Security Focus on Cable Modem Uncapping

Anonymous Coward writes "Cable modem uncapping allows broadband customers to boost their bandwidth to 6 or 7 times what they're paying for, by spoofing their modem's TFTP client into downloading a hacked DOCSIS configuration file. Kevin Poulsen at SecurityFocus reports that a new underground program called OneStep makes the process easy and fun for the whole family. Broadband companies are cutting off the uncappers that they catch, but things could get out of control soon."

Fun? Yes. Legal? Questionable

[ObviousGuy]

Just because technology allows you to do something, does not mean that it is also legal.

lovely

[zAmb0ni]

and they will be totally suprised when their cable company cuts them off at their knees:

http://www.dslreports.com/forum/remark,3155491~r oo t=attbi~mode=flat

Cable Modem Uncapping...

is like uncapping a coke bottle. You get access to the beverage, but you also release some bubbles. If you don't understand the comparison, well neither do I.

A new virus...

[ImaLamer]

Now virii will be spread by:

REAL!!!_cable_modem_uncapper.exe

and not:

cable_modem_uncapper.exe

Re:A new virus...

[Lord+Bitman]

Why bother with a virus? I think it would be funnier to see a real cable modem uncapper be spread. Thousands of users download and install them innocently, alongside their crappy BOOST software and everything that opens multiple connections. The combination will push their bandwidth to its limit, and then.. heh, well it would be better than a virus. Virii can be gotten rid of by loading a backup. AT&T is much more bitchy than that.

One fact remains: never trust the client

[jukal]

The way the bandwidth limiting has been done in these modems, is completely similar to telling 5 year old kids to take only one candy, and then go yourself watch football to another room (or as a fin, Icehockey) - when you return after the match you can be sure that there is no candies - or bandwidth - left.

IMHO, the operators were just asking for this. NEVER trust the client.

Re:One fact remains: never trust the client

[RollingThunder]

Actually, I like this. It gives the abusers enough rope to hang themselves, and they evidently ARE catching them.

This means you get to easily identify, then remove, the buggers who are screwing your bandwidth distribution and forcing you to spend tons in extra capacity. A minor short-term risk for long-term gain.

I have to say I also don't mind that some warez d00d may just finally learn that yes, there are consequences to your actions, even on the Internet.

Re:One fact remains: never trust the client

[Squash]

I work at a cable company, and I stress this exact point. It is a silly way to cap bandwidth in the first place, and it was crazy to ever be adopted. Maybe this is why Docsis is only an ad-hoc standard?
The bad part is, the method of enforcing speeds employed by most (I stress MOST, you bet your ass that my methods aren't so easily fooled) cable operators has the same problem. They want to get your speed by SNMP query to your cable modem. Which again puts the trust in the client. While I haven't seen any SNMP faker hacks, I'm sure that they aren't too far behind. Another silly note is that most of those guys are comparing your speed to a list of approved speeds, not to a list of what customers bought what. This includes thier Business lines, which run over the same gear. You won't be able to sneak through with a 2meg/2meg pipe, but a 1.5meg/768k is a service they probobly sell, and would get right through thier checks.

The control method that you will see soon is called "shared secret", and is an encrypted passphrase-type method. Basicly, your cable modem gets a config file that has a key in it, which is basicly a signature of the bin file. It then generates a new passkey based on those two items, and send it to the CMTS. The CMTS verifies that it got a correct passkey, and then lets you connect. The encryption they used is junk, though, and there are efforts underway to break it. This is yet another dumb method that will only work for a short while!

What I will say is that there is a better way, and it is 100% effective. Your cable modem doesn't just "make up" a speed and magicly work, it has to register its rates with the CMTS. This is where the speed is truly controlled. While it isn't likely that Cisco will have a good method for capping individual users at the CMTS level, they are nice enough to tell you what speed someone is registered at. This is the method that I am using, and I *am* comparing speeds against what customers are paying for... So if you live in a town where you can get Imo's pizza, the square beyond compare, this is your warning! :)

On the flip side, once an abuser is identified, the info gets sent to marketing, and who knows what happens from there. We don't just pull the plug on abusers (yet).

Re:One fact remains: never trust the client

[afidel]

Hopefully marketing will realize there is a market for a residential service with a higher upload cap! I need more than 128kb/s for streaming my mp3 collection since I have it VBR encoded @~200kb/s avg. I would also like to allow my work pc to vnc/ssh/term service into my home pc's, this will work but will be extremely crappy over 128kb/s. Note that none of these are business uses and I can deal with residential service guarentees, but I want more bandwidth on the upload! Standard Docsis rates are almost 12:1 D/U, my usage pattern on dialup is only about 5:1 and most of the stuff I would do with broadband would push it to 4-3:1. When I need massive amount of sustained bandwidth and service guarentees I pay for, hence my 6Mb/s burstable to 7.5Mb/s ATM circuit(s) at work, but cable co's aren't commercial ISP's, they are residential ones, they should offer a decent residential service.

Re:One fact remains: never trust the client

[ImaLamer]

They're te ones using the excess bandwidth that the others have to pay for to cover the costs. I'm sure the ISPs are actually quite happy to get rid of these customers.

Once they're all gone, I'm sure broadband prices will come down *snicker*


And broadband will be gone... no customers.

I know someone in my family that uses the same BB service to just check e-mail... I guess I can go all out? In your world you still think it's wrong.

Hell, I was sold on an unlimted, unmetered connection. I know b.width costs $$$, but I'm paying what they wanted me to. They should have prepared for "THE WORST CASE SCENARIO"...

Re:caps on uploads

[mike_g]

it's capped at 15k or something, while I'm paying for 128 uploads

15k is exactly what you are paying for. The speeds that describe your line are in kbit/s, and 128kbit/s turns out to be 16kByte/s.

m

Oh wonderful

[olman]

This is just great. And I thought our cable service was overloaded as it was. Never to worry, thought, they do send cease&desist nastygrams to everyone who exceeds an arbitary download quota as it is. In any case, you'd think it'd not be that difficult to monitor the bandwith usage per node and ..

Actually this reminds me of the a**wipes who used to download pr0n with threaded ftp clients from within the student network. We had a shared 512kbit line and you can see where this is leading to. Ditto for download managers with "segment" support. I fully realize I'm using making the download even slower for everyone else by using Getright to have 4 independent connections.. Some people are just more equal than others, dammit!

Re:Oh wonderful

[ImaLamer]

I fully realize I'm using making the download even slower for everyone else by using Getright to have 4 independent connections.. Some people are just more equal than others, dammit!


The optimal use would be to find mirrors.

I often download my linux iso's in Windows because I like Getright so much. It can usually find mirrors around the world and I can get an iso in about 45 mins - something almost impossible when new iso's are released.

Re:Oh wonderful

[ImaLamer]

I know very well about this application and I thank you for pointing it out to other readers.

There are also a DOS and Windows versions :)

[I have become used to get right since i would thrash my linux box and then get a newer version of whatever distro I was using. It's a home/hobby thing.]

Cool hack guys

[ez76]

It just goes to show what's possible when a generation of clever minds is continually frustrated by their inability to develop a digital descrambler for the Playboy channel.

Like it matters...

[zAmb0ni]

Give me something that I can actually use like...

A program that will cap my CS ping at 10ms.
A program that gets rid of my horrible packet loss.
A program that gives me reliable service without downtime every other day.
A program that will uncap my 1GB/mo limit on usenet download
A program that gives me customer service who knows what they are talking about.
A program that gets rid of my horrible Comcast service and gets my old (more reliable, lower priced, higher bandwidth, more featured) Mediaone service.

Capped cable

[Apocalyptic+Cowbird]

Unless you're severely capped (at around 512kbps) I don't really see an issue with it. Most sites I go to I can only get around 70-100 kBytes/s on a download. This is far less than the 1.5Mbps cap usually put on the modem. Going to my ISP's download test site (which is connected by a fat pipe) I got 400kBytes/s, or 3.2Mbps. Basically, the chokepoint is mostly at the other end, not at the home user's end. When websites all have huge pipes running from them then maybe this will be an issue, but until then it's probably a moot point.

Re:Capped cable

[semeniuk]

You're right about websites, because they rarely have 'the big pipe' ... but newsgroups are a different story.

I easily hit the top advertised speed for my DSL service when I'm downloading from usenet ... and the more bandwidth I have, more educational material I can download from newsgroups (and there's tons of educational material there! :-))

Only appears to apply to Moto. Surfboards

[tempest303]

(note: I work for a cable ISP)

This vulnerability only exists in Surfboard modems. RCA, who has a HUGE market penetration, especially since they're cheaper, smaller, and better featured (for ISPs anyhow) than the competition, are *not* vulnerable to this, and can't be "uncapped."

I'm really surprised I haven't heard more about what other ISPs who have rolled out more Surfboards plan to ask *Motorola* about this. Couldn't they just turn off the damn ethernet port for the duration of the initialization sequence?

Re:Only appears to apply to Moto. Surfboards

[tempest303]

Well almost anything is possible, it's just a matter of equipment and know-how. RCAs just can't be uncapped through the ethernet port, as it refuses to look for the file on anything but the cable interface.

If it was anything less than next-to-impossible, why wouldn't there be a hack utility out there for it? RCA's got huge market penetration, there's certainly incentive and a user base.

Besides, that's where MD5 "shared secret" comes in. :P

What goes around...

[redgekko]

I can't wait to read the next Slashdot article entitled "Cut off by Cable, It's Just Not Fair", in which everyone bellyaches about their newfound understanding of the "cable monopoly" definition.

Think about it... even if it did get "out of control"... cable providers could simply restrict bandwidth further up the line (someone please explain why on earth it would be delegated at the modem in the first place???).

Anyone remember years ago when the same thing happened with DirecPC's service?

Uncapping

[Dante_H]

Yeah, I uncapped my cable modem (in the UK, on Blueyonder) for a period. 500kbyte/sec transfers were fun, but then when I had a power cut I had difficulty respoofing the modem with the configuration file. Apparently the cable company disabled the process of the modem getting the file.

A friend of mine, who also uncapped his modem but for a longer period received a letter from the cable company saying "Someone in your household has illegally attempt to modify one of the devices supplied by Telewest. Please desist or your service will be permanently withdrawn" or something like that.

My cable connection ocassionally gets uncapped for random periods, and I don't notice until I start downloading something (e.g. larger driver file) and get 300kbyte/sec.

If more information was available for customers to see how much bandwidth cost the ISP, then perhaps our expectations could be realistically scaled. Is having an uncapped 3 hour period between 2am and 5am feasible? I could simply schedule large downloads for that period. At present, I may as well just download at peak times, which probably is more irritating to the ISP receiving calls about slow web pages, or somesuch.

Re:Uncapping

[arivanov]

First :
It is slightly different because Telewest modems are suplpied by Telewest are property of Telewest and you are only leasing them.

So you have actually tampered with telecommunications equipment belonging to the telco which in the UK as elsewhere may lead to a very fat fine.

I am amused by the fact that they only kindly reminded you not to be stupid.

Second:
Your suggestion for gradual QoS and limits polices is nothing new. It has been done in the past (it was casual pricing strategy/practice in 1994-1998). I have recently discussed it with some of my collegues (disclaimer none of us works for a CableCo or DSL provider at the moment) but the overall opinion was that there is no economical drive for such a policy manager. The only way such drive will appear will be to introduce differential prime time/prime bandwidth pricing. In other words abolish flat rates. Otherwise there is no economical reason for developing such software.

Overall: if you want to manage your downloads smartly do not ask for dumb pricing.

Re:Uncapping

[Old+Wolf]

A local fellow is currently coding up code for allowing uncapped DSL through an ISP, but with pro-rata rate limiting (eg. if you've downloaded 20Gb this month, and joe has downloaded 10Gb, and the isp's bandwidth is maxed out, then joe's traffic will get twice the priority thaty ours does). Sounds like a good idea to me

Re:Uncapping

[arivanov]

Individuals tampering with telco equipment property of the telco are stupid.

Reasons:

First it is illegal. Almost anywhere in the world you are violating both laws dealing with property as well as telco regulations. Under both you are legible for both fines and jail terms. You may get some leaway due to the lack of precedent for cable equipment or internet equipment being treated under the telco regulations but this is for a time. This unfortunately is not a game where the user wins. I am not saying that I like it or not I am simply stating the facts.

Second: it is trivial to catch. The bandwidth limit is a parameter which can be polled using SNMP by the telco on regular intervals. I can scribble a perl script to do it in 5 mins. I would not expect someone in NTL to do this (noone with brains left) but there used to be people in Telewest capable of doing it in about the same time (or a bit more). In btw: to the extent of my knowledge that is what ATT does. So all cappers get caught. No exemptions.

This is a typical Darwin Award scenario. Everyone of us does something else illegal from time to time. Speeding is a good example. I break the speed limit from time to time. Everyone does. But I do not do it right in front of a speed camera which I know to be always loaded,perfectly operational and checked by the police for catch at regular intevals.

Re:Easy to catch

[ender81b]

I don't really understand why people bother. I have Road Runner (in nebraska) and I can get 255 kbytes/second.. which happens to be faster than a T-1. I guess I just might be lucky in the fact that RR isn't capping me + not many people on my node. I know some people in a neighboring town who use Cox cable and they can barely get 56k sometimes.

You are right though - it just isn't worth losing service over especially if you can't get DSL.

I've seen this before..

[skilef]

..here in Holland. A fellow UPC-customer wrote a program called FuckUPC; uploadmax was uncapped and went from 16KBps to 300KBps! UPC applied a patch and doesn't seem to work anymore. So maybe the fun is over before you know it. If a lot of people are going to use it, providers will find out in the end. As far as I can see, the program is basically the same as FuckUPC(?):

-ARP your own IP adress with MAC of cablemodem
-ARP private IP (10.10.10.1) with MAC of cablemodem
-Set your gateway as 10.10.10.1
-Redefine routing table (netmask 255.255.255.0)

Seems pretty straightforward..

Re:Is there anything like this for DSL?

[jawtheshark]

As far as I'm informed, Cable is a shared medium as for xDSL isn't. This means that with your cable modem you get the full bandwith unless you "restrict yourself".
DSL (Digital Subscriber Line) is not a shared medium: you are the only one that uses it up to the switch. So the switch is responsible for cutting you down. Client side security (okay, capping in this case) has never been a good security.
Anyway, even if I am wrong (which I doubt), I wouldn't uncap my DSL modem. Okay, I have the lowest possible rate where I live, but it's enough for all our family member to surf simultaneously at acceptable speeds.

Re:Property vs Service

[redgekko]

True, you are within your rights to do whatever you want to the cable modem itself if you own it... HOWEVER, the moment you attach it to a leased cable line, you are most likely violating the provider's TOS/AUP/FAP/EULA that you agreed to be legally bound to when you subscribed.

Here's another example: you may own your telephone handset, AND it may even be legal to modify it for the purpose of phone phreaking (maybe...DMCA?), but once you plug it into a live phone jack, you've surely committed a crime.

Summary: It's not about how you handle your equipment, it's where you have permission to stick it.

funny answsers.. silly questions.....

[phunhippy]

>>>>A program that will cap my CS ping at 10ms.
Doesn't matter, I'll still nail you with my leet desert eagle skillz!

>>>>>A program that gets rid of my horrible packet loss.
install new network cables :)

>>>>>A program that gives me reliable service without downtime every other day.
OH now that was a funny one!

>>>>>A program that will uncap my 1GB/mo limit on usenet download
How much porn can u look at? I mean .jpgs are small man!

>>>>>A program that gives me customer service who knows what they are talking about.
That would drive the cost of the service up! imagine these companies having to pay intelligent and skilled people to answer the typical question they receive... which any phool getting paid 2 bux over minimum wage can do from a FAQ sheet :)

>>>>>>

Changes in speed

[MiTEG]

I've posted this before, but I'll post it again. I, and many other customers of ATTBI I am sure, feel the great disservice is the fact that ATTBI has the gull to increase the rates while also decreasing the service speeds. From memory, here is what the service essentially has been (innacuracies may occur, but the basic premise is true):

February 2000- 3.5 Mb/s down, 1.5 Mb/s up- Price= $49.95/month
January 2001- 3.5 Mb/s down, 128 Kb/s up- Price = $49.95/month
January 2002- 1.5 Mb/s down, 128 Kb/s up- Price= $59.95/month

I can understand how some people would be upset enough to risk losing their account in order to get faster speeds, but I am not one of them. Sure, I have the option to switch to another broadband company, but when AT&T has a monopoly on high speed connections in my area, I'm must endure what they force upon me or otherwise have a very limited connection speed.

Re:Changes in speed

[Sc00ter]

What?! I worked for MediaOne (and this is what became ATTBI) in 2000. They never had speeds that fast.. they had (and I still have as a ATTBI customer) 1.5Mb/s down and 384Kb/s up.

Re:Easy to catch

[ImaLamer]

Download speeds aren't the problem.

I think we all assume that the download is maxed or we don't care.

It's the limited upload speeds that people want to get around. Now I know that the uploads are sometimes limited to reduce 'network collisions'... but low upload speeds are screwing real users.

You don't need to be hosting pr0n or warez. What if you want to put up a password protected mp3 server so you can listen at work, etc.

Remote desktops in XP - X11/VNC for linux users... there are real reasons.

Browse over to freshmeat and check out all the cool ass servers.

Re:OT: Toshiba PCX1100U

[edrugtrader]

ImaLamer... Exactlly.

i C0/\/nect3d al1 |\/\y wind0z3 b0xen with Us|3.

if you bought a router, or ran the second computer behind the first one, how would that be any different? i have no idea what you are claiming you did.

Why

[daniel2000]

Why make anything adjustable from the consumer end that can affect profitibility???!!! Its a broken secuity model (which may lead to a broken business).

Re:Allows? Not really, it's a bug

[kapzer]

The Motorola scheme is based on a bad implementation that should never have passed certification in the first place. Read Cable-Modems.Org for some slightly more in-depth/serious information.

detection by service provider

[Eric+Smith]

The article suggests that service providers detect this by querying the modem at the customer end using SNMP. If that's true, a better[*] hack would be to modify the firmware to uncap the bandwidth regardless of what the MIB variables say. In other words, let it report back via SNMP exactly what the service provider sets the cap to, but have the modem disregard that variable.

People have done much more amazing hacks than that on DVD players, such as the Apex AD600A, despite the use of a non-standard microprocessor. Hacking the firmware of a cable modem should be quite simple by comparison.

That's the sort of reverse-engineering I used to do quite often, but now I get little opportunity due to the DMCA. It doesn't seem like service provider or cable modem vendor can use the DMCA to ban reverse-engineering of the cable modem, since the features in question aren't involved in copy protection. But the trend seems to be to sue first and try to justify it later.

Eric

[*] Better in the sense of being less detectable. I'm not suggesting that doing this is legal or ethical.

Re:detection by service provider

[Cato]

Ultimately, the provider can always monitor how much bandwidth you are using by looking at its own routers - you can't spoof this. Search for 'Cisco NetFlow' for one example of how to do this.

By making it more expensive for them to detect cable modem uncapping, you are probably just going to encourage them to disconnect uncappers rather than just warning them.

Re:detection by service provider

[Pastey]

That's good to know Cato. But you know, that brings to mind a question I've been asking myself off and on for a few months now:
if they can easily monitor something like bandwidth usage on a per-customer basis, why the heck can't they also scan for other violations/problems like code red?

I live in the midwestern U.S. (Ohio) and have Time Warner's Road Runner service. To this day I'm still seeing a large number of code red attempts on my router logs - greatly reduced from when it first hit of course, but still quite a few. When I spoke to RR's customer service back when CR first hit (and brought the entire RR network to it's knees) I asked them why they didn't just monitor for the bug and either cutoff or contact anyone with an infected machine. They told me they didn't have that capability.

Now granted, this was just a customer service flunkie, but I still remember thinking, "What the heck?! You guys can't track this sort of thing on your own network?" Apparently he may have been correct, given the number of CR attempts I'm still seeing.

Any idea what the real story is?

Re:detection by service provider

[Znork]

That one's simple; of course they can check who's got Code Red. The problem is that it will be the regularly-paying low-bandwidth-use Average Joe and his or her kids who basically couldnt fix it even if they knew they had it. It will also be a significant percentage of their customers.

Either they'll have to cut off 20-50% of their customers or they'd have provide technical assistance to that number of people... neither option of which will be palatable to anyone wanting to actually not go bankrupt immediately.

If it annoys you, set up a webserver to answer the code red infection attempts by shutting down or wiping the offending machine. Or pop up a warning for the poor suckers on their display with a pointer to where they can find a cleanup patch, if you're a nice person. It's not very complicated and I think you can find example cgi scripts by searching on google a bit.

Re:detection by service provider

[digitalsushi]

if they can easily monitor something like bandwidth usage on a per-customer basis, why the heck can't they also scan for other violations/problems like code red?

just cause i am counting cans doesnt mean i can read the labels :)

Re:detection by service provider

[austad]

Actually, you can turn off snmp on the outside interface on the thing. Read the docsis spec, there's a MIB you can set which will let you turn off all snmp on the outside interface. Plus, 3com sharkfin's let you modify this MIB using the public community string, at least with the old software they did. I haven't tried it with the new software.

In any case, you're bound to get disconnected if they see anything funny. And if cable modem is your only option, you probably don't wanna mess with it unless you don't mind going back to a modem.

Re:detection by service provider

[Grishnakh]

And if cable modem is your only option, you probably don't wanna mess with it unless you don't mind going back to a modem.

You also don't want to mess with it if the only DSL provider in your area uses MSN for their ISP. Trust me on this one.

Re:detection by service provider

[Eric+Smith]

I wouldn't call getting into the service menu of the Apex AD600A an amazing feat

Nor would I. But that's not what I'm talking about.

Despite using a very non-mainstream microprocessor (a modified MIPS-X, which is NOT the commercial MIPS, but rather the predecessor developed at Stanford), and the almost complete lack of publicly available documentation and development tools for that processor, people have managed to disassemble the code and make some serious modifications and enhancements.

They've added region switching and disabled Macrovision in later firmware releases that do NOT contain the secret menu. They've also disabled the UOP bits, which are those horrible bits on the disc that prevent you from fast-forwarding through FBI warnings, studio logos, trailers, etc. And they've even added an on-screen machine code debugger.

That's the amazing hacking I was referring to. Pressing a few buttons on a remote to get into a secret menu is definitely NOT a clever hack.

Re:detection by service provider

[fferreres]

The need only look at peak speeds. If you ever get past a limit, you are toasted.

The best way to get arround this would be to have some the gateways do the QoS, so that certain IP would only get what the "internal record in their servers" say the guy can use.

Is this so difficult? You could do it with a Linux box like a celeron 500 easily i think. No need for a monitor either.

Re:detection by service provider

[Rakarra]

Do you have any links for this? I've been trying to find firmware upgrades for the horribly buggy AD-600A (something that can fix the frequent playback freezes), but Apex doesn't offer any upgrades at all for that model, at least not through their web site.

Re:Is there anything like this for DSL?

[proj_2501]

You are correct.

To be more specific, each cable modem in your neighborhood receives and sends all data that goes through your neighborhood.

Each cable modem has a timeslice to pay attention to data being sent to it. When receiving, there are multiple way of multiplexing, be it giving each modem on the network a timeslice to send a burst, or frequency division multiplexing

Re:Fun? Yes. Legal? Questionable

And just because something is illegal, doesn't mean it's wrong...

Americans, in particular, seem to have trouble with that one. Brainwashed, the lot of 'em...

You can't successfully legislate morality!

Re:Easy to catch

[Jah-Wren+Ryel]

Don't forget video conferencing. Being capped at 15KB/s limits you to some pretty ugly video quality. I want to use my cable modem to do video conferencing with family and friends around the country. Right now it is one step away from intolerable and usually not worth the effort.

Re:Is there anything like this for DSL?

[grahamm]

Why does the restriction have to be at the consumer end? Could the provider not restrict the traffic rate to each IP address (or sub-net) passing through its routers?

Don't bother trying this...

[Rogerborg]

Unless you want to see how easy it is to produce convicing and very elaborate documentation of a fundamentally flawed exploit.

For those who won't bother reading the link (most of you), the exploit is this:

• DOCSIS Cable modems TFTP a file from the ISP to tell them what speed they are capped at (true)
• You can produce a docsis file (using the docsis project at sourceforge) that tells your cable modem to run at whatever speed you like (true).
• You can set the NIC IP on your PC to match the ISP's TFTP server, and set up your own TFTP server to serve your own docsis file (true).
• If you reset the cable modem, it will look on the PC side for the TFTP server, and user your docsis file (bzzzzt, false).

It looks really pretty until this last point, where it enters the realms of fantasy. The people who wrote the docsis spec aren't idiots. Cable modems will not look on the ethernet side for a TFTP server. TFTP'ing is done just after the cable side network discovery (so you have to have the cable side plugged in when you reset) and the modem knows which side is cable and which is ethernet. No, pinging the modem's ethernet IP from the PC doesn't help. It's just not that stupid; it knows that it has two interfaces, and it knows which one is which.

So go ahead and try this. You won't damage your modem, because it will simply ignore your TFTP server. What will happen is that you'll spend a couple of hours following the steps, getting all excited, then getting increasingly frustrated as you just can't get that last step to work. Rest assured, you're not doing anything wrong, other than following the instructions of a delusional wannabe hacker with a tiny amount of network knowledge and a real problem dealing with reality.

Re:Don't bother trying this...

[sl956]

The people who wrote the docsis spec [cablemodem.com] aren't idiots. Cable modems will not look on the ethernet side for a TFTP server.

The people who wrote the docsis spec aren't idiots, but the people who implemented it in some cable-modems are : some motorola cable-modems are looking on both sides (cable and ethernet) for a TFTP server. Yes it's stupid... but they do.
I tried it 6 month ago (when my provider switched to DOCSIS), with great success.
Nethertheless I don't do it anymore : capped cable is better than no cable at all...

Re:Don't bother trying this...

[Loiosh-de-Taltos]

The SURFboard modems check both sides. The Nortel CM200's and RCA 105's up to the 235's (with USB, yay) also hit the ethernet if they cannot reach a CMTS across the cable.

Interestingly, The CM100 (BayNetworks by Nortel) does not make that mistake.

Re:Don't bother trying this...

[Rogerborg]

• The SURFboard modems check both sides

And in the absense of any references, I'll just flatly assert that my Surfboard 3100 doesn't even bring up the ethernet side interface until it's brought up the cable side, been told what docsis to get and where to get it from, and pulled it in on the cable side. Exception, if the cable side fails, the ethernet side is then brought up purely for the purposes of serving DHCP to a LAN, but in this case, the cable side is down and it won't forward packets.

Don't get me wrong, I'm a network engineer, and I fully accept that engineers do make idiotic mistakes like bringing up and checking both interfaces. But I'm saying that in this case, I've never seen it happen, nor have I seen any credible documentation (other than hacker optimism and unfounded assertions) that there are any DOCSIS modems out there that actually do this.

Got references?

Re:Don't bother trying this...

[sl956]

Also, providers don't "switch to DOCSIS". DOCSIS modems will do squat unless there's a DOCSIS compliant cable network for them to get their info from.

Taht's why when a provider switch his network from CDMA to DOCSIS, they have to replace the CDMA cables-modems of their clients by DOCSIS cables-modem (they have done it in some european cities e.g. Paris some months ago).

Incidentally, it's true that Surfboards will bring up the ethernet interface eventually, [...] only after cable side negotiation has failed.

That's why you have to temporarily unplug the cable before trying to fool the cable-modem.

but only for the limited purposes of acting as a DHCP server on a LAN,

That's basically untrue : be it a on purpose or a design flaw, the Motorola SurfBoard 4100 do try a negotiation for obtaining a config file on the ethernet side if the cable side negotiation has failed.

Re:Don't bother trying this...

[Sc00ter]

My 3100 didn't work, but I know people with 4100s where the hack did work. Had to do with my firmware version. I know it works, I know people that have done it.

Re:Don't bother trying this...

[avdp]

Worked for me. Although I did not keep my modem uncapped (I just don't do uploads often enough to make it worth the risk of getting caught) I did keep it long enough to verify that the "hack" worked.

Re:Don't bother trying this...

[micromoog]

Christ, what kind of stubborn egomaniac are you? Just because it didn't work in your single test of a single modem, you're making the broad assertion that it doesn't work for anyone, that SecurityFocus is full of crap for carrying the article, and that all the first-hand accounts in this thread are lies.

If you're really a network engineer, I hope you're never in charge of my quality of service . . . your stubbornness blinds you to any new information comflicting with your own assertion.

Just admit it. Either your test was flawed, or there exist other configurations that you're unfamiliar with. You don't know everything.

Re:Don't bother trying this...

[ReelOddeeo]

providers don't "switch to DOCSIS".

Mine did. They began upgrading the system all over town. Vastly improved. Many new services. They started gradually switching sections of town over to DOCSIS. There was a window of time in which you could use both the old ugly Zenith modems or the new SurfBoard modems. But by a certian date you had to bring in your cable modem and replace it with a DOCSIS modem. Unfortunantly, I had to change all of my static IP's at the same time.

Re:Don't bother trying this...

[DarkEdgeX]

Thanks for your opinion on the matter. I think I'll take Security Focus' article on this to be accurate and realistic however, in light of the fact that THEY'VE had a reasonably long life making accurate reports whereas you, whom I've never even HEARD of, appears to just be posturing in a public forum.

Unused bandwidth can never be recovered...

[weave]

I understand the rationale for caps but I wish it was implemented with a bit more imagination and skill. Cable modem bandwidth usage has peak and off-peak hours. At 6am on a Sunday morning it's practically dead while Tuesday at 7pm it's heavy. So why can't they uncap or raise the cap during off peak hours so someone that wants to download three ISOs of redhat 7.3 could program their box to grab it early Sunday morning? All that bandwidth they are saving during off peak hours is wasted. It's not like they can apply it back during peak usage.

This would also encourage off peak usage. It'd be far better to squeeze out that 2 gig download quickly when it has no real impact on others versus taking hours due to a cap during peak.

I'm guessing you just can't reprovision the cable boxes that quickly and dynamically everywhere, but damn, it makes sense and I still don't understand why caps aren't implemented using some QOS type service at the head-end anyway...

Re:Unused bandwidth can never be recovered...

[DarkEdgeX]

Just like ISP (and cable and phone and hosting service) "setup fees", things like this will never get implemented because. Sure, it costs the broadband provider NOTHING to uncap the bandwidth during dead periods, but so few people will actually benefit from it (or complain enough to implement it) that it's not worth their time.

I still picture the little old lady who uses a terminal to enter in all my information at the cable company, then presses an 'Enable Service' button, getting paid $175,000/yr for her services (clearly she makes a lot of money if I can be charged a setup fee that's $20-40!). (PS: Yah, not all places charge setup fees anymore, but those that do have just as little justification for it as companies in the past have.)

Re:Unused bandwidth can never be recovered...

[weave]

I've gotten some e-mail basically saying this would be useless because most users aren't savvy enough to know how to shift their usage around, but by the cable companies own admission, the bulk of bandwidth is used by a small portion of subscribers. I put it to you that these same subscribers are the ones who would know how to shift their usage around via programattic means.

Given half a chance, I don't believe most of us geeks are unreasonable. And if variable bandwidth caps were instituted that were raised or lowered based on demand, just like the compression level on a CDMA cell signal is manipulated based on cellular tower usage and capacity, you'd start to see a lot of tools written that would make shifting of bandwidth around available for average users too...

Re:Unused bandwidth can never be recovered...

[n-baxley]

I can think of two arguments against this. I'm not sure of the merits of either.

1) The won't remove the caps for non-peak hours because it will be exploited by DSL and other broadband competitors. You've already seen the ads where they talk about people getting up during the middle of the night just to get a decent connection. It would only be worse for the cable companies if they themselves made it easier to get online late at night. Another example is the cell phone company, I think it's voicestream?, who lords thier "no peak hours" policy over other cell companies. Establishing peak and non-peak times is admitting the fact that they can't handle the desired bandwidth. By having one cap, they can claim that the cap is perfectly fine for any _reasonable_ user.

2) The other thing I could see is that if you uncap the service between 2 and 5 AM say, then your system suddenly becomes overloaded during those hours. You haven't fixed the problem, you just shifted it. I'm not nearly as confident in this argument, but maybe it has some merit.

Re:Unused bandwidth can never be recovered...

[warpSpeed]

That "setup fee" probably also covers the cost of buying or developing the program (and the hardware) that presents the enable button to that data entry person, and allows for the "quick" activation of the accounts. It will go to general overhead as well as a salary.

Owning a very small ISP, I agree with your first paragraph, the larger the comapany the more complacent they seem to be/get. I have to make the extra effort for each customer. It only takes one screwup and you lose a cusomer. The larger companies figure that the ROI for setting up something that takes care of a limited number of customers is not worth it, but they are wrong. You never know who is going to help or hurt your buisness in the future. Treat each customer right and one of them may bring in more buisness to you (and be loyal), treat one wrong and they may single handedly giving you are bad reputation by bad mouthing you to anyone who will listen.

Somewhere along the line the corperate bean counters get in the way and forgot that the customer is the one paying the bills.

Re:Unused bandwidth can never be recovered...

[ZiZ]

I've gotten some e-mail basically saying this would be useless because most users aren't savvy enough to know how to shift their usage around

For most users, there are four main things they do on the Internet:

• Browse the web, read email, and other low bandwidth activities
• Download music, game demos, patches, and other time-displaceable high-bandwidth activities
• Play games, video-conference, and other medium-bandwidth but latency-dependant activities
• Watch 'streaming content' and other stupid^H^H^H^H^H^Hhigh-bandwidth non-time-displaceable activities.

So, the only thing that really could be strongly impacted by an easy-and-straightforward method of shifting around your usage would be the second activity, and the average user has already proven their willingness to install random, suspicious software...Why don't the cable companies provide some high-quality, cross-platform (hah! like that'll happen) software that grants you uncapped (or more-uncapped) downloads of things you let the software schedule the downloads of for later?

Re:Is there anything like this for DSL?

[arivanov]

First: No. Same goes for the Euromodem Cable standard which is also ATM based.

Second: It should not work on properly designed DOCSIS Cable Modems either. A cable modem should not accept tftp uploads and config from anywhere but its cable interface which is not available to the casual hacker.

Third: It will not work on properly configured newer DOCSIS 1.1 and later networks either.

Here is why:

First: In DSL the speed is largely controlled by the DSLAM. Some modems do some minimal QoS and capping but it is hardly ever used. No need to.

Second: design fault. Typical of telco manufacturing. No comment needed. Can be fixed by a single software upload which the provider can trigger on any software upgradeable modem. As a result it will no longer be possible to uncap it.

Third: You can hog bandwidth in an unlimited fashion only on a DOCSIS 1.0 and incorrectly configured newer networks. DOCSIS 1.1 introduced the concept of a transmit map. The cable modem termination system tells you when you can transmit and when you cannot (it can also slice bandwidth exactly on per consumer/application basis). As a result a properly configured 1.1 or newer network should have no need for CPE capping. Of course, US has a boatload of non-docsis proprietary networks so dunno about these.

Creepy stuff

[RebelWithoutAClue]

Anyone else find this rather creepy ? Submitted the previous comment without a subject. Whoops. Found at the bottom of http://www.iscentral.org/~tcniso/main/oneStep.htm On a final note, the server install is approximately 23 megabytes (what the heck ?), and we have put some extra security features in. Since we know you should be online when you try to run the software, every time the software is started up, it will use a unique software key to download a special authorization pack from the website. The software must have this pack in memory before it can properly run. The unique key is generated from your hardware MAC Address and must have that same address to be able to function. All keys will have to be created by a special generator. This will also allow us to only let others use this software when we want them to, incase we need to shut it down or to upgrade. Server should upgrade easy. I have put a lot of time into this software and am very glad its finally a reality.

onestep == vapourware

[sh0rtie]

Ok after sniffing around IRC (including the said hackers channel) and various boards this secret "underground" program the securityfocus guy quotes doesn't exist , its vapourware.

what does exist is a kludge of tftp servers,query utils and glorified DOCSIS editors that with 20minutes and a *lot* of messing about you can change your config settings and then only until the ISP check your modem (automated) via SNMP , deny this and your cut off, accept it and it will detect your hacked config and cut you off...permanently
so you are screwed either way.

not to mention that most of the cable modem companies are using MD5 hashes to validate the config files integrity (MIC (Message Integrity Check)), other than a severe hardware hack your not going to crack much with this verification.

i came accross tco-iso's website quite a while ago and after a few visits over the months it seemed to of ground to a halt when they realised that MD5 was involved, they even mentioned the possibility of brute forcing the hash which raised a smile from a few of us.

They point to their IRC channel for files but the *only* files that exist are just mirrors of the files their site links to, no "onestep" or 30mb files and certainly nothing special in the files (other than someone knows how to use a hexeditor on PD software)

some people dont understand how uncapping really works but i think speedguide's article seems to sum it up nicely.

Re:onestep == vapourware

[btellier]

Secrets, eh? You better have some pretty serious anti-disassembly tricks up your sleeve because me, IDA and some free time will post your BS secret all over the 'net if you don't.

Who the fuck do you think is going to download this dumbass program if there's no source? You've got a 30 meg program with NO SOURCE for something that, by all indications, could be written in perl with a couple command line switches in 1000 lines?

How hypocritical is a guy who writes illegal programs to modify your cable modem so you can download more information but DOESN'T INCLUDE SOURCE HIMSELF? Fuck you and the mom you rode in on.

Wow that's pretty stupid

[Lumpy]

Pretty cool hack but really stupid to use. If anyone thinks that the cable company isnt watching for out-of-bandwidth or anything that looks strange then they are as the title states.... pretty stupid.

The cable company drives around your city and neighborhood with sniffers looking for illegal cable tv hookups, something that costs them ZERO dollars... the cable signal is already there, they dont lose money with someone stealing it. Stealing bandwidth, that they do see as a dollar amount..

If they will spend millions to snif out morons that steal the cable signal or HBO, you are sure that they are spending as much effort, time, and resources sniffing out for this stuff... hell they already watch for cloned cable boxes and cable modem boxes (Yes Johnny, you can get cable modem service for free, just buy this modified cable modem!)

It's just like real hacking, if you do it from your home then you are really really stupid....

Reaping the fruits of greed

[varn_ix]

Well, this is what you get if you are greedy. Instead of quietly opening the valve a bit more,
say, by a half (a fifty percent increase in performance is not bad by any standard, yes?),
they push for the skies. Skimming off the top goes unnoticed (or even tolerated) far longer
than just taking it all.

Re:Property vs Service

[DarkEdgeX]

I was about to say the same thing-- that just looks so wrong taken out of context.

Re:Do ISP's know about QoS yet?

[T-Punkt]

Nice idea, they would be lucky if they could. But they' can't effictivly limit the upstream of a single customers over a shared media like cable. They could of course simply drop packets on their side but the cable would still be clogged up.

That's why uncapping cable modems is immoral: If you unlimit your rate you are stealing bandwidth from other users on your cable segment and lower the quality of their cable service.

Re:Easy to catch

[Old+Wolf]

Solution to this: if you are capped at 15k, then install a Linux machine, do NAT on that and route everything straight-through your DSL modem, and then set it to hold the traffic at 14.9k and to give lowest priority to file downloads.

Re:Property vs Service

[Gordonjcp]

Doesn't work that way. Consider this: The government provide the roads. I pay the government to provide roads, and they keep up their end of the bargain by giving me nice, long, straight motorways to drive on. However, the conditions of use, as it were, state that there's a maximum speed limit of 70mph on the motorway.

Now, the government doesn't supply the car. I went out and bought the car. I have a Citroen, you may have a Ford, or a Vauxhall, or whatever you like. They're all *capable* of going faster than 70mph, but if I get caught doing that, I get a speeding fine, and points on my licence. I can't argue that "I bought the car, I paid for it, so I'll use it any way I want".

Re:Property vs Service

[Gordonjcp]

Ooooh, that could very well become my new sig...

The tragedy of the Commons

[barberio]

Broadband internet useage is turning out to be a real life demonstration of the tragedy of the commons for some.

For those who have not studied Sociology, I'll summarise.

In a village, there is a common patch of land. General consences decreed that the land was free for any to graze their animals on. After a while, many people decided to graze as many animals as they physicaly could on the patch of land. Eventualy the commons becomes a muddy barran field due to over grazing. (Note, actualy, in large scale, this can, and has, turned grassland in to wasteland and even desert.)

The point is, many people have been saying 'Its the Internet, you paid for a connection, you have the right to use it to the full!' for so long. (ref, countless slashdot articles) Now people belive that bandwidth restrictions are artificial, that the cable companies are just trying to get as much money as they can. (Actualy, the Cable companies rent bandwidth in turn from companies which did speculative investment in laying high bandwidth cables. So if they need to increase bandwidth, they have to pay more.) This results in people asuming they have a right, and even a moral obligation, to take as much bandwidth as they can and 'share stuff'.

As another example, it would be wrong to take up two seats on an airliner when you only bought one ticket.

This scam is the equivelent of forgeing an airline ticket. Crude, and likely to end you up in hot water.

Re:The tragedy of the Commons

[stinkydog]

As another example, it would be wrong to take up two seats on an airliner when you only bought one ticket.

Is it still wrong to take 2 seats if the airline reduced the seat width from 18" to 9" to save money while still charging the same price? I am afraid I would have one asscheek in each seat.

Cable and cable modems are not the commons. They are monoplies run by companies trying to extract maximum profit for minimum work. I do not want to say that bandwith theft is correct, but there are two sides to the coin, and I have a hard time feeling sorry for the 'poor' cable company.

At one point I asked Time Warner to provide free internet service to a community center located in a neighborhood where the median income is $2000 below the poverty line (2000 census). They declined, not because it would be a precident (they provide it to facilities in other communities) but because they were so used to screwing our community they did not feel the need. So much for the commons.

SD

Re:The tragedy of the Commons

[barberio]

Which part of 'Bandwidth is a limited resource' and 'The companies have to pay more to get more bandwidth' did you fail to understand?

Sure the companies may suck, and may do bad things like that. But claiming that theft is of bandwidth is deminished in this way is going to backfire and potray those of us looking for 'internet fredom' as swindlers. As I said, the 'Hack the Planet' mentality is doing much more damage than good.

Re:The tragedy of the Commons

[barberio]

I'm dyslexic. But I do enjoy people constantly correcting me on things I have no hope of changing. Thank you.

Please feel free to code a spell checker for slashcode if you want.

Re:The tragedy of the Commons

[stinkydog]

Which part of "the companies will screw the customers anyway they can" did you miss?

Bandwith is limited by infrastructure and bandwidth fees and the company's goal is to spend as little on each as possible. As these are monopolies, unless someone (the government, a class action suit, hackers etc.) force people to take a look at what is happening, things just get worse. I would be very curious what percent of the cable fees actualy go to bandwith vs. profit.

Theft of bandwith is not right, I agree, but abusive monopolies like cable companies are not right either.

Monopolies do not equals Commons

SD

Re:The tragedy of the Commons

[m0i]

As another example, it would be wrong to take up two seats on an airliner when you only bought one ticket

Did you ever got bothered by anyone when you took the free seat next to you along with the one you were currently on? I don't think so. It's there, it's available, why not using it if you feel the need to? It's not exactly the same with bandwidth because there's a direct associated cost which is not the case with the free seat (it's likely it will travel with you whatsoever ).
Anyway, I think people just need to be explained things to accept the restrictions. Capping actually helps them having a better service overall, by protecting them from their abusing neighbours. I won't say that I don't find the up speed at 128kbps to be a bit slow, but I used to have 28.8k up so, why complaining in the first place? More is better?

Re:The tragedy of the Commons

[foobar104]

As these are monopolies...

You keep using that word. I do not think it means what you think it means.

Re:The tragedy of the Commons

[foobar104]

That's funny. When I post to Slashdot, I get client-side spell-checking right there in the text box.

Of course, I'm using the best web browser on the best platform, so your mileage my vary.

Re:The tragedy of the Commons

[stinkydog]

As per Merriam Webster Online:
Main Entry: monopoly
Pronunciation: m&-'nä-p(&-)lE
Function: noun
Inflected Form(s): plural -lies
Etymology: Latin monopolium, from Greek monopOlion, from mon- + pOlein to sell
Date: 1534
1 : exclusive ownership through legal privilege, command of supply, or concerted action
2 : exclusive possession or control
3 : a commodity controlled by one party
4 : one that has a monopoly

Let me know who else can provision a cable modem in a single cable provider community and I will retract my statment. Most communities have a local monoply for cable services. Aggregate these communities together and you have monopolies.

Unfortunatly, the FCC say that communities can not regulate broadband in the same manner they regulate cable. I will go a step further to state that most cable companies provide internet as an unregulated monoply in their respective communities.

My mother lives in a community with a large cable company and a city owned cable provider. The cable company is much more customer oriented and price competitive as they do not have a monopoly.

Re:The tragedy of the Commons

[barberio]

"Library books are free for all to borrow, but people don't all go there and borrow as many as they can just because it's open to anyone for free."

Check your Library card. Most public libraries limit the maximum amount of books you can take out. And they have fines for late returns.

"Water from a public drinking fountain is free, but nobody sits there all day filling up bottles of water just because it's free."

But when piped water was new, they did just that. It took a lot of teaching to get our curent social stigma of wasting water that comes from a tap.

"Besides, the "tragedy of the commons" is usually used as an example of why government control of something is bad. Yet in this case the connection is owned by a private company, and you're still crying about the 'tragedy of the commons'?"

Er... So, because I dont use the argument in the traditional role, its wrong? And, I seriously think you have the wrong end of the stick there with your given usage too.

"If it wasn't for the shared backbone you wouldn't have an internet connection at all."

Yes. And no. Networking is more complicated than that these days. But I'm not saying a shared escential resource is inherently wrong. (Apart from single point of faliure, but thats a diferent argument all together)

"I find nothing tragic about having this sort of 'commons', it's an enabling device for crying out loud!"

Uh huh? And your point was what exactly?

The 'Commons' example is for an *Uncontroled* and *Unmetered* limited availablity resource. I dont understand how anything you've said is relevent to what I said.

Re:The tragedy of the Commons

[Ziviyr]

it would be wrong to take up two seats on an airliner when you only bought one ticket.

Okay, that makes sense. Unless the plane was underbooked and the seat next to you is empty. Then what? Why not take advantage of it? Stretch out! It costs the company nothing and inconveniences nobody!

Everyone is assuming its always tapped out. If it isn't then whats wrong with that (and why the hell aren't the companies already offering you that extra seat on underbooked flights? They shrink your seat when it suits them, are they too lazy to make the seat scale both ways?).

Cheap point-to-point line potential?

[Gordonjcp]

OK, how's this for an idea?

The config file is uploadable through the ethernet port, and seems to be able to specify the upstream and downstream frequencies, along with the maximum bandwidth rates etc. What would happen if you joined two cable modems with an F-to-F connector cable, and send config files to them so that the receive frequency of one was set to the transmit frequency of the other? And, how far from each other could they be? I know that the sub-headend that supplies my cable modem is only about 1/4 of a mile away, but I'm sure they work over a greater distance.

Any thoughts?

Re:Cheap point-to-point line potential?

[Gordonjcp]

Yep, I read up on them. Bugger.

That would have been sooooo handy.

Kill two birds with one stone...

[phillymjs]

Someone, please write a tool that sends and executes a cable modem uncapper on every Nimda and Code Red infected machine that probes my servers from a cable modem IP address!

It will cut down on unwanted traffic as the cable company gestapo hunts down those ignorant dickheads who are still running unpatched machines, and sends them back to AOL, where they belong if they can't properly maintain a computer.

~Philly

What we really need

[ZoneGray]

See, they're going about this all wrong. What they really should do is develop a way to uncap your neighbors' cable modems. Then, they'll get tossed off the network and you can have it all to yourself.

Re:Changes in speed - The Carrot and The Stick

[White+Roses]

Comcast and Cox, while not actively raising their rates, are certainly providing lousy connectivity. Sure, their respective customer services are responsive, but when the response is always, "We're working to fix that," it gets a little tedious. There have been days that service has been essentially unavailable. If I can't get the bandwidth one day, it's gone, and I generally don't even have a rebate to show for it. This tends to make me want to do something like uncapping my modem to make up for it the next day.

I'm not saying it's the company's fault that I'd do something along these lines. They're just not providing much of a carrot for me not to do so. Reliable service is the carrot, cutting off my service is the stick, in this case. It'd be nice if more companies would use the carrot before the stick, but that would mean, I don't know, that they appreciate their customers or something weird like that.

Cox, at any rate, monitors their cox.community news groups closely, and will respond in that forum about issues and try to resolve them. I do feel like I am getting a response, so I'm giving them the benefit of the doubt. For now.

Comcast's published news server rarely works at all, so I can't say the same for them. If there was a broadband option where I'm using Comcast, I'd have taken it long ago.

Why bother?

[Chasing+Amy]

I can't understand why people would even bother. Even though I've felt like my connection was "lagging" a bit this week, I've still managed to hit my 6 GB USENET download limit *three times* since last Friday. )My NNTP service sells 6 GB/month USENET access; but one can renew online for additional payments every time the cap is hit).

So, that's at least 18 GB of data I've downloaded in a week, without having to use one of these uncappers and pissing off my cable ISP. Unless you want to uncap the upload speed to run a server, I don't see much benefit. And of course, running a server is a TOSable offense for home cable internet service, so that's a risk that hardly seems worth it.

Re:caps on uploads

[scott1853]

I have Adelphia and I've been bugging them about this and several techs keep telling me that the actual cap is at the head end. Anybody know if this could be true or not?

I've looked at the modems config screens and it shows Downstream: 717MHz, and Upstream: 33MHz. Could it be double-capped?

One little observation

[TrebleJunkie]

It seems like the overwhelming majority of folks here think that uncapping your cable modem is a Bad Idea, either because you're stealing the service, breaking the law, taking bandwidth away from people who are paying for it, or will lose your high speed access if you do.

But how many of you used Napster, and now use Gnutella, Kazaa, Audiogalaxy and the like, and think it's your god-given right to do so?

The shoe seems to be on the other foot when *you* run the risk of losing something. Consider, though, that other than the much closer-to-home personal risk involved in this one, that *both* acts are basically theft.

(As an aside, I wonder, though, how long until the "studies" show that uncapping your cable modem leads to the purchase of higher-bandwidth levels of service.)

Re:One little observation

[SwedishChef]

If I use Napster or Kazaa or any other file-trading software to download digital versions of music I already own on CDs it's not theft. It's no different than making an audio tape from a CD to play in my car. This is the legally established doctrine of "fair use" and the more people, like you, who continue to describe it as "theft" the sooner we'll be paying each time we listen to a piece of digital music. Not for each piece of music mind you, but each time we listen to it.

Erosion of fair use rights is a seriously dangerous thing. Try to at least modify your remarks to take this into account.

Re:One little observation

[SwedishChef]

"If you already own the CD, why not make the MP3 yourself? People trade music for music they don't already own, plain and simple."

Because it's a 2 minute download and it's already in mp3 format and that makes it easier. So not all people trade music that they don't already own.

Re:Fun? Yes. Legal? Questionable

[einer]

Murder isn't about morality so much as order. It's hard to have an orderly society when murder is legal. Same with the Speed Limit laws. Legislation has nothing to do with morality. Nothing.

Re:OT: Toshiba PCX1100U

[ImaLamer]

Sorry, I wrote the comment in a rush.

I hooked up a second box - yes a Windows box considering there is no way to use the USB function of the cable modem.

The second box got the maximum speeds ( 250K down, 45K up ).

My cable access is paid for by my roomate.

I can't afford a router/hub or even another pair of NICs.

This only worked for a certain amount of time.

The cable company "turned off" the USB function from what I can tell since it won't work at all now.

If I used a router or a hub my computers would all share the bandwidth.

Yes, this is all off topic.

But I paid for unlimited access

Just because they didn't realize I was going to steal from them shouldn't allow them to stop letting me steal from them.

When I signed up for service, I knew this hack was available. That means when I signed up for service, I had every reason to believe that I would get unlimited bandwidth forever.

When will these companies get it. They are going to piss so many thieves off that sooner or later they are only going to have paying customers that follow the rules, or aren't heavy enough users to worry about. And then what will they do, besides make money. I mean what good is a network that isn't crawling on its knees from all the MP3 and warez sites. Some people just don't get it.

Someone buy these guys a ticket, so they can hop on the clue train.

Re:OT: Toshiba PCX1100U

[ImaLamer]

No no no....

I am allowed two IP addresses no problem.

I was getting full bandwidth on both machines.

With a router or hub I would share.

I wasn't fully taking advantage of it at first - at first I was using for in house file transfers only - backups, etc... but then my evil side came out.

Re:Easy to catch

[jandrese]

That's not the problem. There is plenty of bandwidth to go around (at least on my loop, we were getting phnominal rates before Comcast came and capped us), the problem is the 1500/128 bandwith cap in this area. That's more than a 12:1 D/U ratio! It only takes one person trying to do video conferencing, uploading a file, running VNC or whatever to max out the upload and cause horrendous performace for the entire network. Remember that TCP backs off when it sees loss, and even if you are only using a faction of your download you will start loosing ACK packets at the modem and your download will slow down to a crawl.

I wouldn't complain except that Comcast offers no "power user" service with a more reasonable upload cap (like 384 kb or so) and I live 17km from my nearest CO. I don't understand why Comcast doesn't offer tiers of service like many DSL providers, they could make a fortune off of their artificial scarcity of bandwidth and their monopoly in this area.

Combine this with Brilliant's SpyWare network

[ReelOddeeo]

Brilliant's spyware network, Altnet, should incorporate this hack. If the hack will work on your particular modem, then Altnet would be able to make use of more bandwidth.

Or, maybe they shouldn't.

Say what?

[hagbard5235]

I've worked with both DOCSIS 1.0 and 1.1. The MAP MAC message is an integral part of both 1.0 and 1.1. It is not new in 1.1. The cable modem needs to specify a COS ( class of service ) during it's registration process to the CMTS ( cable modem termination system ) in both versions of the standard. The CMTS enforces the COS in both version of the standard. The only major changes I recall between 1.0 and 1.1 with regard to how COS was handled was the introduction of dynamic classes of service for cable modems to accomidate telephony services.

Even better...

[Brian+Stretch]

Reprogram the Code Red carriers cable modems for, say, 1Kbps upstream bandwidth, so they can't bother the rest of us quite so easily. The cable co will still noticed the hacked modem if they're paying attention at all. Heck, cut their downstream bandwidth down to 64Kbps while you're at it, leaves more for those of us who know what we're doing.

Re:Property vs Service

[DaveWood]

I pine for the good old days (of 1997 or so) when I could say this and it would be true. Too bad congress took the right to modify and reverse engineer away from us, because we might use it to threaten the intellectual property of a few big companies.

If it were particularly easy to do this sort of thing, how long do you think it would be before tinkering with this kind of equipment would be illegal too? Or even talking about it, for that matter? Because why make it just a civil matter between business and customer when the goverment can join the party!

It's amazing how proactive the government can get with your rights and freedoms when a big corporation's monoply- I mean, revenues might be threatened. You see, when two individuals or two businesses disagree about how their business relationship is working out, they have to pay for their own day in court. But when it's business vs. consumer, the police suddenly don't mind lending a few billy clubs.

I think if we take the DMCA to it's logical conclusion (since if it's a good law, surely not only copyright deserves that level of protection), we should be setting up "Federal Speech Centers" for citizens to visit before they write or say anything, and everyone can take a number and stand in line and step up to the counter to ask the Federal Department of Speech employees if what they're thinking is OK to talk about, to insure that no one else's government-sponsored "rights and freedoms" get "threatened." I mean, what's the sense in waiting until someone actually comits a crime?

We don't need a Department of Actions Performed in the Privacy of the Home, because it'll be cheaper to just put cameras in every room.

So what's the problem?

[Restil]

Someone violates his TOS by uncapping his modem for the purpose of abusing his connection, gets caught in short order, and is banned from every abusing that internet provider again. I fail to see the problem here. The REASON these modems are capped in the first place are because of these very abusers. Granted, AT&T as well as other cable providers probably don't want to lose a bunch of customers, but the heavy warez/movie trading crowd they would happily do without as they tend to overuse their bandwidth allocation regardless, as well as creating potential legal liabilities.

This gives them an easy out. If they're able to detect an uncapped cable modem in a matter of hours after its been uncapped, then this is a great way to relieve yourself of a bunch of unwanted customers. And they don't even have to monitor bandwidth content. Just have to check the speed going over the physical maximum.

This should also be a wakeup call for parents who "share" their internet connection with their kids. Better let your children be aware that if ever they do something this foolish there will be serious hell to pay. PAY ATTENTION to what your children are doing. You don't know?? Then don't let them have internet access. When they turn 18, let them get their own account, and they can use or abuse it as they see fit.

Or if you REALLY need that extra bandwidth, pay for an account that provides for it. MOST companies, even cable providers have accounts that provide greater upstream bandwidth, but they don't cost $49, and they're rarely parts of a promotional deal.

-Restil

My suggestion remains...

[_aa_]

Every month or so I try to email my ISP to complain about upload capping with a letter similar to the following:

Dear Sir or Madam:

When i subscribed to your service I was promised "Unlimited" access, however you have limited my upstream connection. When I try to video teleconference with my grandchildren in the hospital, the image quality is extremely poor, and the audio is hard to understand. It is absolutly no improvement from when I had dial-up. I was also promised that I would be able to send video emails, but they take so long to upload, and while they are uploading, it chokes my ability to surf the web. Moreso, when I am trying to upload pictures and video of my family to my website, the connection frequently stalls or disconnects halfway through the upload and I have to start all over. I find this to be very frustrating and stressful, and since my recent heart attack, my doctor has ordered me to avoid stress. Because of this I will be forced to end my service with you.

It never seems to work, but maybe it will get them to stop promissing unlimited access and blazing speed.

(btw, I'm not really old)

UNCAP AND OBEY RULES!!!

[maxrez]

When onestep comes out I plan to try it. I don't think I will be caught because I'm going to set the speeds to the setting they ARE ADVERTISED AT.I might not get an increase, but its worth a try. I'm supposed to get 1500k down and 128k up. Those are both kilobits per second measured with kilo meaning 1000 not 1024.(as defined by communication term of kilo not storage term.) I have comcast and I have NEVER got the top speed as I did with @home. I understand if I don't get it all the time, or maybe not often but "never" is different! The top speed I have ever gotton is 900k down and 96k up. So if they are cheating us by setting the numbers (that we can't see) lower than they are supposed to, I will be fighting back. Its like a butcher's thumb on the scale, and I'm not going to fall for it. And if any records show that I am going faster than everyone else, I will still be BELLOW the allowed speed they say I can go.

Re:caps on uploads

[scott1853]

Ummmmm, doesn't the frequency directly translate into maximum transfer speed. For example, the faster a signal cycles, the faster the data can be sent since data is sent on a per cycle basis, not a per second basis.

Re:Is this whole conversation is a red herring?

[Wesley+Felter]

A large router costs as much as a house. Many ISPs are losing money or barely breaking even as it is, so I don't think there's any kind of artificial scarcity here.

Only 4?

[Convergence]

One friend wanted to impress me with his 31337ness by doing 20 concurrent transfers on my http server!

I submitted a security advisory to apache and they basically said ``Its the kernel's responsibility''.

Maybe that is the only place where it can be assuredly done.. But IMHO, apache should still have that option, if only to make it easier for us to discourage abuse like this.

Fair queueing

[Wesley+Felter]

Fair queueing would probably be better than different caps based on peak/non-peak times, but I don't know if anyone has figured out how to do it on a shared-media network.

(As an aside, I looked up queueing in a dictionary and there seem to be two acceptable spellings, which makes googling a little harder.)

My uncap history

[rosewood]

Last weekend I tried this guy's surfboard hack and I ran into one big problem

The Docsis files are md5 signed and if I dont sign them, then I am SOL. I followed the steps, spoofed the tftp, wathced the modem grab the config - but yet my upload was still no better then 256kbits/second

As for the whole legality - All I am going to do is make my cable modem "up to 100x faster then 56k modem" because right now I am @ 3mbit/s and 256k/s. A 56k modem has a limit of 33.6 kbit/s for upload SO 100x faster is 3360 kbit/s second ... THATS A FUCKLOAD MORE THEN WHAT I HAVE. As for my download - well, 100x faster then 56k - well, we know its not REALLY 56 and I forget what it is but I never got better then 40kbit/s so lets go with that as the cealing - 100x faster is 4000 kbit/s. - I am CAPPED @ 3000/256 but yet if I were to hit their MAX of 100x faster I would have to be capped @ 4000/3360. I know 100x means if all the planets are alligned but its absolutely 100% impossible to get 100x more then a 56k. That is false advertising. I see no reason why I can not take my modem to what they advertise.

Discuss.

Re:My uncap history

[prisoner-of-enigma]

Perhaps you neglected to note the first two words of your quote, which said "up to 100x faster than 56K". It is not false advertising, anymore than weight loss programs will advertise you can lose "up to" whatever amount of weight is popular this week.

Don't get me wrong here, I'd love to hack a modem myself, but you can't go spouting off about how they owe you this or they owe you that just because of the phrase you quoted. They don't owe you anything more than the service, and I doubt that there's any language in the contract that states ANY minimum or maximum transfer rate. That's why you should READ the small print, which I'm willing to bet you haven't.

I have DSL and cable available to me and I've picked DSL based upon the horrible feedback I've heard from customers of cable services. The day they hooked up my DSL (which was the same day they turned up the DSLAM down the street) I did a speed test and was getting 3Mbit downstream and 1Mbit upstream. That was fine for about four days until suddenly my connection went to 1.5Mbit down, 256K up. They capped me. Am I angry? Bitter? Nope. I have more bandwidth than many small companies do and I'm only paying $49/month for it. The network DOES NOT BELONG TO ME, thus the DSL company has every legal right to do whatever they want with it, including capping their customers.

If you wish to fight the company you have two choices: (a) hack your modem, get cut off, and then cry because you're stuck or (b) find another provider or method, such as satellite or DSL if it's available. If you have no alternatives then you are stuck and best just get used to it until someone else comes along. Laws of supply and demand to not alter themselves to your whim just because they didn't give you the "FUCKLOAD" of bandwidth that you wanted.

Re:My uncap history

[prisoner-of-enigma]

Some people, like you - maybe content with being stuck with crappy service - FUCK IT - Ill get the service I demand and most importantly, their advertising monkeys promised.


And precisely how do you propose to get the "service you demand"? Hack your modem and you'll be cut off. They have absolutely every legal right in the book to do so, and even though your signature may not be on a contract (because you likely started the service over the phone), the fact that you're using their network, you're being billed for it, and you're paying it, constitutes a legal contract. Go check your state law and you'll see I'm correct here.

And if you believe whatever you hear in advertising, you've got a long, rough road of life ahead of you.

Re:My uncap history

[rosewood]

And if you believe whatever you hear in advertising, you've got a long, rough road of life ahead of you

The problem is when a company advertises something, they have to deliver - what you are not suposed to beleive is the hype

for example, go back to their 100x faster claim. It was already covered that is UP TO 100x faster. We all know on any given sunday its really only 10x faster - but they are saying sure, it could hit 100x - and my bitch is that it can NEVER hit 100x, not due to poor network but by design.

I purpose that everyone out there hack their modem. If everyone does it, and they can everyone, then they can have fun running a business with no one on it.

If we wanted to duke it out on a legal basis, assuming I had the money and the lawyers, considering I exist under no terms of service contract, they would have a hard time winning.

If I get my account can'd - fine - its not worth paying for as-is

Re:My uncap history

[prisoner-of-enigma]

Let's do a little experiement based upon MY experience with my DSL provider.

Back when I had ISDN my average transfer rates were about 13KB (bytes, not bits) per sec, which is just about right given the 128Kb (bits, not bytes) that ISDN is rated at. ISDN is about 2.2x the speed of a 56K modem.

My current transfer rates are around 160KB/sec, meaning I'm a little more than 10x as fast as my ISDN, meaning it's about 25x the speed of your average 56K modem. That's nothing to be ashamed of! It's equal to having a T1 line in my home (downstream only). Last I checked, a T1 line at home would cost me about $800 to install and about $400/month through Worldcom. I'm paying $49/month for the service. No matter how you look at it I'm making out like a bandit here.

And let's consider that many of my friends with cable modems get speeds well in excess of mine (but only if they live in sparsely populated areas). Some of them have reported transfer rates around 300KB/sec, which is about double mine. That would make it about 50x the speed of a 56K modem.

What's odd is that I have yet to hear the magical "100 times faster" ad for any local service providers. All of them use the "up to 50 times faster", and it that they're pretty much on the mark. What provider do you have?

Take a step back and realize that you're getting a tremendous amount of bandwidth over a 56K modem, even if it was only 5x faster. You're paying practically NOTHING for it when you compare it with typical (commercial) internet service with the same bandwidth. If you want to gripe about something, gripe about how often it goes down (T1's almost NEVER go down, part of what you pay extra for), or the crappy customer service, or whatever, but griping about being "only" 10x faster than a modem is petulant. There are lots of people out there who would KILL to have 10x speed as they anxiously await broadband. I know, I was one of them until about 6 months ago.

Re:Fun? Yes. Legal? Questionable

[Rupert]

John Ashcroft says you're wrong.

The difference between Morals and Ethics.

[Qrlx]

The reason they say "You can't legislate morality" is because morals are unique to each individual, a set of personal beliefs and guiding principles (or lack thereof.) Morals occur inside your head, you get to figure them out for yourself.

Ethics, on the other hand, is what (some) laws address, such as laws against murder and other examples in this thread. Ethics could perhaps be described as the loose framework of commonly shared beliefs among a society's members, a consensus of what's acceptable and unacceptable. Ethics probably play a big factor in an individual's morals, but they are only one part.

This is an important difference. Morals and ethics are completely different things. No congressman has even been rung up for poor moral behavior, only ethics violations.

The statement "You can't legislate morality" means that the law reflects a society's ethics, not an individual's morals. You can't force your moral beliefs on anyone but you can demand that members in a society adhere to a code of ethics. For instance, you can make racism illegal but you can't prevent anyone from having racist thoughts. You CAN make it illegal for them to lynch or burn crosses.

Similarly, when you run a red light late at night, or don't buckle your seat belt, that's your morals overriding society's ethics.

I think a better statement is "Legislation should have nothing to do with morality." Sadly, our current Attorney General, for one, believes that you CAN legislate morality. That leads us to the era of the Thought Police.

Re:The difference between Morals and Ethics.

[unitron]

You can't legislate morality because if the only thing keeping you from doing something "wrong" (admittedly a very grey area) is fear of being punished for breaking the law that prohibits doing that "wrong" thing, then you aren't refraining from doing that "wrong" thing because of your own personal morals. Basically morality is defined by what you would or wouldn't do if you were sure you could get away with it and no one, except yourself, would ever know. Legislating morality is like passing a law making everybody have the same favorite color. Some people already thought that way and the rest are now lying about it, but the law has no effect on how they really feel.

Perils of hacking your cable modem

[Phrogger]

I've heard of uncapping your cable modem and have seen some tools around for doing so. However, I figured that it was a pretty dumb thing to do; if you actually used the resulting higher bandwidth, you would only call attention to yourself and have the cable company disconnect you.

If more people start uncapping their cable modems (which, in reality, are ethernet bridges not modems) then I can foresee the cable companies devoting more resources to stopping such activity. Given that the cable modem is in the path before any firewall, they could simply remote detect and disable an
uncapped mdoem. Afterall, like the Night of Long Knives at Internet Direct a few years back (wherein users who left their dial-up connections up for 24/7 suddenly had their "unlimited" usage accounts terminated), it's in their interest to weed out the high volume (ab)users and cherrypick for the users who won't use the system to its potential. The more people they can get on a switch (i.e. a smaller netmask) the less costly it is for them to provide the service.

And if uncapping your cable modem seems attractive, consider this; would you want to be on a subnet with a neighbour who uncapped his/her modem and was sucking up the bandwidth such that your DivX and mp3 downloads were slowed to a crawl? You'd be on the phone to the cable company PDQ to get your speed
back, wouldn't you? And what do you think the cable co. would do to the bandwidth bandit once they found out what the problem was?

In Canada, Shaw/Rogers has capped their cable modems at 1.5 mbps down and 640 kbps up and charge CDN$40/month (US$25)for this service without extra charge (so far) for high volume usage. Personally, I think that's a bargain especially when I read about what (lack of) service our neighbours in the Excited States receive.

Re:Is this whole conversation is a red herring?

[Tazzy531]

Bandwidth is considered a commodity. Maybe not to you, but that is how it works at the root of the internet. Basically, these companies like Qwest lay out lines and sell the bandwidth, not the connection to the top level ISPs, then they resell it to the lower level ISPs, who then sell it to you. At the top level, bandwidth is sold like a commodity. You pay as much as you use and you can resell the unused portion to another top level one.

So in other words, ISPs have to pay more to support users using more than they are allotted. The rate that top level ISPs pay are variable vs a flat rate that they charge to lower level and to you the user. This is partly why they cap it. Now you might ask, why don't they buy more bandwidth? The ISP market is not that lucrative. When people charge a flat rate (ie ISPs or food buffets) they are banking on people that use less than they are allotted to balance out for the users that use more. Because their costs increase but their income stay the same.

To read more about it: go here

Re:caps on uploads

[fwr]

Yes,

Use your favorite snmp tool, and with the DOCSIS-IF-MIB loaded do something like:

snmpget -m all 192.168.100.1 public docsIfQosProfMaxUpBandwidth.0

and

snmpget -m all 192.168.100.1 public docsIfQosProfMaxDownBandwidth.0

My modem is set for 256K up and 3M down. From what I've been hearing in the rest of the discussion this does seem on the high-end.

But Adelphia service still sucks. What I do is make sure that I call support and create a case every time the cable modem is down, and schedule to get someone out here. They typically say that it will take a WEEK to get someone out here, so I make them give me a week's worth of discont on my cable bill. I know that the problem is NOT on my end and that the cable modem will come up within a few hours to a day or two at the most, but it's not my fault if they can't figure out what is wrong with their Cisco 7200UBR routers or their headend equipment. Hell, I even offered to create a case with Cisco for them under my contract, but the people you get on the line are basically entry-level phone people and really don't know their ass from a hole in the ground and apparently are so stupid that they can't even transfer you to a level 2 or level 3 person. Believe me, the most frustrating thing is being an experienced network management specialist and having to deal with idiot ISP support people who simply read off a check list and schedule for an on-site visit if that doesn't work (i.e., no real analysis of what is going on)...

Wow.

[mindstrm]

Before anyone whines too much about their poor speed limits.

I live in Costa Rica.

I have a cable modem.

I have a 128/32 connection. IT costs me about $80/month.
The ISP uses NAT.
At that, it's bad NAT.. I can't even do pptp over it.

And I'm happy to have it.

Sure, I could (and probably would) hack my com21 modem if I find a way, to try it... but only because I don't forsee any reprecussions. I doubt they would notice.

But really. Is hacking your cable modem legit?
Well..
a) If you own it and
b) The speed caps are not in your service contract.. then *maybe* there is some grey area in there for you.
In general though.. be glad they simply cut you off and not prosecute you for theft of service.

Re:Fun? Yes. Legal? Questionable

[Sycraft-fu]

Well while this may not be wrong, it is certianly grounds for the cable company to cancel your account on. It's their service, they get to set the rules, prices, and so on. If you don't like it, don't use it. You don't have the right to abuse a service offered to you by someone. If you do they can and will terminate your service.

The thing that many people seem to forget is that bandwidth costs money. This is why higher bandwidth lines are more expensive.

FWIW, I investigated this a while back

[CTachyon]

A friend of mine came across a site describing how to uncap SURFboard modems. Being the inquisitive hacker-in-training that I am, I read through their instructions, theorized what was ACTUALLY happening (as opposed to what they SAID was happening), then launched Ethereal and confirmed it. I've made some further discoveries since, but I've since rebooted my modem (which wipes the uncap) because I have an ISP that gives very fair caps (we have a business connection, ~$80/mon, roughly 8Mbit down and 570Kbit up). Here are my discoveries:

• The SURFboard cable modem series downloads its parameters from the ISP via TFTP during the boot sequence, grabbing a fresh copy each time it reboots, and rebooting each time it loses sync beyond hope of recovery.
• The configuration file is stored in ASN.1 BER format, which is very nasty so I won't discuss it further.
• The modem publishes lots of critical information via the SNMP "public" community string, including the TFTP server address.
• The flaw is that, during the modem boot, the modem downloads a TFTP config file from the IP address named in *its* DHCP ACK packet (the DHCP transaction that gives the modem an IP on the ISP's private network, which users should ideally never see). When it sends the TFTP request, it sends it to both sides (ISP and client), and accepts the first response that it gets.
• Later revisions have a slight fix; however, the Ethernet interface is still up and running in promiscuous mode, so rapidly pinging the modem as it boots will lodge your MAC address in the modem's ARP cache, making your computer receive the TFTP request as before.
• With proper filters in place in the ISP network, clients would never be permitted to access internal ISP resources like the TFTP server. With no known-good bootfile for your ISP, uncapping is much trickier.
• The same SNMP interface also publishes the upstream and downstream caps, allowing the ISP to trivially scan for modems with settings that don't match the ISP's own bootfiles.

Summary: Genuine, but not worth the risk.

My concern was there was no option to *limit*

[Convergence]

What is the technique to limit the number of connections per IP? I looked for a couple of hours finding no appropriate configuration directive.

I was requesting, as a *FEATURE*, some configuration directive allowing me to set such a limit. Maybe its been added since; this was a couple of years ago.

Re:My concern was there was no option to *limit*

[Koos]

What is the technique to limit the number of connections per IP? I looked for a couple of hours finding no appropriate configuration directive.

By default Apache has no options to limit this. When a webserver I deal with was visited by very antisocial 'download managers' taking 70(!) of Apaches server processes I searched for a module to fix this and found mod_limitipconn.c which fixes this problem. The outgoing traffic of the webserver more then doubled because the server processes were available again to more visitors.

clue stick for you, joker.

[twitter]

...sooner or later they are only going to have paying customers that follow the rules, or aren't heavy enough users to worry about. And then what will they do, besides make money.

Ha, ha, big laugh. Some dumb-ass at the cable company might really think that.

Capping is a relativly new, evil and stupid practice, rivaled only by port blocking. People who want cable modems are the kind of people who want to share their files. The cable companies are going to find that selling cable to EVERYONE is tougher than putting up a few stupid billboards and obnoxious, "if you were using cable this page would be downloaded by now" webpages. If they wanted to stop abusers such as spammers and loosers running warez sites, they could. Instead, they are greedy and lazy. They think that they can stop all the abuse by capping upload rates and make even more money by charging people for "services", like web space on some crappy M$ machine at the central office. BZZZZT! WRONG! They are going to piss off a larger proportion of their customer base then they realize. The endgame is that everyone will jump to the first viable alternative and leave the entertainment pimps in the dust. Sooner or later, they are going to go bankrupt like Excite! did when they started pulling this shit.

need mirror of www.iscentral.org/~tcniso/

[ubiquitin]

Looks like the site has been taken offline around 11:00PM CST same day that this was posted and google cache hadn't kicked in yet apparently. Can anyone who visited the site post the pages their browser cached somewhere? Please mod up so all can read this request for mirror. Thx.

Re:OT: Toshiba PCX1100U

[ImaLamer]

No. I was buddy.

That was the whole point of this thread.

Both machines got 40K up and 250K down.

Re:Property vs Service

[Gordonjcp]

Actually, in another post I asked if cable modems could be used as a point-to-point link. It turns out that they can't, because they use a different modulation system for transmitting than for receiving. This allows the relatively small "transmitter" in the CM get a decent signal up the wire to the head-end, but at a lower data rate. You can screw symmetric bandwidth out of a normal CM, but in practice it's not a good idea.

I doubt that cable modem service providers deliberately limit bandwidth to limit P2P file sharing. If they wanted to do that, they'd block port 6346, as you say. I don't see how this restricts you from transferring files to a remote server though. You could use FTP, or better still SCP to copy it. I can mount NFS shares on my machines at work on my home machine through my CM, and copy files backwards and forwards quite happily.

On the other hand, the upstream bandwidth has to be paid for somehow. If you buy a fat pipe that costs £500 per week to run, giving 2M, then you resell that to customers at 512k each, you can work out their usage and see how many people you can have on that one pipe and still get a good average. Say, for example, 10 people. You need to get £50 per week per person. If one person cracks their config file and pulls the whole 2M all at once, your other customers will get poor service, which they won't pay for. The one guy getting 2M is only paying 1/10 of the cost of the line, so you're paying for the rest.