On Sat, 27 Nov 1999, Signal 11 wrote: > and it took some digging to uncover this "feature". The cable- > modem can also be reprogrammed via a serial port in back, > although my attempts to access it have proven futile. The serial port is 8N1 w/ baud rate of 38400. Try a null or straight serial connection. I cannot remember which one is which. The 3com CMX has a read only serial console. Modems like the ubr900 series (904 and 924) contain read/write consoles (but passwords may be set). If you purchase the modem from a vendor (not your ISP), then there are not any passwords. If you get it from your ISP (and they are worth their salt), it will come with a password on it. Our modems are included in the monthly charge, so we still own them and protect them with passwords. > I am also very curious to find out how to telnet into this thing, > as there are references to it being "password protected" > to prevent intruders. Somehow I rather doubt mine was These modems do not have the ability to be telnet'd to. If you try, it returns a "protocol not accepted" error. The update is accomplished via the CMTS configuration file. There is a field in the config file for an "Update Available" that includes the filename and tftp server of the update. So, if you can fake out a modem with a rougue DHCP server and provide your own configuration files, then you might possible be able to upload rougue code to the modem. > Can firmware be uploaded by anyone? How does the modem > authenticate the head-end system? Does anyone have any > information on how to reprogram this modem? The modem authenticates the headend through the negotiation phase of the boot process of the modem. The modem scans the downstream frequency channel (usually >450mhz) until it finds a 6mhz wide QAM (256 or 64) signature. Encoded within the QAM modulation is the information for the upstream channels (channel ID, freq, freq width, etc). The modem then ranges with the CMTS to configure the power level. Once the modem is ranges, it goes through a DHCP/TFTP sequence. The modem then downloads its configuration options from a file stored on a TFTP server. -- Thanks, -Joseph W. Breu --------------------------------------------------------------------- Joseph W. Breu Linux/UNIX Administrator / Cedar Falls Utilities phone: (319) 268-5228 Utility Parkway, Cedar Falls, Iowa 50613 pager: (319) 235-4209 NIC: jwb96 breuat_private breu.pagerat_private --------------- Where do you want to go tomorrow? -------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:55 PDT