> There is also another HSMP client located at: > > http://www.larsshack.org/sw/ccm/ > > l0pht modified the above client and added > the ability to spoof the source address, allowing > for the anonymous reconfiguration of Hybrid cable > modems). Their client is located at: > > http://c0re.l0pht.com/~sili/ccm-spoof.tar.gz Howdy, As the author of the above program, I'd like to mention -- in case Hybrid tries to play innocent -- that I brought this to RCN's attention back in April of this year. The RCN folks spoke to the Hybrid folks, but as far as I can tell nothing came of it. I'm not sure they took the warning all that seriously. (RCN is a cable/cable modem/telephone provider out in here in MA [and elsewhere in the northeast].) After speaking with RCN about the problem, I was told that due to the configuration of their network, the were unable to implement a block that would be effective against machines on the same cable segment. In this case, port blocking offers only limited security -- even with HSMP blocked at the organization level, it may still be possible to exploit other security issues and gain access to a machine on your favorite local segment and work from there. In any case, I'm glad that someone has found my code to be...err, useful. Be nice. -- Lars -- Lars Kellogg-Stedman * larsat_private * (617)353-5228 Department of Computer Science, Boston University
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:58 PDT