Slashdot Mirror
Security Focus on Cable Modem Uncapping
Anonymous Coward writes "Cable modem uncapping allows broadband customers to boost their bandwidth to 6 or 7 times what they're paying for, by spoofing their modem's TFTP client into downloading a hacked DOCSIS configuration file. Kevin Poulsen at SecurityFocus reports that a new underground program called OneStep makes the process easy and fun for the whole family. Broadband companies are cutting off the uncappers that they catch, but things could get out of control soon."
Just because technology allows you to do something, does not mean that it is also legal.
I have been pwned because my
and they will be totally suprised when their cable company cuts them off at their knees:
r oo t=attbi~mode=flat
http://www.dslreports.com/forum/remark,3155491~
-zAmboni
Team Ars Technica Lamb Chop
it's capped at 15k or something, while I'm paying for 128 uploads
15k is exactly what you are paying for. The speeds that describe your line are in kbit/s, and 128kbit/s turns out to be 16kByte/s.
m
Give me something that I can actually use like...
A program that will cap my CS ping at 10ms.
A program that gets rid of my horrible packet loss.
A program that gives me reliable service without downtime every other day.
A program that will uncap my 1GB/mo limit on usenet download
A program that gives me customer service who knows what they are talking about.
A program that gets rid of my horrible Comcast service and gets my old (more reliable, lower priced, higher bandwidth, more featured) Mediaone service.
-zAmboni
Team Ars Technica Lamb Chop
A friend of mine, who also uncapped his modem but for a longer period received a letter from the cable company saying "Someone in your household has illegally attempt to modify one of the devices supplied by Telewest. Please desist or your service will be permanently withdrawn" or something like that.
My cable connection ocassionally gets uncapped for random periods, and I don't notice until I start downloading something (e.g. larger driver file) and get 300kbyte/sec.
If more information was available for customers to see how much bandwidth cost the ISP, then perhaps our expectations could be realistically scaled. Is having an uncapped 3 hour period between 2am and 5am feasible? I could simply schedule large downloads for that period. At present, I may as well just download at peak times, which probably is more irritating to the ISP receiving calls about slow web pages, or somesuch.
Here's another example: you may own your telephone handset, AND it may even be legal to modify it for the purpose of phone phreaking (maybe...DMCA?), but once you plug it into a live phone jack, you've surely committed a crime.
Summary: It's not about how you handle your equipment, it's where you have permission to stick it.
Slashdot: rejecting tech news in favor of rubber band guns since 1997.
Download speeds aren't the problem.
I think we all assume that the download is maxed or we don't care.
It's the limited upload speeds that people want to get around. Now I know that the uploads are sometimes limited to reduce 'network collisions'... but low upload speeds are screwing real users.
You don't need to be hosting pr0n or warez. What if you want to put up a password protected mp3 server so you can listen at work, etc.
Remote desktops in XP - X11/VNC for linux users... there are real reasons.
Browse over to freshmeat and check out all the cool ass servers.
Get your Unix fortune now!
The Motorola scheme is based on a bad implementation that should never have passed certification in the first place. Read Cable-Modems.Org for some slightly more in-depth/serious information.
Actually, I like this. It gives the abusers enough rope to hang themselves, and they evidently ARE catching them.
This means you get to easily identify, then remove, the buggers who are screwing your bandwidth distribution and forcing you to spend tons in extra capacity. A minor short-term risk for long-term gain.
I have to say I also don't mind that some warez d00d may just finally learn that yes, there are consequences to your actions, even on the Internet.
People have done much more amazing hacks than that on DVD players, such as the Apex AD600A, despite the use of a non-standard microprocessor. Hacking the firmware of a cable modem should be quite simple by comparison.
That's the sort of reverse-engineering I used to do quite often, but now I get little opportunity due to the DMCA. It doesn't seem like service provider or cable modem vendor can use the DMCA to ban reverse-engineering of the cable modem, since the features in question aren't involved in copy protection. But the trend seems to be to sue first and try to justify it later.
Eric
[*] Better in the sense of being less detectable. I'm not suggesting that doing this is legal or ethical.
And just because something is illegal, doesn't mean it's wrong...
Americans, in particular, seem to have trouble with that one. Brainwashed, the lot of 'em...
You can't successfully legislate morality!
Don't forget video conferencing. Being capped at 15KB/s limits you to some pretty ugly video quality. I want to use my cable modem to do video conferencing with family and friends around the country. Right now it is one step away from intolerable and usually not worth the effort.
When information is power, privacy is freedom.
This would also encourage off peak usage. It'd be far better to squeeze out that 2 gig download quickly when it has no real impact on others versus taking hours due to a cap during peak.
I'm guessing you just can't reprovision the cable boxes that quickly and dynamically everywhere, but damn, it makes sense and I still don't understand why caps aren't implemented using some QOS type service at the head-end anyway...
First: No. Same goes for the Euromodem Cable standard which is also ATM based.
Second: It should not work on properly designed DOCSIS Cable Modems either. A cable modem should not accept tftp uploads and config from anywhere but its cable interface which is not available to the casual hacker.
Third: It will not work on properly configured newer DOCSIS 1.1 and later networks either.
Here is why:
First: In DSL the speed is largely controlled by the DSLAM. Some modems do some minimal QoS and capping but it is hardly ever used. No need to.
Second: design fault. Typical of telco manufacturing. No comment needed. Can be fixed by a single software upload which the provider can trigger on any software upgradeable modem. As a result it will no longer be possible to uncap it.
Third: You can hog bandwidth in an unlimited fashion only on a DOCSIS 1.0 and incorrectly configured newer networks. DOCSIS 1.1 introduced the concept of a transmit map. The cable modem termination system tells you when you can transmit and when you cannot (it can also slice bandwidth exactly on per consumer/application basis). As a result a properly configured 1.1 or newer network should have no need for CPE capping. Of course, US has a boatload of non-docsis proprietary networks so dunno about these.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Ok after sniffing around IRC (including the said hackers channel) and various boards this secret "underground" program the securityfocus guy quotes doesn't exist , its vapourware.
what does exist is a kludge of tftp servers,query utils and glorified DOCSIS editors that with 20minutes and a *lot* of messing about you can change your config settings and then only until the ISP check your modem (automated) via SNMP , deny this and your cut off, accept it and it will detect your hacked config and cut you off...permanently
so you are screwed either way.
not to mention that most of the cable modem companies are using MD5 hashes to validate the config files integrity (MIC (Message Integrity Check)), other than a severe hardware hack your not going to crack much with this verification.
i came accross tco-iso's website quite a while ago and after a few visits over the months it seemed to of ground to a halt when they realised that MD5 was involved, they even mentioned the possibility of brute forcing the hash which raised a smile from a few of us.
They point to their IRC channel for files but the *only* files that exist are just mirrors of the files their site links to, no "onestep" or 30mb files and certainly nothing special in the files (other than someone knows how to use a hexeditor on PD software)
some people dont understand how uncapping really works but i think speedguide's article seems to sum it up nicely.
I tried it 6 month ago (when my provider switched to DOCSIS), with great success.
Nethertheless I don't do it anymore : capped cable is better than no cable at all...
The SURFboard modems check both sides. The Nortel CM200's and RCA 105's up to the 235's (with USB, yay) also hit the ethernet if they cannot reach a CMTS across the cable.
Interestingly, The CM100 (BayNetworks by Nortel) does not make that mistake.
Doesn't work that way. Consider this: The government provide the roads. I pay the government to provide roads, and they keep up their end of the bargain by giving me nice, long, straight motorways to drive on. However, the conditions of use, as it were, state that there's a maximum speed limit of 70mph on the motorway.
Now, the government doesn't supply the car. I went out and bought the car. I have a Citroen, you may have a Ford, or a Vauxhall, or whatever you like. They're all *capable* of going faster than 70mph, but if I get caught doing that, I get a speeding fine, and points on my licence. I can't argue that "I bought the car, I paid for it, so I'll use it any way I want".
See, they're going about this all wrong. What they really should do is develop a way to uncap your neighbors' cable modems. Then, they'll get tossed off the network and you can have it all to yourself.
Free Mac Mini
Just because they didn't realize I was going to steal from them shouldn't allow them to stop letting me steal from them.
When I signed up for service, I knew this hack was available. That means when I signed up for service, I had every reason to believe that I would get unlimited bandwidth forever.
When will these companies get it. They are going to piss so many thieves off that sooner or later they are only going to have paying customers that follow the rules, or aren't heavy enough users to worry about. And then what will they do, besides make money. I mean what good is a network that isn't crawling on its knees from all the MP3 and warez sites. Some people just don't get it.
Someone buy these guys a ticket, so they can hop on the clue train.
Someone violates his TOS by uncapping his modem for the purpose of abusing his connection, gets caught in short order, and is banned from every abusing that internet provider again. I fail to see the problem here. The REASON these modems are capped in the first place are because of these very abusers. Granted, AT&T as well as other cable providers probably don't want to lose a bunch of customers, but the heavy warez/movie trading crowd they would happily do without as they tend to overuse their bandwidth allocation regardless, as well as creating potential legal liabilities.
This gives them an easy out. If they're able to detect an uncapped cable modem in a matter of hours after its been uncapped, then this is a great way to relieve yourself of a bunch of unwanted customers. And they don't even have to monitor bandwidth content. Just have to check the speed going over the physical maximum.
This should also be a wakeup call for parents who "share" their internet connection with their kids. Better let your children be aware that if ever they do something this foolish there will be serious hell to pay. PAY ATTENTION to what your children are doing. You don't know?? Then don't let them have internet access. When they turn 18, let them get their own account, and they can use or abuse it as they see fit.
Or if you REALLY need that extra bandwidth, pay for an account that provides for it. MOST companies, even cable providers have accounts that provide greater upstream bandwidth, but they don't cost $49, and they're rarely parts of a promotional deal.
-Restil
Play with my webcams and lights here