On Mon, 30 Apr 2001, ai32 wrote: | Even though CoS gives some information on speed, this is usually controlled at | the headend (CMTS). See, there is nothing stopping you from buying a DOCSIS | compliant modem, taking out your vendor supplied modem and putting that one in | (after all, that's the point of DOCSIS). Thus things such as upstream and | downstream speeds are controlled via parameters on the CMTS. If you want more | information, go look up stuff on the Cisco UBRs. | If you replace the vendor supplied modem with your own, it still has to follow the DOCSIS specifications just like the vendor supplied modem did. Of course, you can modify the firmware. Just like with cell phones, you can furnish your own phone, with perhaps even your own firmware. Even if you put in a Cisco UBR, or another modem which you can have more control of, it still has to comply with the basic DOCSIS specifications. If you modified the firmware, you can easily take control of a number of things. Your main 'authentication' mechanism in DOCSIS is the modem's MAC address. Your provider has to enter this address somewhere so that your modem can communicate with the network (perhaps the DHCP server?) In short, the modem's HFC interface MAC address is the main form of authentication on the HFC network! The entire DOCSIS specification relies on the fact that the device plugged into the HFC network is playing by the rules. This is what I was getting at. If you imagine HFC as being souped up ethernet over various cable frequencies, you get a better idea of what you are working with! | The cable industry is still in its infancy, we will (hopefully) see a move | towards SNMPv3, and Baseline Privacy and see more focus towards security. | Note that these devices don't have very high powered CPUs on them, its not | very easy to encrypt/decrypt streams of data without dedicated hardware. | From glancing at the DOCSIS specs, it looks like some kind of encryption is required. The Surfboard 4000 modems have a 30Mbps down/10Mbps up max, and there is a variety of commercial crypto chips that can operate at these speeds. I wouldn't be suprised if the main chips in the modem do the encryption, Broadcom who makes the cable modem chips also makes their own crypto chips. | Also, have you checked for write access on SNMP? There are a bunch of | parameters that can be controlled via SNMP, such as the name of the boot file. | You already noted that the cable modem gives special precidence to | 192.168.0.x, what if you hooked up a PC with a TFTP server and set the name of | the TFTP server to 192.168.0.x..? | I would imagine that the cable modem wouldn't be dumb enough to grab DHCP or TFTP from the client (ethernet/usb) side. This has got to be a requirement in the specification. I will have to figure out more about this when I'm at a machine capable of displaying PDFs..... You say that cable is still in its infancy. An existing provider serving less then five thousand subscribers still has to spend millions of dollars to deploy the service. Switching from the old school Motorola or other proprietary cable modem systems to the new DOCSIS systems carries a very high price tag and takes a long time. It can also potentially run into the millions of dollars for a single provider. To top it all off, large cable systems in metropolitan areas are deploying large amounts of DOCSIS modems right now. Supposedly, there are 5.8 cable modem subscribers in the U.S. today, more then twice the number of DSL lines. And, it doesn't look like the specs are going to start changing radically for security any time soon.
This archive was generated by hypermail 2b30 : Mon Apr 30 2001 - 10:19:38 PDT