In the states many companies will let you buy DOCSIS modems, here in Canada however, most Cable ISP's are not at that stage currently. Some have implemented DOCSIS on their networks (Including the one that I work for). The way the modems are throttled are by config files (And possibly via SNMP management as well), so to unthrottle the modem (And the modems should be capable of 10mbps both directions if not more) you would need to replace the modems config file. However, attempts to hack the config file and replace it with your own can be very difficult (Not saying it's not doable, but in all my trying on our network I haven't been able to). They have shared encrypted secrets in the DOCSIS config files, so even if you do manage to replace the config file on your modem with another one (Very difficult to do) the cable router will not accept the modem because the shared secret does not match. Also, the config file is specified on boot up by the Cable ISP's DHCP server (It should specify the TFTP server and the config file to download). So the challenge is, to spoof the DHCP server responses and force the modem to download a config file from your TFTP server. The problem with this, is that most cable routers have a DHCP helper IP address that they will forward the DHCP requests to, so it becomes very difficult to spoof the DHCP responses because you will never see the requests on either the ethernet side of your modem or the requests of other modems. It would be interesting to see what people come up with. Anyways, this is from experience working as a Unix admin on a cable network and not from reading any standards, etc so our implementation might be a little different the others. Laurence ----- Original Message ----- From: "Blue Boar" <BlueBoarat_private> To: "Russell Handorf" <rhandorfat_private-world.com> Cc: <vuln-devat_private> Sent: Tuesday, February 05, 2002 10:52 PM Subject: Re: chaging your @home IP address... could you take a bunch ofthem....probably... could you get something from it...maybe > Russell Handorf wrote: > > > > Jon is correct- the speed is determined via the modem. Back when > > excite@home was compromised by adrian lamo, I was privy to such access as > > well. On the computer havoc.corp.home.net there lay the 'help desk' > > interface, where the users settings were editable. I distinctly remember > > the speed being an editable option for the modems. However the only way, to > > my current knowledge, it to edit this information on the ISP side- still. I > > Ultimately, if the box is in your house, it's only a matter of how much > time you want to spend hacking it, and the agreement between yourself and > your provider. > > I do believe that many cable providers will allow their customers to > buy their own docsis compliant modems, no? I understand the config file > will come > from the ISP, of course. Well, the original config file... > > BB >
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 09:34:52 PST