Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Focus on Cable Modem Uncapping

Posted by chrisd on from the a-new-way-to-go-to-court dept.

Anonymous Coward writes "Cable modem uncapping allows broadband customers to boost their bandwidth to 6 or 7 times what they're paying for, by spoofing their modem's TFTP client into downloading a hacked DOCSIS configuration file. Kevin Poulsen at SecurityFocus reports that a new underground program called OneStep makes the process easy and fun for the whole family. Broadband companies are cutting off the uncappers that they catch, but things could get out of control soon."

6 of 484 comments (clear)

  1. Re:Easy to catch by Jah-Wren+Ryel · · Score: 5, Interesting

    Don't forget video conferencing. Being capped at 15KB/s limits you to some pretty ugly video quality. I want to use my cable modem to do video conferencing with family and friends around the country. Right now it is one step away from intolerable and usually not worth the effort.

    --
    When information is power, privacy is freedom.
  2. Unused bandwidth can never be recovered... by weave · · Score: 5, Interesting
    I understand the rationale for caps but I wish it was implemented with a bit more imagination and skill. Cable modem bandwidth usage has peak and off-peak hours. At 6am on a Sunday morning it's practically dead while Tuesday at 7pm it's heavy. So why can't they uncap or raise the cap during off peak hours so someone that wants to download three ISOs of redhat 7.3 could program their box to grab it early Sunday morning? All that bandwidth they are saving during off peak hours is wasted. It's not like they can apply it back during peak usage.

    This would also encourage off peak usage. It'd be far better to squeeze out that 2 gig download quickly when it has no real impact on others versus taking hours due to a cap during peak.

    I'm guessing you just can't reprovision the cable boxes that quickly and dynamically everywhere, but damn, it makes sense and I still don't understand why caps aren't implemented using some QOS type service at the head-end anyway...

  3. Re:Property vs Service by Gordonjcp · · Score: 5, Interesting

    Doesn't work that way. Consider this: The government provide the roads. I pay the government to provide roads, and they keep up their end of the bargain by giving me nice, long, straight motorways to drive on. However, the conditions of use, as it were, state that there's a maximum speed limit of 70mph on the motorway.

    Now, the government doesn't supply the car. I went out and bought the car. I have a Citroen, you may have a Ford, or a Vauxhall, or whatever you like. They're all *capable* of going faster than 70mph, but if I get caught doing that, I get a speeding fine, and points on my licence. I can't argue that "I bought the car, I paid for it, so I'll use it any way I want".

  4. Cheap point-to-point line potential? by Gordonjcp · · Score: 3, Interesting

    OK, how's this for an idea?

    The config file is uploadable through the ethernet port, and seems to be able to specify the upstream and downstream frequencies, along with the maximum bandwidth rates etc. What would happen if you joined two cable modems with an F-to-F connector cable, and send config files to them so that the receive frequency of one was set to the transmit frequency of the other? And, how far from each other could they be? I know that the sub-headend that supplies my cable modem is only about 1/4 of a mile away, but I'm sure they work over a greater distance.

    Any thoughts?

  5. Re:Don't bother trying this... by ReelOddeeo · · Score: 3, Interesting

    providers don't "switch to DOCSIS".

    Mine did. They began upgrading the system all over town. Vastly improved. Many new services. They started gradually switching sections of town over to DOCSIS. There was a window of time in which you could use both the old ugly Zenith modems or the new SurfBoard modems. But by a certian date you had to bring in your cable modem and replace it with a DOCSIS modem. Unfortunantly, I had to change all of my static IP's at the same time.

    --

    Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
  6. Re:The tragedy of the Commons by barberio · · Score: 3, Interesting

    "Library books are free for all to borrow, but people don't all go there and borrow as many as they can just because it's open to anyone for free."

    Check your Library card. Most public libraries limit the maximum amount of books you can take out. And they have fines for late returns.

    "Water from a public drinking fountain is free, but nobody sits there all day filling up bottles of water just because it's free."

    But when piped water was new, they did just that. It took a lot of teaching to get our curent social stigma of wasting water that comes from a tap.

    "Besides, the "tragedy of the commons" is usually used as an example of why government control of something is bad. Yet in this case the connection is owned by a private company, and you're still crying about the 'tragedy of the commons'?"

    Er... So, because I dont use the argument in the traditional role, its wrong? And, I seriously think you have the wrong end of the stick there with your given usage too.

    "If it wasn't for the shared backbone you wouldn't have an internet connection at all."

    Yes. And no. Networking is more complicated than that these days. But I'm not saying a shared escential resource is inherently wrong. (Apart from single point of faliure, but thats a diferent argument all together)

    "I find nothing tragic about having this sort of 'commons', it's an enabling device for crying out loud!"

    Uh huh? And your point was what exactly?

    The 'Commons' example is for an *Uncontroled* and *Unmetered* limited availablity resource. I dont understand how anything you've said is relevent to what I said.