OT Cable Modem Security (Was: OT Phone line quality (was Re: file d/l size))
- Have to agree with James. It seems highly unlikely that anyone will ba able to do much packet sniffing from what I know about the way cable topology runs. All this data is firsthand, btw, since I am a HSD installer for Time-Warner.
Your cable model is _mostly_ correct. However, the wiring does not run in a loop. It looks more like this:
Each Node can have any number of ports tapped off it, ranging from 2 to 24(three 8-port taps, most I've ever seen). You also have branches off each line from the headend at varying points, so the topology winds up looking more like a big tree than anything.
Also, each cable modem is assigned an IP address from the headend, based on it's MAC address. This is what James was talking about with "registered devices". When the headend "sees" a device it checks it's allow list to give that device an IP. If it's not on the list, it gets a 192.x.x.x address, which is a non-routable. Anyone without a registered device won't see a thing. Add to that the fact that digital cable boxes (at least ours do) authenticate the same way and send and recieve their PPV and channel lineups via the IP address they recieve, thats a TON of packets that the hacker is going to have to sniff through.
Of course, none of this will _really_ stop a determined hacker, so you're at the same point you'd be with any other service provider.
----- Original Message -----
Sent: Friday, May 30, 2003 6:38 PM
Subject: [pcgen] OT Phone line quality (was Re: file d/l size)
> > And about cable, what privacy issues? If you get any other form of
> > broadband, you're most likely going to have the same issues and will
> > still need to run a firewall.
> Network topology.
> Cable, OTOH, runs through the entire neighborhood; everyone who shares
> the loop can potentionally sniff your traffic.
Yes and no. Most cable modem providers are configured to only accept
input from a registered device. You can buy your own hardware but
have to call the carrier to get them to accept it. Mine didn't use to
be like that but they changed. (Course they could've changed back by
now, it's been a while since I've read the T&Cs or talked to the
techs). That means that while you could, in theory, sniff on the
network with an unregistered device you won't be able to do anything
while you are. Essentially it's a distributed switch, albeit one that
relies on end-user firmware. A good system would log the rogue device
and all the active devices on that loop to help find mr. sniffer.
Other carriers are more strict and pre-configure all the hardware.
Not that this means the system's secure, there was some major screw up
a few months back when a cable provider didn't reset the remote admin
password from factory default and every user's cable modem could be
hacked by anyone who'd read the manual, but it means someone's
Having worked at ISPs, I really don't worry about packet sniffing.
There's too much data out there to worry about getting noticed. If I
do something I don't want someone to know about I either don't do it
or use an encrypted connection to a remote machine. Someone can break
my SSH tunnel, but they're gonna have to want to. Of course sometimes
I'll encrypt connections to this board just to throw them off.
Usually right before I change all the keys again using sneakernet.
Which reminds me, time to re-key the WLAN.
Yahoo! Groups Sponsor
PCGen's release site: http://pcgen.sourceforge.net
PCGen's FAQ: http://pedertest.officeline.no/PCGen
PCGen's alpha build: http://rpg.plambert.net/pcgen
To unsubscribe from this group, send an email to:
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
[Non-text portions of this message have been removed]