the ability to download firmware updates remotely into a cable modem is a docsis requirement (www.cablelabs.com). the process is supposed to be quite automatic and seamless to the user. it usually takes place by the cable operator forcing the modems to re-register. when a docsis modem tries to register, it sends an arp request which the cmts (cable modem termination system i.e. cablerouter) forwards to a dhcp server defined on the cmts. the dhcp server replies with an offer, cablemodem hopefully gets it, then it asks for a configuration file from the tftp server (defined in the arp response). The config file has a field about the latest firmware revision. cable operators are supposed to: assign private ip's to the modem, configure trusted ip's for telnet access (not all docsis modems have telnet daemon), disable the serial interface. how does the modem authenticate the headend system - the way a cable network works, the only place you could have a headend system is in the headend, which is hopefully physically secured. if you can get on the console, you could reset your modem, ask for the tftp file, and do some diagnostics. Dorin -----Original Message----- From: Signal 11 [mailto:signal11at_private] Sent: Saturday, November 27, 1999 2:10 PM To: BUGTRAQat_private Subject: 3Com cable modems / Mediaone I'm not certain this is the appropriate forum to discuss this, however I've been unable to locate any documentation about this on 3Com's website nor has technical support been helpful in enlightening me (I have called their 800 number). The 3Com external cablemodem (CMX) allows the upstream provider to download firmware updates into your cablemodem. This can (and I suspect usually is) done without the user's knowledge, and it took some digging to uncover this "feature". The cable- modem can also be reprogrammed via a serial port in back, although my attempts to access it have proven futile. I am also very curious to find out how to telnet into this thing, as there are references to it being "password protected" to prevent intruders. Somehow I rather doubt mine was given a password (and thus open to the whole world). I'm very much concerned about using a device, which has little/no technical specifications, with my system. Can firmware be uploaded by anyone? How does the modem authenticate the head-end system? Does anyone have any information on how to reprogram this modem? -- Signal 11, BOFH to the UF list and malign.net Where's the DIR command?
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:51 PDT