Slashdot Mirror
Security Focus on Cable Modem Uncapping
Anonymous Coward writes "Cable modem uncapping allows broadband customers to boost their bandwidth to 6 or 7 times what they're paying for, by spoofing their modem's TFTP client into downloading a hacked DOCSIS configuration file. Kevin Poulsen at SecurityFocus reports that a new underground program called OneStep makes the process easy and fun for the whole family. Broadband companies are cutting off the uncappers that they catch, but things could get out of control soon."
Just because technology allows you to do something, does not mean that it is also legal.
I have been pwned because my
A friend of mine, who also uncapped his modem but for a longer period received a letter from the cable company saying "Someone in your household has illegally attempt to modify one of the devices supplied by Telewest. Please desist or your service will be permanently withdrawn" or something like that.
My cable connection ocassionally gets uncapped for random periods, and I don't notice until I start downloading something (e.g. larger driver file) and get 300kbyte/sec.
If more information was available for customers to see how much bandwidth cost the ISP, then perhaps our expectations could be realistically scaled. Is having an uncapped 3 hour period between 2am and 5am feasible? I could simply schedule large downloads for that period. At present, I may as well just download at peak times, which probably is more irritating to the ISP receiving calls about slow web pages, or somesuch.
Here's another example: you may own your telephone handset, AND it may even be legal to modify it for the purpose of phone phreaking (maybe...DMCA?), but once you plug it into a live phone jack, you've surely committed a crime.
Summary: It's not about how you handle your equipment, it's where you have permission to stick it.
Slashdot: rejecting tech news in favor of rubber band guns since 1997.
Download speeds aren't the problem.
I think we all assume that the download is maxed or we don't care.
It's the limited upload speeds that people want to get around. Now I know that the uploads are sometimes limited to reduce 'network collisions'... but low upload speeds are screwing real users.
You don't need to be hosting pr0n or warez. What if you want to put up a password protected mp3 server so you can listen at work, etc.
Remote desktops in XP - X11/VNC for linux users... there are real reasons.
Browse over to freshmeat and check out all the cool ass servers.
Get your Unix fortune now!
Actually, I like this. It gives the abusers enough rope to hang themselves, and they evidently ARE catching them.
This means you get to easily identify, then remove, the buggers who are screwing your bandwidth distribution and forcing you to spend tons in extra capacity. A minor short-term risk for long-term gain.
I have to say I also don't mind that some warez d00d may just finally learn that yes, there are consequences to your actions, even on the Internet.
People have done much more amazing hacks than that on DVD players, such as the Apex AD600A, despite the use of a non-standard microprocessor. Hacking the firmware of a cable modem should be quite simple by comparison.
That's the sort of reverse-engineering I used to do quite often, but now I get little opportunity due to the DMCA. It doesn't seem like service provider or cable modem vendor can use the DMCA to ban reverse-engineering of the cable modem, since the features in question aren't involved in copy protection. But the trend seems to be to sue first and try to justify it later.
Eric
[*] Better in the sense of being less detectable. I'm not suggesting that doing this is legal or ethical.
And just because something is illegal, doesn't mean it's wrong...
Americans, in particular, seem to have trouble with that one. Brainwashed, the lot of 'em...
You can't successfully legislate morality!
Given half a chance, I don't believe most of us geeks are unreasonable. And if variable bandwidth caps were instituted that were raised or lowered based on demand, just like the compression level on a CDMA cell signal is manipulated based on cellular tower usage and capacity, you'd start to see a lot of tools written that would make shifting of bandwidth around available for average users too...
Someone violates his TOS by uncapping his modem for the purpose of abusing his connection, gets caught in short order, and is banned from every abusing that internet provider again. I fail to see the problem here. The REASON these modems are capped in the first place are because of these very abusers. Granted, AT&T as well as other cable providers probably don't want to lose a bunch of customers, but the heavy warez/movie trading crowd they would happily do without as they tend to overuse their bandwidth allocation regardless, as well as creating potential legal liabilities.
This gives them an easy out. If they're able to detect an uncapped cable modem in a matter of hours after its been uncapped, then this is a great way to relieve yourself of a bunch of unwanted customers. And they don't even have to monitor bandwidth content. Just have to check the speed going over the physical maximum.
This should also be a wakeup call for parents who "share" their internet connection with their kids. Better let your children be aware that if ever they do something this foolish there will be serious hell to pay. PAY ATTENTION to what your children are doing. You don't know?? Then don't let them have internet access. When they turn 18, let them get their own account, and they can use or abuse it as they see fit.
Or if you REALLY need that extra bandwidth, pay for an account that provides for it. MOST companies, even cable providers have accounts that provide greater upstream bandwidth, but they don't cost $49, and they're rarely parts of a promotional deal.
-Restil
Play with my webcams and lights here