-04

1 recommendation

treefiddy

Member

said by xymox1:

The above test for the Puma 7 was with firmware dated
Mon Sep 18 17:08:18 EDT 2017

We could have great fun testing it. You could rent it for like 2 days and return it.

Im all for it having new firmware that fixed things That would be awesome. Its just highly unlikely.

There is another possible explanation for only 5 seconds of DoS. the ISP put in place some firewall code that detects and stops the Puma DoS. That would make lots of sense and produce the results we are seeing.

Robert is customer of Vodafone, i am a customer of Unitymedia. So we will not have the same provider but i think it would still be very interesting to know more about the Fritzbox. Also i am pretty sure Unitymedia and Vodafone are reading this thread (@UM @KBW FU for not responding to my emails )

Anon4f513
@..planung-im-netz.de

1 recommendation

Anon4f513 to NetDog

Anon

to NetDog
@robert_s2

Ger: Bei welchem Kabelanbieter bist du? Möglicherweise stoppt der Provider ja tatsächlich diese langen DoS Attacken?
(ich bin bei Primacom, jetzt Pyur. Soweit ich weiß haben diese 6490er Boxen noch FW Ver. 6.50)

Eng: at which provider are you? Possibly your provider blocks the DoS attacks.
(I'm at Primacom, now Pyur. As far as I know these 6490er boxes still use FW ver. 6.50)
treefiddy
join:2017-10-04

2 recommendations

treefiddy

Member

said by Anon4f513 :

@robert_s2

Ger: Bei welchem Kabelanbieter bist du? Möglicherweise stoppt der Provider ja tatsächlich diese langen DoS Attacken?
(ich bin bei Primacom, jetzt Pyur. Soweit ich weiß haben diese 6490er Boxen noch FW Ver. 6.50)

Eng: at which provider are you? Possibly your provider blocks the DoS attacks.
(I'm at Primacom, now Pyur. As far as I know these 6490er boxes still use FW ver. 6.50)

He is customer of Vodafone Kabel Deutschland, source: »www.kdgforum.de/viewtopi ··· start=50

telcodad
MVM
join:2011-09-16
Lincroft, NJ

1 recommendation

telcodad to Anon4f513

MVM

to Anon4f513
said by treefiddy:

said by Anon4f513 :

@robert_s2
:
Eng: at which provider are you? Possibly your provider blocks the DoS attacks.
(I'm at Primacom, now Pyur. As far as I know these 6490er boxes still use FW ver. 6.50)

He is customer of Vodafone Kabel Deutschland, source: »www.kdgforum.de/viewtopi ··· start=50

Yes, also from earlier in this thread:

From: »Re: SB6190 Puma6 TCP/UDP Network Latency Issue Discussion
said by robert_s2:

... My ISP is Vodafone Kabel Germany, but as I wrote, contacting them would be pointless, as they're not involved at all when it comes to the Fritz!Box 6590 Cable.


xymox1
Premium Member
join:2008-05-20
Phoenix, AZ
ARRIS SB8200
MikroTik CCR1036-8G-2S+

1 edit

3 recommendations

xymox1 to NetDog

Premium Member

to NetDog
There is some live chat goign on right now on the badmodems chat space thats been amazing.. A MAJOR MSO guy came and had a LONG discussion on the current state of things puma related.. Its WAY worse then we thought. On many levels. It truly is Pumageddon. As most of the conversation was sorta private I dont want to post here, but, you could come chat and watch. Not sure how much longer he will be there.

He has gone idle. But is still online. badfirmware_altice
»badmodems.com/chat.htm
MOC
join:2015-10-18
NC
Netgear CM600
Ubiquiti EdgeRouter PoE
ARRIS BGW210-700

2 edits

3 recommendations

MOC to robert_s2

Member

to robert_s2
said by robert_s2:

I came to this forum to gather some knowledge about the Puma6 issues and find out if my Puma6 device is really affected. It turns out it's not (which was surprising to me), so I'm happy about that outcome...

You could also update »www.badmodems.com/Fix.htm to state that there IS a fix and name the companies responsible for not delivering it. Put the blame and shame where it belongs.

I don't see where you've provide enough to do anything of that nature. You've said the Fritz!box 6590 has a Puma 6, but we have no way to confirm this whatsoever. If you could provide documentation or AVM would confirm it is a Puma 6, that would help. I don't think DOSCIS 32x8 is reason enough to assume it is 6 because nothing would prevent an OEM from sticking in a Puma 7 and keeping it configured lower. You're also on EURODOCSIS which doesn't even have a 3.1, but has a higher theoretical max speed due to different channel widths, etc so that could contribute.

You haven't told us your speed tier and your channel configuration. The channel configuration has been shown to be related.

AVM has not responded and said, yes we received an update from Intel in August and implemented it. AVM has not responded at all, and if this was the case that they were the only OEM to implement a fix, it seems they would be glad to say their firmware does. I don't think the NDA would prevent them from confirming they released an update which implemented updates provided by Intel.

Lastly, you confirmed your connection suffered from the DoS attack. Although latency may be improved possibly because it is a Puma 7, has a low number of channels, or you have a low speed tier, the DoS issue still makes it a security flaw and affected by the Puma issue.

Edit: We also would need someone else to confirm the issue is resolved with that FW update after determining which Puma it is.
Tsunami2311
join:2004-01-17
Wilmington, NC

1 recommendation

Tsunami2311

Member

has 1602a fw been patchs to fix this? I still using my 822g for 200tier, and after months argue optimum to fix the lines and nodes and they did. would be nice to 16x8 though, would be even better if they just finish FTTP so dont need modem and none this would issue

xymox1
Premium Member
join:2008-05-20
Phoenix, AZ
ARRIS SB8200
MikroTik CCR1036-8G-2S+

1 recommendation

xymox1 to MOC

Premium Member

to MOC
Robert, While not official, I now have a very good source that said very clearly NO modem vendor in the world has a DoS fix. While not 100% conclusive, the source of this info was impressive. So im further doubting you have firmware different from the V version we all know.
xymox1

2 recommendations

xymox1

Premium Member

Robert, I would still be very interested in testing your modem.
Tsunami2311
join:2004-01-17
Wilmington, NC

1 recommendation

Tsunami2311 to xymox1

Member

to xymox1
said by xymox1:

Robert, While not official, I now have a very good source that said very clearly NO modem vendor in the world has a DoS fix. While not 100% conclusive, the source of this info was impressive. So im further doubting you have firmware different from the V version we all know.

one more reason why i dont want puma6 modem, less this effect modems with the same chipset the TM822G uses. as if the latency issue wasn't enough now DoS issue? i dont know how these isnt mass lawsuits going on bout this all
MOC
join:2015-10-18
NC
Netgear CM600
Ubiquiti EdgeRouter PoE
ARRIS BGW210-700

2 recommendations

MOC to Tsunami2311

Member

to Tsunami2311
said by Tsunami2311:

has 1602a fw been patchs to fix this? I still using my 822g for 200tier, and after months argue optimum to fix the lines and nodes and they did. would be nice to 16x8 though, would be even better if they just finish FTTP so dont need modem and none this would issue

As Xymox just said there is no fix for the issues. The TM822G 8x4 uses the Puma 5 so it is only susceptible to the DoS issue less so than the Puma 6/7. It is not susceptible to any latency issues like the Puma 6/7.

It looks like the TM822 is probably your best bet if using their provided modems and voice service since it won't have the additional Puma 6 issues of the TM1602 and TM1672.
»optimum.custhelp.com/app ··· ed-modem

For buying your own modem, I'd refer you to the Optimum thread/forum to see what you can do and if you can do a device separate from the EMTA or what is needed for the voice service if you have it:
»BYO Compatible modems for Optimum Internet
Tsunami2311
join:2004-01-17
Wilmington, NC

1 recommendation

Tsunami2311

Member

sound about right i guess i should never expect the tm1602a to be fixed, it all good I have TM822G happyl give me 210mbit + after arguing with optimum 6 + months and 6+ tech tell them and there survivors the issue is not my house line or modem and it was there nodes. after that optimum tech truck were out in droves in my town check everyone for issues.

Anon686e2
@unitymediagroup.de

2 recommendations

Anon686e2 to MOC

Anon

to MOC
said by MOC:

You've said the Fritz!box 6590 has a Puma 6, but we have no way to confirm this whatsoever. If you could provide documentation or AVM would confirm it is a Puma 6, that would help. I don't think DOSCIS 32x8 is reason enough to assume it is 6 because nothing would prevent an OEM from sticking in a Puma 7 and keeping it configured lower. You're also on EURODOCSIS which doesn't even have a 3.1, but has a higher theoretical max speed due to different channel widths, etc so that could contribute.

I did a quick google search and found some slides by AVM (»www.cabletech.at/pdf2017 ··· 2017.pdf) and a German news article (»www.golem.de/news/fritzb ··· 973.html), both confirming the Fritzbox 6590 as a Puma 6 device.
The upcoming 6591 is going to support DOCSIS 3.1 btw, so that'll presumably be AVM's first Puma 7 based product.

xymox1
Premium Member
join:2008-05-20
Phoenix, AZ
ARRIS SB8200
MikroTik CCR1036-8G-2S+

3 recommendations

xymox1 to NetDog

Premium Member

to NetDog
The discussion today in chat was stunning. I can't be detailed as the MSO person requested that. However, his discussions made it very clear nothing on the DoS has occured. The ONLY firmware to ship this year for a Puma 6 was was for 2 devices only. That was the V firmware. There has been no firmware after the V firmware for puma 6. None even announced. Just that they are working on it. There were many other things said that were really interesting, how the MSOs see HUGE costs involved in this. Arris has gotten all lawyered up and its effecting relationships with MSOs. Modem vendors are horrified with the costs involved. The big cost might be the Puma 5s for the MSOs. They have a LOT of Puma 5s that need a DoS fix.

It was good to hear tho that MSOs are keenly aware and are pissed. Its a huge mess and its not getting fixed.
Bismarck
join:2002-05-22

Bismarck

Member

I think there were some more firmwares, but only on new sold devices.

I have a Hitron CDA3-20 which has firmware 4.5.0.14 in it, but the same CDA3-20 device which Shaw cable now carries has firmware 4.5.0.19 in it.

xymox1
Premium Member
join:2008-05-20
Phoenix, AZ
ARRIS SB8200
MikroTik CCR1036-8G-2S+

1 recommendation

xymox1

Premium Member

There was some scary discussion about customer owner equipment. A legal decision was made by the MSO to NEVER EVER update customer owned gear because of the libility. Also the cost of a call in by the customer. This MSO had done studies around this Puma issue. They looked at different ways to handle this. You should have heard the discussion. Its was lucid. The number of products involved when you look at Puma 5/6 was overwhelming. They dont have have the people, both in number and in technical prowess to test for things like latency. This is all normally done by the modem makers - but they cant trust them anymore. He rattled off a list of things thats required for each model to adapt the firmware, then test it, then deploy it. For sure there would be .2% or more of issues. That sounds low until you considered he is talking about millions of devices. Truck rolls, people being down and unhappy, support call center expenses. For each device they do.

Arris is downplaying the TCP impacts,, STILL.. Even tho we have really well documented reports of this. Mackey said he might craft up a TCP version of the DoS so we put to rest a few issues. So apperently Arris and maybe Intel are still in denial about some aspects of this.

So this MSO is just mind blown by the costs of this across Puma 5/6/7.

The time frames are also now coming into focus. Its forever.. Literally forever if its customer owned. It gotta take a LONG time even for MSO owned equipment.

This MSO was very clear more then once. There is no fix thats made it to MSOs yet for the DoS for even a single device.

This issue is going to be around a LONG time folks.

So this pause we are seeing is everybody REELING from the cost aspects of this. Im sure cable modem vendors are in literal financial shock. Imagine how many different firmwares there are for Arris alone. Each one has to be created, tested, modded, retested,,, I bet Arris alone has 50 effected models.

I would imagine all this will result in lawsuits.

So if a DDoS attack comes along that targets IP blocks at a time based on a botnet, it will really be Pumageddon. If that attack occurs no one will have a plan.

He discussed mitigation. NO WAY.. The DoS Cant be blocked by an ISP. He discussed why in detail. Talking about specific gear. YES it can be blocked but the gear to do it costs zillions of dollars and no way a ISP is gonna buy it just for this.

So we are cruising forward with little hope of a fix anytime soon. Sorta no doubt this will get worse before it gets better.

This issue is a lot worse then I thought.

It was a crazy day in chat.. I have passed all this along to Intel, Press and MITRE..
robert_s2
join:2004-04-16
GERMANY

4 edits

robert_s2 to xymox1

Member

to xymox1
said by xymox1:

Robert, While not official, I now have a very good source that said very clearly NO modem vendor in the world has a DoS fix.

So this boils down to the assumption that the DoS used to test my modem was insufficient? A better description of the DoS vulnerability would be helpful, as the news reports linked on badmodems.com are conflicting:

»www.theregister.co.uk/20 ··· _to_dos/

"You send a stream of 200Kbps of TCP, UDP or maybe even ICMP to different port numbers, and it has a tiny table to keep track of these that fills up. The device becomes immediately unresponsive. It comes back after you stop," our tipster explained.

That apparently does not apply to my modem, which was hit by a >1Mbps UDP DoS attack and only showed a short surge in latency, but was otherwise fully operational. An ongoing phone call was completely unaffected, and a speedtest yielded full speed (200Mbps is my subscribed speed, BTW).

But I see the other linked news report has different numbers:

»www.techradar.com/news/v ··· -big-one

According to ISPreview, reports claim that even a meagre 1Mbps DoS attack will bump up the latency on your connection by around 20ms, causing a number of peaks and packet loss, too.

And if that’s doubled up to 2Mbps, you’re looking at huge problems such as 200ms extra latency and a packet loss level of around two-thirds. Jack that up further to 3Mbps, and packet loss of around 85% is generated, with things effectively becoming unusable even for basic surfing (let alone online gaming or business videoconferencing, for example).

The description in the first paragraph still described worse effects than I have actually seen, but it's not as far off.

So, to put some clarity on this DoS issue:

1. Please stick to specifying PACKET RATES when describing the attack rate. Bit rates are too unclear, as the size of the attack packets presumably has little influence on the effect, but high influence on the bit rate. An attack using MTU-sized (1500 bytes) packets presumably has no worse effect than an attack using minimum-sized (64 bytes) packets, but requires OVER 20 TIMES as much bit rate. So a "20Mbps attack" could have even less effect than a "1Mbps attack".

2. @xymox1, since you seem to have the tools to do so, could you re-test the effects of the DoS attack on your Puma7 device, using minimum-sized packets at varying packet rates (and annotating those) and describing which effects you see at what packet rates (i.e. at which packet rates phone calls are affected, dropped or even impossible, the modem becomes unresponsive, reboots, etc)?

3. What I can say for now is that my Puma6 device only showed a 5 seconds surge in latency which wore off during an ongoing attack that lasted over a minute, with 64-byte UDP packets to random port numbers at 2,000 packets/s.

I would want to contribute more, but unfortunately I'm very time-restricted :-(
MOC
join:2015-10-18
NC

MOC

Member

What's your upload speed on your tier? Is there a modem status page you can post that shows the channels? Once we have that, it will be up to someone else with the Fritz!Box 6590 and same fw version to confirm.

Anon4f513
@..planung-im-netz.de

Anon4f513 to xymox1

Anon

to xymox1
Here is an image of the latest firmware for the AVM Fritzbox 6490: »download.avm.de/firmware ··· 85.image
Anon4f513

Anon4f513

Anon

If the link above does not work, look in this forum contribution: »www.pyurforum.de/viewtop ··· 0#p12460

mackey
Premium Member
join:2007-08-20

2 recommendations

mackey to Anon4f513

Premium Member

to Anon4f513
said by Anon4f513 :

Here is an image of the latest firmware for the AVM Fritzbox 6490: »download.avm.de/firmware ··· 85.image

Attached. Seems to be a tarball.

Anon4f513
@..planung-im-netz.de

Anon4f513

Anon

Thx

nallar
join:2016-12-07

1 recommendation

nallar to NetDog

Member

to NetDog
A firmware update has gone out to at least some virgin media hub 3 users.

»community.virginmedia.co ··· 8#M37296

Software version : 9.1.116BA3

No proper testing of it has been done yet. I guess it's the same as the V firmware here but don't have a hub 3 any more to test with.