It may effect all of the Hybrid product line, but it does not affect all companies using Hybrid cablemodems. The company I currently work for, AccelerNet.net, uses a hybrid (no pun intended) Hybrid cablemodem system over UHF channel 43 in Houston, TX to do wireless T1 or greater service in the city of Houston and surrounding areas. The nature of our system, without going into too much technical detail, requires a wired return path for all packets from the customer since two way UHF is currently impossible or at least difficult with the current FCC regulations. This wired return path is usually an ISDN router or an analog modem plugged directly into the cablemodem. So, we block all udp packets on port 7777 at our exterior gateways, at the remote access devices that the wired connections come in to, and on all hardwired point-to-point connections to minimize the danger as much as possible of someone using HSMP to re-configure the cablemodems. We're now limited to machines/people on the local network of the cablemodem, and when the cablemodem is configured in house before it's shipped out. So, we've tried to make the setup as secure as possible until Hybrid allows you to turn off HSMP/remote configuration. If I recall correctly, a message hit the Hybrid-users lists run by Hybrid about a program called Hybridcon back in August of this year discussing this as a problem. Also, while you can log and block the traffic at your firewalls, routers, intelligent switches, etc., the Hybrid modems have no logging facilities of their own that we've been able to pry from Hybrid or find on our own and are fairly un-intelligent devices. I'm using the N-201 Multi-user, Hybrid NOS version 70734. -- Joseph W. Shaw - jshawat_private Free UNIX advocate - "I hack, therefore I am." On Tue, 12 Oct 1999, Jon Paul, Nollmann wrote: > At this point, I'd assume that the exploit applies to all of Hybrid's > product line > > My provider spoke with Hybrid this morning, and apparently Hybrid has > a patch for the problem that fixes it in some unspecified way. According > to my provider, Hybrid merely said that "only people you allow will be > able to configure the modems" but that they made clear that remote > configuration was still enabled. Maybe they'll use a password (easily > sniffable). I think it's more likely at this point that Hybrid will > merely check the source address (!) of the packets, and compare those > addresses with a table configured by the provider. > > I'd like to believe that Hybrid will fix this in a sane way, but since > they're remaining hush-hush about the fix, I think the chances of that > are very slim. > > -- > Jon Paul Nollmann ne' Darren Senn sinsterat_private > Unsolicited commercial email will be archived at $1/byte/day. > Dis.Org's propensity for casual violence is little different from that of > any street gang. Carolyn Meinel > > > -- > Jon Paul Nollmann ne' Darren Senn sinsterat_private > Unsolicited commercial email will be archived at $1/byte/day. > "Tis better to remain silent and be thought a fool, than to speak up and > remove all doubt." Benjamin Franklin >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:33 PDT