Hi, before I answer the security question regarding the 3COM cable modem, I would like to make something clear...the basic rule for security issues with cable modems used to be "all cable modems were not born equal" , meaning every manufacturer (i.e. 3com, com21, nortel, motorola, terayon, etc) had their own propriatary standards and what was true for one cable modem was hardly ever true on another. Quite recently (last year or so) standards for these devices have been developing (this is a good thing for consumers). First under the name "MCNS" and recently under the name "DOCSIS" (Data-Over-Cable Service Interface Specification). (More info about that at www.cablelabs.com & www.cablemodem.com and even more at www.cablemodeminfo.com ). At present most cable modem manufacturers are at version 1.0 of this standard (and we all know what this means). Anyways, what we're getting at here is that now what may affect a 3COM modem may very well affect a slew of other manufacturers. This however; is not to say cable modems are full of security issues. In fact I would argue that DOCSIS cable modems are very likely one of the most secure methods of accessing the internet, since data between your modem and the CMTS (Cable modem Termination System) in your cable provider's head end (equipment room) is first of all encrypted and secondly modulated in (QAM or QPSK) Radio Frequency which to most people will look like a bunch of noise. Thirdly, most if not all cable providers assign DOCSIS cable modems private IP addresses for management purposes via the standard BOOTP process. Needless to say, that's alot more security than any dial-up connection I'm aware of. Now, because the modem's IPs are private, this usually means they are not reachable from the internet so it is somewhat safe from external intruders. The BOOTP process itself is carried out from the RF (coaxial) interface on your modem and not from the ethernet side, so this will be a little hard for you to manage this process without owning your own CMTS. Now here's the interesting part... The BOOTP process is a process similar to DHCP which not only assigns your modem an IP address but also uploads a configuration file (most of which are binary or md5 files) via TFTP. The content of these configuration files are things such as what frequencies your modem should talk at over the RF network, the IP of the upgrade server, any protocol filters implemented (such as NetBUIE equivalent blocking so you can't see all your neighbours in your windows network neighbourhood icon) and last but not least the speed at which your modem should function for uploads and downloads. So, even if you somehow managed to miraculously modify your cable modem's config file, keep in mind that everytime your modem powers up it initiates that BOOTP process via the RF side and your Cable Provider would upload you a fresh config file that would override anything you had preset. Now to answer your question....3COM has plenty of info about their cable modems on their site http://www.3com.com/products/cablemodem/ , in fact, they even have the manuals http://consumer.3com.com/cable/manual/index.html . This so called "firmware" is uploaded to your cable modem by your Cable provider with the intent to provide you the latest features or bug patches. This procedure is usually done via SNMP. Hope that's enough to chew on for a while ;-) Luis Henriques ----------------------------------- Date: Sat, 27 Nov 1999 14:09:44 -0600 From: Signal 11 <signal11at_private> Subject: 3Com cable modems / Mediaone MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I'm not certain this is the appropriate forum to discuss this, however I've been unable to locate any documentation about this on 3Com's website nor has technical support been helpful in enlightening me (I have called their 800 number). The 3Com external cablemodem (CMX) allows the upstream provider to download firmware updates into your cablemodem. This can (and I suspect usually is) done without the user's knowledge, and it took some digging to uncover this "feature". The cable- modem can also be reprogrammed via a serial port in back, although my attempts to access it have proven futile. I am also very curious to find out how to telnet into this thing, as there are references to it being "password protected" to prevent intruders. Somehow I rather doubt mine was given a password (and thus open to the whole world). I'm very much concerned about using a device, which has little/no technical specifications, with my system. Can firmware be uploaded by anyone? How does the modem authenticate the head-end system? Does anyone have any information on how to reprogram this modem?
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:52 PDT