Cable Modem Hackers Release Improved Firmware

FatCat writes "SecurityFocus has a story about a group of hardware and software hobbyists specializing in embeddded systems who've released their own custom firmware for Motorola Surfboard cable modems. The firmware lets you log in to an interactive VxWorks shell, or issue commands from a Web browser through an http interface. You load it by tapping an undocumented console serial port on the circuit board. So far, uncappers are apparently the primary consumers, and they're downloading up to 400 copies a day."

Loss of service

[mpost4]

I would think that doing this could put one in dangar of lossing their service. I this more then likely is a violation of the TOS of most cable ISP's and when you violate a contract( TOS's are contracts of a form ) you void it, so then the cable company is not obligated to server you any more. Is the promise of high speed you don't pay for (theft) worth the lose of service, and posable legal action?

Re:Loss of service

The thing is, companies like Cox Cable or Comcast advertise their services as "Unlimited Access to the Internet" and make no mention of bandwidth caps in their TOS's.

Re:Loss of service

[BeemanH2O]

Not only is it a violation of the TOS on most cable ISP's, it's a violation of FCC law. So think again if you're wanting to hack or uncap your cable modem.

Re:Loss of service

[MCZapf]

Your statement is false. Comcast, for one, is now advertisting its new faster service capped at 3Mb/sec instead of 1.5Mb/sec. Maybe in the past they didn't mention the caps, but they do now.

Re:Loss of service

[cayenne8]

This is new to me...I just joined Cox cable high speed. They can control the modem "I" bought? I didn't take the one they wanted to give...it would have cost me twice as much for them to provide the same motorala modem I got.

So, if I get this correctly, they can still get in and control this modem? But, if it is MY purchased hardware, what can they say about me wanting to hack into it and learn how it works?

Re:Loss of service

[garcia]

I worked for ATTBI before they were swallowed up by Comcast. I still have an ATTBI hostname...

When the first round of "cable modem uncapping" documents started floating around to the masses I found plenty of open tickets that had been forwarded to the "legal department" for possible action. Most people had uncapped their modems to 10mbit/10mbit.

Apparently they had a script that ran that checked for this as they had quite a few open tickets all over the place. I guess it was not hard to find.

They would disable your modem, forcing you to power-cycle it. Then your modem would download a new, correct, config file. If they found that you were AGAIN in violation you were terminated.

Some people did not lose their service but most did.

Re:Loss of service

Your modem but their service. If they don't like how you are using it then they can just cut you off (especially if it is in the TOS).

Re:Loss of service

[wampus]

One of the first things your modem does when it comes up is hit their TFTP server for a config file.
See here.

Re:Loss of service

[Delf]

It's pretty straightforward. In exchange for being allowed to attach to their network, you agreed to use only certain (i.e. unmodified) equipment, and to allow them to access that equipment in order to ensure that it operates properly on their network (i.e. within the parameters they've decided to enforce.) It's not anything like trespassing on their part -- you gave them permission to do it when you signed up for the service.

Aside to Michael and FatCat: It's spelled "hobbyist".

Re:Loss of service

[BeemanH2O]

Here's a comparison for you, you buy your TV and say that you get cable or sat tv, you get the subscription level that you pay for. You can't legally deem that your payment is suddenly worth a few extra channels and hack the cable/sat network. It's still theft and against the law. The same logic applies to cable modems. Sure, you may own the modem, but you don't get to control how fast it can go unless you give the cable co. some more money for the next tier of service.

Re:Loss of service

[WhatAmIDoingHere]

Check your contract again. You didn't purchase the modem, you're leasing it. When your service is terminated you will be asked to return the modem. If you fail to do so, you will be charged a largish sum of cash-monies. They can tell you not to mess with THEIR hardware.

Re:Loss of service

[boobsea]

You can't legally deem that your payment is suddenly worth a few extra channels and hack the cable/sat network. It's still theft and against the law. The same logic applies to cable modems.

Your analogy is seriously flawed. Sattelite and cable signals are already coming into your house. You're not taking something that you're not paying for - the signals are already in your house.

Whereas uncapping your cable modem is theft - you are actually taking something that normally wouldn't be getting from the cable company in any circumstance

Re:Loss of service

[cayenne8]

Nope...I bought my modem from amazon.com...had it waiting when the installers came to my house. If I'd let them install the modem they brought, would have cost $122. I got mine from amazon for like less than $60 I think.

Re:Loss of service

[JCMay]

You posted a link that points at 192.168.100.1? Are you trolling, or just inept?

Re:Loss of service

[drcobb]

modding the modem isn't what would be illegal, uncapping your modem would be however. There are a lot of 'good' uses for this, say I want to run MRTG to collect trafic statistics? Or what if I am checking for my neighbor to see if his arp entry is still there? While this will _PROBOBALY_ be used for the wrong reasons by l33t d00ds in most cases, some kid out there is getting a boner over the fact that he can telnet into vxWorks and play with it on his OWN CABLE MODEM! If the modem is owned by the cable company however this is probably illegal, or un-ethical at best.

Re:Loss of service

[cayenne8]

Here's their business Acceptable Use Policy. I don't see anywhere in here where it says anything about modifying hardware. I mentions bandwith usage in very vague terms....and nothing I signed mentions the specific speeds. I was told verbally on the phone that the acct. could get up to 3Mbps/256Kbps...but, nothing is mentioned specifically about limitations or expectations that I can see...

Not really planning on doing this..just playing devils advocate...

Re:Loss of service

[Muad'Dave]

If they found that you were AGAIN in violation you were terminated.

Your service was terminated, right? I've heard of "substantial penalties" for breach of contract, but termination? Jeez!

Re:Loss of service

[revmoo]

You posted a link that points at 192.168.100.1? Are you trolling, or just inept?

Most cable modems run a simple webserver which can be accessed by going to that link, he was neither trolling nor inept, you on the other hand... :p

Re:Loss of service

[wampus]

Did you click it?

18...19...20

Re:Loss of service

[l1gunman]

Your analogy is seriously flawed. Sattelite and cable signals are already coming into your house. You're not taking something that you're not paying for - the signals are already in your house.

This must be one of the most tired, and specious, arguments of all time. Though the signals may, indeed, be "in your house", those that you are clearly not paying for are protected, in some way, to inhibit you from accessing them if not authorized. You breaking open that protection to access whatever you want, to use your words, "is theft". It is that plain, it is that simple.

Here's another analogy like yours: Since you live in your parent's basement still, you must get your mail at their house, right? Every day your Mom picks up the mail that drops through the slot on the front door. Since they're "in her house" she can open whatever ones she wants, including yours, right? Bzzzzt. Wrong answer, thanks for playing. That letter that was addressed to you, though clearly "in her house" is not legally hers to open. Nor are those "extra" signals from the Spice channel that you're not paying for but want so desperately to see.

Re:Loss of service

[mr.+methane]

errr... No.

You really might want to find out what even a low-budget criminal defense attorney charges before you decide this is a great way to save money.

Re:Loss of service

my cable co. charges $5 a month to rent their cable modem or lets you buy one that they recommend (the motorola SURFboard).

I got mine for $10 (after rebates). Best Buy/Circuit City sell them for $20 (after rebate) with service for 4 or 5 different cable cos.

Re:Loss of service

[wo1verin3]

I think people forget about the problems that can happen when you uncap.

Re:Loss of service

[DAldredge]

A quite a few Cox/Cox-Internet.Com (MAX speed of 1024/128) modems have that turned off.

Re:Loss of service

[GPLDAN]

The Spice must flow!!

Sorry... couldn't resist.

Re:Loss of service

[The+Vulture]

Not only that, these people are in danger of getting cable access cut off to everybody in the world using Motorola SurfBoard modems.

The article states DOCSIS 1.1 cable modems are immune, but that's a pipe dream. Cable modems that are prepared for DOCSIS 1.1 (which many 1.0 modems are) are signed by an X.509 key, that is controlled by the central DOCSIS repository at CableLabs. If CableLabs hears about this (and no doubt they will, they talk with cable operators on a regular basis), this could trigger them to revoke Motorola's X.509 key, and if the cable operators follow the revocation lists, then no Motorola modem with that X.509 key will work. (Note: This is all public knowledge, CableLabs makes their specifications freely available to everybody, if you know where to look).

But, the key is that it's up to the operators to make sure that they're using code signing processes properly. And a lot of these DOCSIS 1.0 modems are actually DOCSIS 1.1 capable. Getting around the signing process is fairly trivial, since these guys already know how to hack around the serial port. Once you have serial port access, especially with vxWorks, there's a lot of things you can do (which can override the signing processes in place). Worst case, you desolder the flash chip, solder in a socket, and reprogram the chip with a flash programmer.

I could see Motorola giving these people some major grief.

-- Joe

Re:Loss of service

[Darth23]

You forgot the part about how they can change the terms of the agreement with no prior notice. That seems to be in just about any agreement people have to sign these days.

Kind of one sided, imo.

Re:Loss of service

FCC makes laws?
Hell, I must have missed the last elections.

Re:Loss of service

[alphaseven]

That actually sounds reasonable. At least they're not wasting taxpayers money and government resources by calling in the FBI on every uncapper.

Re:Loss of service

[Delf]

I'm only pointing out that who owns the hardware, and whether it's been modified, is incidental. The potential problem would be if the modification was used to violate the terms of service by e.g. removing bandwidth caps put in place by the provider. They can't tell you what to do with your hardware, but they can set requirements on what hardware may be connected to their service.

About that AUP you linked:

The Customer must comply with the then current bandwidth, data storage and other
limitations on the Services.

That "current...other limitations" vagueness in their policy is what I'm thinking of. It means "we can change our rules whenever we feel we need to address some new situation." Like, for instance, wider availability of hacked cable modems. Have you got the current list of limitations, and will you know if it changes?

I'm not a lawyer, and this is, as you say, just an intellectual exercise, but experience has shown that when dealing with any ISP, their real Acceptable Use Policy boils down to this: "Use it the way we want you to, or we'll boot you. And just because it was OK yesterday doesn't mean it will be OK tomorrow." So where your original post asked, "how can they cut me off for modifying hardware that I own," I'm just pointing out that they have the right to limit access to their network, regardless of who owns the hardware.

Re:Loss of service

[Darby]

I would think that doing this could put one in dangar of lossing their service.

It's much worse than that in fact.
The last time there was an article on /. about a similar hack, the follow up was when the FBI busted in a bunch of doors, confiscated the computers and arrested the people who were uncapping their modems.

Re:Loss of service

[cayenne8]

I can find no published limitations for this account...neither on forms I signed nor on their sites.

Re:Loss of service

Most Cable providers do not have a "next tier of service"

Thanks for playing. Goodbye.

Re:Loss of service

[devilspgd]

Motorola Surfboard modems aren't based on DOCSIS, so none of this applies, does it?

Re:Loss of service

wow nice I didnt know about that webserver on my cable modem:)

Re:Loss of service

It is not theft.

The signal is being beamed into my house. How am I stealing something that is already there?

Since they're "in her house" she can open whatever ones she wants, including yours, right? Bzzzzt. Wrong answer, thanks for playing.

Bzzzt up your ass, Alex Trebek.

Mail cannot be analogized to Sat TV service (I'm not talking about going outside and illegaly hooking up to the cable box).

Each piece of mail was intended for a particular recipient. Sattelite TV signals are sent to every house that is within view of the sattelite.

So if you don't want me opening your "private" mail (scrambled TV signals), then don't "address" it to me by having it delivered to my house.

Re:Loss of service

[l1gunman]

Dear, poor, misinformed AC,

The satellite signal "beamed" into your house is very much analogous to your Mom opening your mail. If you haven't paid for the premium channels, then those channels are clearly not "addressed" to you. In fact, there is a security 'wrapper' to prevent/inhibit you from opening it. It is clearly theft if you manage to open them up and view them when you KNOW you did not pay and are therefore NOT authorized so to do.

Last time I checked, it was not possible for a satellite service provider to "beam" their contents to only those specific subscribers that paid for them. The way they get around this is authentication and/or cryptography (weak as it sometimes is).

Grow up and stop thinking that because something is lying around it's yours for the taking.

Sincerely,
Alex Trebek

Re:Loss of service

The person who replied may not have clicked it, but I did. That's neat. Thanks!

Re:Loss of service

[The+Vulture]

The TCNISO website mentions three Motorola Surfboard modems that this works with, the SB3100, the SB4100 and the SB4200. I guaran-damn-tee that these modems are all DOCSIS certified (Motorola advertises them as such, and cannot do so without CableLabs' permission, or else they could face some legal issues). The SB3100 is DOCSIS 1.0 certified (upgradable to 1.1), and the SB4100 and SB4200 are DOCSIS 1.0 and 1.1 certified. (I also verified their certification status with my contacts.) Certified DOCSIS modems have a green sticker on them with the letters "CL", and state "CableLabs Certified" (or use this in their marketing literature, or on the box).

A mistake that I made in the previous post - if the revocation takes effect, it will only pose a problem on operators running BPI+ (which they should do with DOCSIS 1.1). An operator running BPI (if I recall correctly, I may be wrong, I don't know the DOCSIS spec by heart) can't use the revocation list, since BPI only uses public/private key pairs, not exact X.509 certificates (note that operators can ban modems based on other methods than certificates, like MAC address). Nonetheless, if Motorola used the same CA to generate certificates for all their modems (a good possibility), a revocation of that CA means that all modems signed with that CA are useless in a BPI+ environment.

Most operators are still running DOCSIS 1.0, with or without BPI (note the "no comment" from many cable operators in the article), but many of them are planning to switch to DOCSIS 1.1 with BPI+ in order to take advantage of the extra functionality and security.

Disclaimer: Again, all of what I have stated is basically publically available knowledge.

-- Joe

Re:Loss of service

[Frank+T.+Lofaro+Jr.]

Just wait for the US Gov't to add a death penalty clause to the No Electronic Theft Act.

Re:Loss of service

[sillyfreak]

Wrong. Most home networking router/proxy/gateway devices have a web server running on them. Cable modems operate at Layer 2 of the OSI model. Specifically, they are bridge devices because the connect two unlike Layer 2 protocols (DOCSIS to Ethernet). Web servers are way up at Layer 7 (Application). There are no web servers on cable modems.

Re:Loss of service

[ViVeLaMe]

there often is a web server on cablemodems.

Re:Loss of service

The satellite signal "beamed" into your house is very much analogous to your Mom opening your mail.

No its not. The mail is specifically sent to a particular house and intended for a particular person. The sattelite beam is sent "To Everyone" (mail is only sent to one person. your analogy would require that mail addressd to one person to be sent to everyone). Would you send a package to someone you didn't want to open? I thought not.

In fact, there is a security 'wrapper' to prevent/inhibit you from opening it

Don't send packages to my house that you don't want opened. I'm the only one living here, so its a moot point.

It is clearly theft if you manage to open them up and view them when you KNOW you did not pay and are therefore NOT authorized so to do.

How do you steal something that is sent to directly to my house?

If you don't want me opening your signal then don't send it to my house.

Last time I checked, it was not possible for a satellite service provider to "beam" their contents to only those specific subscribers that paid for them. The way they get around this is authentication and/or cryptography (weak as it sometimes is).

Then tough cookies! I will do damn well what I please with the stuff you freely send me! Go ahead and try to stop me!

Grow up and stop thinking that because something is lying around it's yours for the taking.

Then quit leaving your junk inside my house.

Re:Loss of service

[zeno_2]

There are no web servers on cable modems.

So your saying that there are no web servers on cable modems? Although you are correct that web servers and cable modems operate on different levels of the OSI layer, that doesn't mean that they can't put 2 devices in one box.

Re:Loss of service

[Vancorps]

Sorry, but however flawed the originally analogy is yours is even more so since you confuse the word theft.

theft

\Theft\, n. [OE. thefte, AS. [thorn]i['e]f[eth]e, [thorn][=y]f[eth]e, [thorn]e['o]f[eth]e. See Thief.] 1. (Law) The act of stealing; specifically, the felonious taking and removing of personal property, with an intent to deprive the rightful owner of the same; larceny.

Note: To constitute theft there must be a taking without the owner's consent, and it must be unlawful or felonious; every part of the property stolen must be removed, however slightly, from its former position; and it must be, at least momentarily, in the complete possession of the thief. See Larceny, and the Note under Robbery.

http://dictionary.reference.com/search?q=theft

When you decode their signals they do lose nothing despite your belief that somehow they don't. When they prevent others from receiving the signal then you can make the argument, but this never happens.

I agree its wrong but its important to remember they treat their customers like criminals. I'll refer you to Direct TV and how they fried a bunch of legitimate users cards and forced them into the HU cards. They did that to make it "harder" for people to tap their system but instead they only harmed the people that abide the laws. So what possible reason would someone have to follow a law that provides no protection for themself?

Such laws need to be changed, yes they deserve the right to be compensated for building such a vast and very reliable network which is one reason I still subscribe. Cable goes out a least twice a week here and satellite will only fade when wind blows the dish over.

The last point, try to refrain from making sweeping statements that those who are curious about the system and hack it are just looking for pron, you give them far too little credit considering the amount of effort it takes. Might also mention if I am living in my mom's basement she can open my mail. The law only prevents non-residents from opening the mail while its in transit.

Re:Loss of service

[unitron]

The FCC is empowered, within certain parameters, to issue rulings which have the force of law.

Re:Loss of service

[budgenator]

It might help to think stealing a service rather than theft of a physical property.

So far...

[randomErr]

So far, uncappers are apparently the primary consumers, and they're downloading up to 400 copies a day.

That was until /. posted the link. Now something like 30,000 downloaded will be registered today.

Re:So far...

[SQLz]

Bah, who cares. Let the lemmings get their service canceled. More bandwidth for me!

Re:So far...

[thedillybar]

More bandwidth for me!

Actually, it's probably not more bandwidth for you, because it sounds like yours is capped!

Make that 40,000 now

Thanks to Slashdot, I'm sure it'll be 40,000 sometime today, that is unless Google changes their graphic to some sore of cable modem and beats Slashdot to the punch.

confused

[fjordboy]

I've always wondered why people go to so much trouble to uncap their cable modems and stuff. I used dialup for years and NEVER had to worry about messing with my modem to uncap it. My connection was burstable and had absolutely no cap!

Re:confused

[randomErr]

So that they could run that pr0n video server of Janet's boob?

Re:confused

[Pyro226]

I used dialup for years and NEVER had to worry about messing with my modem to uncap it. My connection was burstable and had absolutely no cap!

This is not actually true; "56k" modems are actually capped at 53k due to FCC regulations. I looked quickly on google and I couldn't figure out why they are capped and it doesn't really matter because almost no-one has a high enough quality phone line to get this rate. But there could be some dial-up hackers out there trying to get an illegal 3k.

Re:confused

[vpscolo]

I remeber the day of 14.4K and we were happy. It took forever to download things and when we finally got that low res porn we wondered why we had bothered

Rus

Re:confused

Jeez, if you're going to run a porn server, can't you at least find boobs that are not scary?

Re:confused

[IWorkForMorons]

...when we finally got that low res porn we wondered why we had bothered...

I think I speak for many of us when I say I've never wondered why I've downloaded porn.

Re:confused

[aonaran]

It's because the higher voltage required to push it to 56k would cause enough crosstalk to interfere with neighboring voice lines which is what the telephone system is supposed to be used for.

Re:confused

[kristan]

14.4kbps? Paah! I remember running my own BBS (on a C64 no less) with a 300 baud modem. You were _extra_ cool if, like me, you had hacked it to 450 baud. 1200 baud was a luxury mere teenagers like myself could not afford.

Re:confused

[Fuyu]

According to this reply on NANOG, "What the FCC limits is the power (db) level you can place on the line in the PSTN. This is to limit crosstalk in copper cable bundles. This power limitation does not equal a speed limitation. This seems to have arisen from the fact that the first PCM modems - USR X2 units - could not go faster than 53.3K without violating the FCC power limitations. All other things being equal, the more power you can use, the faster you can go. To cover their ass USR put the disclaimer on the boxes talking about how X2 was capable of 56K, but limited to 53.3K due to the FCC blah, blah. Many people read this as the FCC having some cap on allowed speed since they didn't explain that the trouble was with X2's inability to go faster in
the allowed power band."

Re:confused

[DrinkDr.Pepper]

I think that is wrong. Modems are capable of running at 56k at their current voltage. The extra 3k I believe is reserved for error correction.

Re:confused

[operagost]

Unless it's goatse.cx.

Re:confused

[JaxGator75]

Oh, the sheer joy of unplugging that 300 baud and screwing in that brand-new Hayes 1200 with the pretty red lights on the front. . . I can still hear the ear-piercing screech muffled by whatever was on-hand to keep from waking up my parents...

On the bright side, we don't have to beg for "Adult" and "Pirate" access anymore. The days of the tyranical Sysop are DONE!!!

Re:confused

Hey! You had a VIC Modem too!

Re:confused

[aonaran]

Well, I've heard it over and over, here's just one reference, make what you want of it.

http://www.56k.com/cons/53k.shtml

Re:confused

Um, NO.
The FCC clasifaction for 56K is for ISDN only in northamerica, thus your 56K modem is rate limited at the CO to 48K.
The FCC and CRTC limited 56K dial up to 48K as a result of the conflict between that and 56K ISDN B-channel clasifaction. Read a book or better yet, get the EIA-TIA standard.

Re:confused

[proj_2501]

or if you're into piercing, they already have special sites for that.

Re:confused

[walt-sjc]

Hey, it was FUN being a tyranical sysop! Frankly though, I had more fun hacking source code for the BBS, adding new features and such. What was really cool is getting into multi-tasking BBS's. There was nice software that ran under QNX on my old 8088 machine. I also enjoyed working on WWIV, Citadel, and a few others that were either in Pascal or C. I didn't much care for RBBS which was a pile of shit IMHO. I did play with boards for a while on an Apple ][ that was very hackable - 6 floppy drives!!! 143K each! Bend the little tabs inside the drives and get a few more K...

Re:confused

Wrong again. The phone lines have both a peak and average power limit. 56k does not violate the peak power limit but the average power limit. The reason this happens is that to reach 56k they need to use some of the outter symbols on the QAM constellation, raising the average. Right now lots of the outter constellation goes unused.

Re:confused

[digitalsushi]

Nah, the parent is right, the FCC does limit.

Re:confused

[Rich0]

I always loved advertising 53K modems as 56K modems, with the disclaimer that they could run at 56K if only the FCC would let them because of voltage concerns.

Well, those same modems could probably be configured to run at 200K if it weren't for some pesky telco/FCC frequency-range specs. And I'm sure if they ran 1000V over the phone line they could squeeze some extra bandwidth out as well.

The whole reason that modems are slow is because they are designed to squeeze as much information as possible over a tightly-constrained link. Advertising 56k as your maximum throughput is like advertising a modem that can get 5Gbps over a standard phone line over a distance of 10 miles, with the slight disclaimer that this speed is only capable if your telco uses fiber optic as their "standard" line.

If you remove all the constraints on the design you could make a modem which is capable of doing anything at all. However, if you want to be able to plug it into a standard phone line it has to deal with the FCC regs.

Re:confused

[grahamsz]

I used to dial up from 3 different addresses in the UK, one BT business, one BT home, and one telewest home and rarely had any trouble getting the full 56k. Sometimes i'd get 48 or 53 but mostly it was 56.

I'm sure it does depend on how far you go before your signal goes digital, but that's unlikely to ever be more than a few hundred feet in most civilised places.

My Opinion

[TheRealMindChild]

Ok, while I HATE the fact that my cable is capped, and now I have some invisible limit to my cable modem, there isn't a court in the land that will side with me, blatently breaking a few laws, and ignoring the TOS that was agreed to.

Im just going to sit back for a while and hope something good comes of this... maybe cable providers will find that fighting with these people isnt worth the hassle.

Re:My Opinion

[Pope]

You're free to pay full market rate for your connection, just get a fractional T1 or leased line: problem solved! :)

Re:My Opinion

[lukewarmfusion]

My Comcast (and my Sprint PCS) TOS states that the TOS is free to change at any time, without needing any notification, additional signature or approval from me, and is enforceable without my prior knowledge. They can add fees and still charge a cancellation fee if I get upset and leave.

Something ain't right about that.

Re:My Opinion

[smellystudent]

"Uncapping" a modem refers simply to removing a speed limit implemented in the modem. It cannot remove speed limits imposed upstream, or monthly download limits. In fact, you'll just speed towards those limits even quicker!

Re:My Opinion

[ooPo]

> Something ain't right about that.

The fact that you still do business with them?

Re:My Opinion

I get decent speed on my cable modem, and my isp doesn't have monthly download limits, so when I want to DL a really big file, I just start the DL in the morning before I go to work, and it's sitting complete in my DL folder when I get home at the end of the day.

Now I have a backlog of media to watch so big, I wonder when I'll have time to go through it all... maybe when I retire, or if I lose my job to some oversea person.

Re:My Opinion

[cayenne8]

I just signed with Cox for a business acct. I'm going to go back and read the fine print again, but, I didn't see anything in there saying you couldn't hack into the modem...nor anything about caps..etc. There was a vague acceptable use section, but, mostly related to downloading or host illegal things. Can someone quote or put links to where a company like Cox or the FCC says this 'uncapping' is illegal?

I'm new to this topic...and curious...

Re:My Opinion

[gowen]

Something ain't right about that

Well, if I were you, I'd blame the moron who forged your signature on that particularly unbalanced and unreasonable contract.

Re:My Opinion

[NoMercy]

No one reads them and everyone just goes on with it anyway, if people finally stoped, sat down, read the terms and conditions on things, and then refused to buy a product/service because of the terms and conditions we might see companies fix them to attract more customers. As it is, they don't because they can do anything they like legally and they loose no money in lost revinue, so it's all good for them.

Re:My Opinion

[SoTuA]

In Chile, clauses like that (clauses that modify the present contract in an unilateral and arbitrary way) are ilegal, but everybody puts them in. Only the ones who know the law (such as, geeks married to a hot lawyer chick like me :) know that we can send them to take a flying fuck at a rolling doughnut.

Re:My Opinion

[BiggerIsBetter]

That goes both ways right? If they get upset about uncapping, just say you changed the terms.

Re:My Opinion

[madcow_ucsb]

Is that really legal in the US either? Contracts say a lot of things, doesn't mean a judge will buy it. My cell phone contract has probably been changed to take my first born son if I leave, but I don't think that'd stand up...

I find it *really* hard to believe that any court would find someone to be bound by a change when there was no reasonable attempt to notify people of the updates. And I'm pretty sure they need to allow you to break the contract with no penalty if new terms are imposed that you disagree with.

That said, IANAL. Is there an American one hanging around who knows about this stuff?

Re:My Opinion

[Dolly_Llama]

Isn't it more likely that they would simply bill you for the cancellation fee, then send your account to a collections agency when you don't pay? How can you force them into suing you in small claims?

Re:My Opinion

The mention of trademark law is a pretty good indication it's a troll.

btw, I had an unpaid bill of $20 or so with Earthlink. I never recieved a bill from them, but they sent it to a collection agency. The collection agency didn't do anything more than call and leave messages on my answering machine.

Under $500 (give or take), it's probably not worth their time to deal with small claims court. If you're a deadbeat, you probably won't pay anyway. if you've got the money, you'll probably get sick of the daily phone calls and pay up.

Re:My Opinion

[squiggleslash]

Beware.

If cable companies find that they can't cap cable-modems and thus cannot use it to throttle bandwidth enough to ensure everyone has a reasonable level of service, they'll have to resort to something else.

For example, they might start putting traffic caps on instead of bandwidth caps. Traffic caps can be measured at the router, they do not have to be done at the cable-modem end. Once you start exceeding the cap, you'll get nice per-byte charges instead.

If cable providers find fighting with cable-uncappers isn't worth the effort, you'll probably find the consequences are worse than you think.

Re:My Opinion

I d/l flac/shn bootleg CDs at night. usually 1-4 days to download, 2 or at a time.

Half of them haven't been burned to CD. Only a quarter of them I've listened to. But tonight I'll be downloading more.

Re:My Opinion

[xstein]

While hoping not to stray too off-topic, I've had a small experience with Sprint PCS quite recently.

As an extremely dissatisfied Sprint PCS customer (service was terrible in my area) I was looking for any way to break free from my contract, which I was unable to do a number of months without paying a $150 cancellation fee.

Upon receiving a notice from Sprint PCS that they would start charging for the previously free-of-charge service that allowed you to check your airtime usage from your phone, I called them and asked that my contract be terminated immediately as these were not the terms I had agreed to at the time I signed the contract. They offered me a better deal in an attempt to convince me stay with their service, which I declined, and happily closed my accout.

I advised my friends who were also hoping to leave their Sprint PCS contracts to do the same when they started charging a "Number Portability Tax" (this too before it was implemented), and they encountered similar success.

IANAL, but it seems to me that should you wish to terminate your contract when they change the terms you have a very firm legal ground to stand on. Whether or not they can terminate the contract when they change the terms, however, is another story.

Re:My Opinion

[Cynikal]

so maybe if you read it very carefully you may be able to exploit that clause to show that you as well are allowed to change the terms of the agreement without notifying THEM and thus legally do whatever the fark you want with it :D

Re:My Opinion

[Egekrusher2K]

I work for an ISP. Every ISP has a limited amount of bandwidth that they pay for themselves, provided by a larger company. Now, we have about 6,000 users on this part of our network. We have an OC3 connection, which is capped at 52MB/s. If everyone on our network were to uncap, do you realized how detrimental that would be to us? NOONE would be able to get online. The users would just be screwing themselves.

Re:My Opinion

[thedillybar]

Traffic caps can be measured at the router, they do not have to be done at the cable-modem end.

Bandwidth caps can be measured at the router too. That's how they're catching people that uncap their modem.

It makes a lot more sense to do it at the cable modem. If they do it at the router, you basically end up with dropped packets. If people keep relentlessly uncapping their modems, they'll start capping it at the router as well, but it will make life more difficult for everyone involved.

Re:My Opinion

[kelnos]

sure, you can do that, and they have every right to refuse you service when you do, since most of these blanket contracts usually have a clause in them that basically say they can terminate your service whenever they damn well please.

Re:My Opinion

well under my new modified TOS, theres a disconnection fee that they would owe me :D

btw, my posts arent really meant as realistic solutions, they are merely cynical jabs and wishful thinkng.

Re:My Opinion

[squiggleslash]

I meant traffic can be measured at the router, so you can enforce a "cap" (a traffic cap being a billing issue, not a technical one like a bandwidth cap.)

The way cable networks are set up, you can't enforce a bandwidth cap at anything other than the modem. Oh, sure, you can probably make a router that will drop excessive packets, but for outgoing packets, at that point it's a little late.

Re:My Opinion

[The+Vulture]

While uncapping a cable modem cannot change monthly download limits, uncapping a modem certainly can remove speeed limits imposed on the upstream. That's one of the major reasons for uncapping a modem, to get more upstream bandwidth.

There's two sides to how much bandwidth is allowed to your cable modem, the modem, and the headend, called the CMTS (Cable Modem Termination System). As part of the modem's configuration file, there's either a Class of Service (DOCSIS 1.0) or a Quality of Service (DOCSIS 1.1/2.0) that controls how much upstream and downstream bandwidth you can get. On the CMTS, you can setup policies that dictate how much upstream and downstream bandwidth the CMTS will allocate per modem.

Most operators enforce the limits at the CMTS end (additionally specifying it in the modem config file), so that the values given to the cable modem are used just so that the modem doesn't waste it's time trying to push out/grab more bandwidth than the CMTS will let it have (in that case, the CMTS just wastes clock cycles in dropping packets from modems). However, if you don't enforce the values at the headend, then whatever the modem thinks are the correct values stands, and if you alter the config file, well, you've just increased your bandwidth.

-- Joe

Re:My Opinion

oh yes, your poor ISP with a 52 MB cap. LIKE WE CARE!

Re:My Opinion

They don't have to put it in the contract, it's basic property law. Cox owns the modem, not you. If you modify it without permission then they can prosectute you and/or terminate your service under the vague "illegal activity" clause.

Re:My Opinion

[cayenne8]

"They don't have to put it in the contract, it's basic property law. Cox owns the modem, not you. If you modify it without permission then they can prosectute you and/or terminate your service under the vague "illegal activity" clause."

Once again...no they don't own the modem. I purchased it myself off amazon.com...saving myself about double the cost if they had provided a modem for me.

Re:My Opinion

[dfj225]

That is why monopolies are bad. People complain about MS, but at least if you get really pissed at them you can download linux for free or buy a Mac. With broadband, at least in my home town, you are stuck. We can only get broadband over cable from Comcast because the central office is too far for DSL. So I'm stuck with Comcast's TOS for as long as I want speeds faster than 56k.

Re:My Opinion

[quantum+bit]

It makes a lot more sense to do it at the cable modem. If they do it at the router, you basically end up with dropped packets.

Ummmmm, if you cap it at the cable modem and max out the cap there, you still end up with dropped packets. That's how IP works. If there's not enough bandwidth and the queues are full, drop the packet -- TCP takes it as a hint that it's sending data too fast.

Re:My Opinion

[waileepai]

Better just keep an eye on your credit report if you have something at a collecion agency.

That $20.00 will show up when you least expect it (like when you're trying to get a good rate on a mortgage) as well as the fact that your creditors pretty much have open license to raise your rates when you are late paying ANY of your other creditors or even utility companies.

Re:My Opinion

[Altrag]

Actually he said:

It cannot remove speed limits imposed upstream

as opposed to speed limits imposed on the upstream (upload) side of the connection.

that is, he was referring to the fact that instead of capping you on the modem in your house, they should be capping you on their servers/routers/etc that you dont have physical access to.

Re:My Opinion

[John+Hurliman]

I think the parent poster meant upstream as in higher up in the chain of your wide area network, rather than the upstream capabilities of your connection. If all your traffic routes through a traffic shaping box before connecting to a mainline, you could build your own super modem for all the ISP cares and the traffic would still be limited at the ISP level. The reason uncapping works is because a lot of cable providers do all the bandwidth limitation in the cable modems themselves. Cable providers: what have we learned about placing trust in the client side today?

Re:My Opinion

You doubled your o's in "lose" but halved your p's in "stopped". Might want to check your parity bit :P

Great, the bandwidth hogs

[Gr8Apes]

will be quickly disconnected! More bandwidth for me!

Re:Great, the bandwidth hogs

[haplo21112]

F U...You have the whole issue backwards, if the Cable company would just provide enough bandwidth all all users could go at thier full speed In my case 2/256 all the time...there wouldn't be any such thing as a bandwidth hog...I pay for a cable modem which is supposed to go at 2/256, and I don't think its at all unreasonable fr me to expect it to go a 2/256 whenever I want it too, and if thats all the time because I download/upload alot of stuff...(I ftp stuff back and forth from work, as well as send a shoutcast stream to myself at work so I can listen to anything in my music collection whicle I am at work)...then so be it, Its my Fing right as a customer to use what I purchased.

Re:Great, the bandwidth hogs

[smellystudent]

if the Cable company would just provide enough bandwidth all all users could go at thier full speed

then they'd quickly go bust. Bandwidth costs money. The cable companys survive by overselling their bandwidth. Yes, they screwed up when they didn't foresee people actually making use of the "unlimited" bandwidth. However, demanding it now isn't going to do anyone any good.
At least with ADSL, you are told what the contention ratio is. We've got a 2/256 uncontended ADSL line in the office, and it's blazingly fast thankyouverymuch. It costs GBP340 per month, which is less than half the cost of the 256/256 leased line it replaced.

Re:Great, the bandwidth hogs

[Rostin]

I pay for a cable modem which is supposed to go at 2/256

I'm sure you do, but probably not in the sense that you seem to think is "reasonable." If you are like most people, you are paying for a modem which has been capped at those rates, which I'm sure you'll agree is a different thing entirely. It is "unreasonable" that you don't get 2/256 all the time only if you were guaranteed 2/256 continuously. I really doubt that you were. It is your right as a customer to use what you purchased, I agree. But it is not your right to expect service from your internet provider that they didn't agree to up front, and it sounds to me like you are griping because you didn't/don't understand what you agreed to, which really isn't anyone's fault but your own.

Re:Great, the bandwidth hogs

[haplo21112]

No actually I am targeting the people at acuse others of being bandwidth hogs for using what they purchased. I use my line to the maximum it is capable 2/256 nearly all the time. For this I am labeled into a group called bandwidth hogs. I recognize that the line doesn't always go that fast and unless its esspecially low I don't gripe about it, I know I have to share with others, and others do high bandwidth activities will reduce the whole. However I don't feel its my fault for using what I have bought that I might drag down others bandwidth. If the throughput of an individual node can significantly degrade the entire network then my cable provider needs to provide more bandwidth.

Re:Great, the bandwidth hogs

[Mr+Guy]

I don't think you are what most people are complaining about. I agree, if you burn your ALLOTTED bandwith at full speed most of the time, I should STILL be able to use my full speed when I need it. The ISP should account for YOUR bursts matching MY bursts.

When people start getting pissed is when your bursts are higher than they are allowed to be, causing your burst to block my bursts. If a neighborhood has a bunch of computer geeks, the correct response is for the ISP to allocate higher burst rates. However, if the neighborhood has a lot of uncappers, the correct response is to get the law involved or simply to terminate their contracts.

It's the whole "right to swing your fist" argument.

Re:Great, the bandwidth hogs

[kelnos]

that's correct, but i think you're missing the point. this article is about uncapping your modem so it is capable of transferring data at speeds _above_ what the cable company advertises. if you're not even getting what you're _supposed_ to get, uncapping the modem isn't going to change anything.

certainly, if you're promised 2/256, that's what you should get. but that's a separate issue.

Re:Great, the bandwidth hogs

[neko9]

my cable modem is capped at 128/64. am i bandwidth hog too? i'm sitting on p2p 24h a day.

Re:Great, the bandwidth hogs

[jrmann1999]

If you read your EULA or whatever relevant document that you implicitly agreed to by buying your service, you'll probably notice the CIR(commited information rate) is MUCH lower than 2/256. DSL circuits are the typical example of this, but Cable has the same limitations. a 1.5/384k dsl circuit usually has a CIR of 384/128k. If they can reasonably prove they are providing the CIR for you, your contract is fullfilled. That's another reason why T1 and greater are more expensive, they typically have a CIR close to their full speed maximum.

Re:Great, the bandwidth hogs

[BandwidthHog]

Ahem.

Re:Great, the bandwidth hogs

[Qzukk]

It is "unreasonable" that you don't get 2/256 all the time only if you were guaranteed 2/256 continuously.

By this logic it is entirely reasonable to expect your car to explode when you start it, flatten out into a pancake when you put it into gear, and turn an ugly shade of green if you park it outside. After all, nobody guaranteed you it wouldn't when you bought it.

I'm with parent to an extent. If I bought service that said that I had max 2MB/256K, I'd expect to be able to reach something approaching that max. Thats why when I was looking for broadband, I looked for the companies that said if I could not reach that speed, I could choose to downgrade to a lower plan without a penalty or cancel with a refund. Parent should have done that due diligence.

Re:Great, the bandwidth hogs

[haplo21112]

I totally Agree, I don't want more than I am given, just what I bought....uncappers are scum.

Re:Great, the bandwidth hogs

[haplo21112]

Nope your not a hog in my eyes, your just using what you have been given, to the fullest capacity...unfortunately the guy who started down this path seems to consider anymore who is more than an occasional user a bandwidth hog.

Re:Great, the bandwidth hogs

[neko9]

phew... i am relieved.

Re:Great, the bandwidth hogs

[Gr8Apes]

This was a tongue-in-cheek post with a little bit of self-serving greediness thrown in.

Downloading Debian pretty much places me in the bandwidth hog arena for a while. :)

dropped carrier

[sinucus]

I'll have to say that with all the draconian rules being put in place with cable providers that I don't see this as being a new playground for crackers. You'll likely get dropped quicker than you can refresh the BIOS on that cable modem of yours. With DOCSIS compliant cable modems you'll be sure to know that the cable modem company DOES know what you're doing with it.

Re:dropped carrier

[ErichTheRed]

Yup, lots of people don't realize that. Especially over the last two years, cable broadband has emerged from the Wild West period. Now providers are actually looking at what's going on in their networks, and going after people who are stealing service. Of course, they don't have time to crack down on everyone, but they can easily collect statistics from the routers.

The thing that stinks is that our provider is great. They block a few common ports inbound to prevent casual abuse, but that's about it; it's fast and stable! Uncappers may ruin it for the rest of us with this firmware mod.

Re:dropped carrier

[clarkc3]

Of course, they don't have time to crack down on everyone, but they can easily collect statistics from the routers.

they dont have to take any special/extra time to crack down on them - they can check that with scripts, flag the account, and disable the modem.

Re:dropped carrier

[sinucus]

8 years ago or so when I first got my cable modem it was quite easy to hack the modems. Most of them had exposed serial ports to plug into. Some providers back in the day left access to their control matrix on the network. All I needed was the user/pass which was the same for all workers. A quick keyboard logger and a service call later and I have root access on the network. Then when DOCSIS 1.0 came out all you had to do was build a linux box and a BOOTP server and uncapped modem again. Then DOCSIS 1.1 came out and changed all that. Now uncapped cable modems last all of about 1 min when the new script gets sent to the modem. If you want fast internet, either get a job at a very rich company or go to school.

Re:dropped carrier

[LordKronos]

They may get worse than just being dropped. Wasn't Comcast the company that sent out bills for nearly $1000 a few months ago to customers that they found to be using modified cable boxes to steal movie channels and PPV? I wouldn't be surprised if uncapping your cable modem is in some way prohibited by some FCC regulation and these hackers get a letter saying "pay us or pay a lawyer".

Re:dropped carrier

[xoran99]

Well, I've been using my newly uncapped cable modem for several minutes now, and there's absolutely no sign of som++++++++----------[NO CARRIER]

VxWorks?

[Quasar1999]

It ain't free like linux is... so not only are they violating their AUP from their service provider, these guys are using software that they didn't pay for? WindRiver is gonna be pissed!

Re:VxWorks?

[MissP]

I agree. Even after you buy the $25,000 development system, you still need to pay a negotiated licencse fee for each system you distribute. I expect there will be another chapter to this story shortly.

Re:VxWorks?

[confused+one]

VxWorks is the OS the modem is running -- it's already installed. The hackers are just taking advantage of a built in (but unused) feature to get an rlogin.

What will the companies do?

[toasted_calamari]

I have heard stories of cable companies coming down *extremely* hard on uncappers, doing things like banning them from having cable service for life and other such actions.

Given this, and the actions of DirectTV towards those who buy smartcards, I wonder what the cable companies will do.

Will they ignore those who download these firmwares for the advanced features like the remote terminals and have no intention of uncapping, or will they treat everyone who re-flashes their firmware as a "criminal".

Re:What will the companies do?

[vpscolo]

From a business point of view I can sort of understand. A cable provider only has so much bandwidth and if everyone used all of it at once the network would die. Of course they can ad more bandwidth but someone has to pay for it, and in this case it would be customers

Rus

Re:What will the companies do?

[DOCStoobie]

Well, some cable ISP's actually have it set up to where the CMTS (cable mdoem termination system) verifies both the modems firmware and config file source, to ensure that the modem is legit, and if the source doesn't match ... the CMTS won't route packets from that modem, or even allow it to pass on DHCP to the user's PC/router, so this will only work on some Cable systems

Re:What will the companies do?

Precisely. Even if the CMTS doesn't take care of it, when I was working at Time Warner they'd run tests periodically that would grab all sorts of info about every modem that was online. One of those pieces of data was information about the firmware (MD5 sum? filename? I'm not sure). In any case, they could tell if you were using the wrong file.

Re:What will the companies do?

The best part is when these violaters get busted they will be completely screwed. It's not like they can choose another cable provider. You get 1 and that's it. They will have to go deal with a shitty overpriced dsl connection now which is half the speed of their former cable one.

Re:What will the companies do?

[Thavius]

or will they treat everyone who re-flashes their firmware as a "criminal".

I don't think it's so much, "Criminal" to them. It's more of "problem customer." Akin this to the guy who comes in your audio/video store, plays your demo system for 4 hours and breaks a controller, knocks over a display, moves a bunch of DVDs, then buys a $3.99 tape. Sure, he's a customer, but one that does more damage than brings in revenue.

Re:What will the companies do?

its akin to that person buying a 3.99 video and stealing an additional video.

its iflat out illegal. you are just getting more than you payed for, you are breaking the agreement and taking more service.

same with cable descramblers. just because you pay for some of it, doesnt mean its legal to take the rest.

Re:What will the companies do?

[infra-red]

Well, I know that up here (Ontario), customers do not own the Cable Modems. So if you do anything to the provided modem, you are tampering with property that isn't yours. I'm pretty sure that there are some laws that would come into effect here. Changing the firmware would probably qualify as tampering.

I suspect you could face both civil and criminal charges doing this.

Re:What will the companies do?

[dillon_rinker]

A friend of mine works in the network abuse department of my town's cable service. He calls people that have been identified as flagrantly violating the TOS. If they refuse to cooperate, the phrase he uses is "I'm sorry, your high-speed experience is over." His company then terminates the agreement with the customer and refuses to enter into any future agreements. So yeah, banned for life is about right.

(Names have been withheld to avoid offense of our corporate masters).

Re:What will the companies do?

> I don't think it's so much, "Criminal" to them. It's more of "problem customer."

I strongly suspect that the two terms will become synonymous within a few years :-(.

spokesman?

[imag0]

SecurityFocus asked four U.S. cable modem service providers if they protected their customers with the encryption option....a spokesman for Time Warner's Road Runner service didn't return repeated phone calls on the question.

That would be a "no"

Cool, I got a SB3100. I'm in like Flynn!

Re:spokesman?

[sponge_dan_square_pa]

I had RoadRunner for 2 years in Ohio. That entire time, I kept thinking to myself "This has got to be faster than 256Kbp/s!". I finally benchmarked my throughput and it was JUST UNDER 9Mbp/s! Let me tell you, I fixed all my internet acess problems myself from then on. A few months before I moved, my service went down and I was forced to call in for help. I got a comment from the techie - "Oh, this is interesting! Allright, your service should be back on now.". It was never the same :(

Re:spokesman?

[aonaran]

Truth of the matter is MOST cable companies don't use encryption for one very good reason.

Encryption slows it all down. The biggest battle a cable ISP has to fight right now is public opinion on the SPEED, not security, of the network.
A lot of them already have to push headend equipment to the limits to serve all their customers and still make a profit to pay back all the loans they got to put the internet service up in the first place, adding encryption to the modem to headend link would slow things down, requiring them to double their investment in headend equipment so that they would have routers capable of doing all the encryption on all that traffic. ...then it only ecrypts it on the RF plant, which is already protected by the Docsis modems built in feature of not forwarding anything to you that isn't meant for you. (which yes, this hack if modified a bit could get around) ...in any case, say joehacker modifies his modem and starts snooping traffic on his local segment of the RF plant. Now he's going to see all the traffic between his neighbors and the net, but still not see his neighbor's home network unless his neighbor hacks his modem to let him see it.

His neighbor is still using SSL to log in to the bank, so big deal. Joehacker now can watch what pages his neighbor visits, but not a whole lot more.

If CableCo1 turns on encryption Joehacker can no longer view his neighbor's web surfing habits, but that's all he loses. (and remember this hack is brand new and probably will spur on increased security) The real threat to the average user is someone trying to get a trojan horse onto their machine so that they can hack the neighbor's (or preferably someone far away's) machine and get credit card info or just be a general nuisance. This sort of activity is not hindered at all by encryption between the headend and the customer's home.

Like I said, this will probably spur on an upgrade cycle to allow encryption on all your conenctions, in the meantime, if you are paranoid about a hacker down the street knowing you visit hustler.com on a regular basis use an ssl encrypted proxy service. There are plenty of them out there.

That's all I have to say on this subject.

Re:spokesman?

[The+Vulture]

I'm still monitoring this story for interesting responses. I work in the cable industry, so this is big news for me and the company that I work for.

Anyway, a lot of the equipment in the field is older, and at the moment, I don't know of any cable modem, or CMTS chipsets that actually provide hardware encryption capabilities, therefore it's done in software. BTW, the data is encrypted only between the cable modem and the headend (CMTS), therefore all the encryption protects you from is somebody setting up a CATV sniffer somewhere between your house and the cable plant. Since that equipment is relatively expensive (last I checked, $30K), your chances of being sniffed are pretty slim, unless as you said, Joehacker turns his cable modem into an RF sniffer (definitely possible).

The encryption (BPI/BPI+), while doing encryption, also performs a more important function (especially BPI+) - they give the cable operator an element of trust, in other words, if you say that you have the "Foo XYZ" cable modem hooked up to their network, they can tell by the crypto info that you in fact do have that modem hooked up (or they can tell that you have "Bar ABC" hooked up. This is somewhat important to them, so that they can keep the "bad element" out of their networks.

BTW, the encryption isn't the only thing done in software. Like I said earlier, a lot of the equipment in the field is pretty old, so concatenation (which does what it's name implies, it concatenates packets before sending them upstream), while done in hardware on most Broadcom-based modems, is done in software on most CMTS'. This slows things down a bit as well (but the numbers show that concatenation really does improve performance, i.e. from 200 to 1000+ packets per second, 64 byte packets), so they use it heavily, despite the slower processing.

Comcast is doing quite well on the speed issue. I was previously provisioned to 1.8Mbps down, 256Kbps up, and I believe that I was recently changed to 3Mbps down/256Kbps up. I'm getting much better downstream speeds than I ever got from DSL.

-- Joe

Is this right?

[ObviousGuy]

It's a simple question: Just because you can, should you?

Re:Is this right?

[vpscolo]

If everyone else is doing it should you? If you best friend jumped off a cliff would you follow?

Rus

Re:Is this right?

[Quill_28]

Good question and a fair one.

With an uncapped modem you are basically stealing for the other users(at least in heavy load times)

Re:Is this right?

[gl4ss]

with uncapped cable modem you're basically posting a banner in your window "HEY CABLE COMPANY, I'M STEALING BANDWITH!!!!! COME AND DROP ME, MIGHT AS WELL SUE!!"

it's not really like they don't know you have the thingy.. well maybe if you hacked it enough you could sniff some other users mac id,or whatever there's in those things to seperate them from each other. there's no pppoe here anyways on cable modems usually to handle the negotiation, it's basically that you just stick the cable modem that obviously is somehow identified to the cable jack and then connect a computer to the ethernet connection of the cable modem.

anyways the possible negatives from getting caught outweight the little positives of getting few kb more by a quite wide margin(most probably you'd be just not breaking the tos but the law as well).

Re:Is this right?

[presearch]

Besides, you could poke an eye out with that thing.

Re:Is this right?

I'm not sure. What's at the bottom of the cliff?

Re:Is this right?

[the_mad_poster]

As a young Dilbert once told his mother after she pestered him about skateboarding at a construction site:

Well, that depends on a lot of factors, including height, training, and equipment. But if 100% of the participants said they enjoyed it -- as in my skateboarding example -- then I would conclude that it was safe.

Very neat

[BenDalton]

now if someone could do this for my cable modem. Although, I have to wonder how many people will use this to uncap their cable modem only to get in trouble by their provider. In this society, i wonder how long until the developers get sued by the people installing it on their cable modems because they got prosecuted by their provider? Sigh... what a nice little circle

Spelling nazi...

[Ineffable+27]

It's 'hoobyist.' Sorry....

Re:Spelling nazi...

[Ineffable+27]

Aaagh! I meant 'hobbyist'! Sorry again....

Re:Spelling nazi...

Spaz.

Re:Spelling nazi...

Hobby,

Hobbier,

Hobbiest.

D00d, my cable modem is teh hobbiest!

Re:Spelling nazi...

[troc]

Is a hoobyist someone who discriminates against hoobys?

If so will all companies eventually be forced by law to employ a certain number of hoobys in some sort of perverse positive discrimination?

Will we get "hooby rights marches" and will Holland allow two hoobys to get married?

Enquiring minds etc etc

troc

Re:Spelling nazi...

The superbowl is over. You can forget Ms. Jackson now.

Increasing Speed

[vpscolo]

Of course you can always setup a compressed SSH tunnel to speed up the text part of web browsing. I've found you get get upto 400% increases which is nice :)

rus

Re:Increasing Speed

Of course you can always setup a compressed SSH tunnel to speed up the text part of web browsing. I've found you get get upto 400% increases

A tunnel to where exactly? That only works if you've got a shell account on an external server which has extra bandwidth.

Can you read the text 400% faster too? ;-)

Re:Increasing Speed

Of course you can always setup a compressed SSH tunnel to speed up the text part of web browsing

I'm sure people wanting to uncap their modems won't be interested in text websites. MP3s, movies and w4r3z are already compressed...

Re:Increasing Speed

[spectrokid]

Which would assume you have a computer on the other side for decompressing...

Hmm...

[Pxtl]

IANAA (I am not an admin) but shouldn't bandwidth capping be handled at the ISP's end, through a transparent proxy? Not through the cable modem? At the very least couldn't they just have the system automagically cut off service when the packets start flowing too fast, rather than getting into the legal minefields? Then they could say "I'm sorry, our system does not support uncapping" when someone tries and finds their machine not getting anything. Seems a more elegant solution than simply hoping nobody will try and then hosing lawyer hours at them when they do.

Re:Hmm...

[hattmoward]

The thing is, within a few blocks of you, cable modems are pretty much all working on the same piece of wire. There is a good amount of bandwidth to share out there (sorry, I don't remember, but it's A LOT), but if you use a transparent proxy, it's still possible to saturate the local segment and irritate other users. A solution using a bandwidth arbitrator for routing to users may work, but if all the cable modems run in full-speed mode, you get bursty connections while each modem waits its turn to go full-saturation. Unfortunately, uncappers don't realize that they're potentially screwing over someone else. I think that's the big beef that the ISPs have... They already planned for a high potential bandwidth, it's just that when you go from 1.5 to 3 Mbps, you're giving yourself a bigger timeslice on the wire. Other than that, DOCSIS (in its most common configuration) is a very Big Brother-ish protocol, and your ISP will know what you're doing the minute you do it... unless they're a bunch of monkeys with wire (read: Comcast).

Re:Hmm...

[larien]

Monitoring/limiting bandwidth usage by clients at the ISP end probably incurs a performance penalty while you're monitoring; therefore it's probably cheaper to have the client check it.

Re:Hmm...

[Quixadhal]

Yep, it's one of the oldest lessons in the book. NEVER trust the client. ALWAYS do any authentication, state-management, etc on the SERVER side.

I preached about this to Blizzard Entertainment for ages (via email, and on their forums) and they STILL don't get it. The client should only get access to the data it needs, and any data from the client must be sanitized and verified before being accepted.

In the case of cable modems in a WAN, relying on the customer-installed cable modem, residing on their property -- where you DON'T have full control of it, to handle security or resource management is like asking people at the buffet to only take one plate of food.

The best way cable ISP's can handle this is to have the first tier routers do bandwidth shaping, and put both soft and hard caps in place. If you exceed the soft cap for more than N minutes, you get clamped, and you can't exceed the hard cap at all.

Of course, if we could just make spamming a capital crime, there would be PLENTY of bandwidth to go around! :)

Re:Hmm...

[tazanator]

Well this is comcast.. My tcpdump shows ARP traffic on my cable modem from 4 different class B subnets(XX.XX.xx.xx), and even 2 class A subnets (XX.xx.xx.xx) I could understand a class C subnet(XX.XX.XX.xx) but not traffic in class A corporate down at end user. I'm in Indiana and seeing customers in California reply to ARP's... wasted bandwidth. With this much ARP traffic allowed thru the routers it's no wonder they are short bandwidth and kicking bandwidth hogs. Comcast has great speed but at very high cost (about $60 in my area) and the limits and additional overhead they build into the network it's no wonder the people hate them. If I can wean my 10 year old daughter from the TV I will cut the cord and go to DSL (I want to run a game server anyways and DSL is only $30 out here). I am not surprised people uncap and reconfig the cable modem ... they do it to phones (voicemail, speaker phones, heck the ham's started long distance connecting the ham radio to a phone to get longer distance with out the bill), why should the inovative spirit stop at the cable company?

Re:Hmm...

Not a bad idea.
Companies could hide behind incompetence instead of resolving problems... Wait.

-- I randomly moderate down people who moderate down people who describe their abuses of the mod and metamod system in their sigs. --

Re:Hmm...

[UID30]

couldn't they just have the system automagically cut off service when the packets start flowing too fast, rather than getting into the legal minefields?

You have obviously lost touch with your inner lawyer. :)

IMHO, the best solution is to alter the terms of all contracts with users (those who wish to cancel service can do so) ... the new contract should have a monetary charge in the order of cents per kilobit per second in excess of whatever the modem cap is. anybody that wants to uncap their modem, therefore, is welcome to do so ... and get a big ass bill the next month.

Re:Hmm...

[really?]

You said:
Of course, if we could just make spamming a capital crime, there would be PLENTY of bandwidth to go around! :)

You, my dear fellow, are one sick puppy. I like you!

Re:Hmm...

[Jeff+DeMaagd]

I'd think a technical solution would be better. I don't know the details of the business or the upstream hardware. Lawyers cost a lot of money, but it is possible that sending a lawyer after five users in a thousand is cheaper than replacing or upgrading to do ISP-side caps.

Re:Hmm...

[Grym]

Yes, you're right, they could do it that way, but this makes for a huge scale-ability problem, because policy-enforcement (or QoS, whatever) at the router/application level is CPU intensive.

While it might look more "elegant" from the user's prospective to have bandwidth capping on the ISP-end, when you're the ISP responsible for millions of customers, a few (or few hundred) less CPU cycles/sec/customer makes a hell of a lot more sense.

Despite the fact that it's in your house, the cable modem isn't yours--it belongs to the cable company. You're buying the service NOT the hardware. This isn't any different (or any less illegal) than modifying your digital cable receiver to get all the PPV and premium channels.

Actually, I'll go back on that last statement. It IS different in that when you take PPV or premium channels, you aren't limiting the channels available to other users. So, in this view, uncapping is worse than modifying your cable-box, because you are consuming bandwidth that could be used for other customers.

What most people don't understand is that bandwidth caps are a necessary evil to make home internet connections under hundreds of dollars per month. Without caps, ISPs simply couldn't provide the same level of service to as many customers and would therefore have to charge more per customer. I shudder at thought of the outcry we'd here from the same people who are uncapping if they did that.

If your service is slow, limited outrageously, or ridden with packetloss, fine, one could argue that the ISP isn't keeping up their end of the deal, but find another ISP (or if you can't, bug them enough until it costs more to fix/change it than it does to have a tech person talking to you all the time). Don't uncap, you're only making the situation worse.

-Grym

Re:Hmm...

[asdfghjklqwertyuiop]

I preached about this to Blizzard Entertainment for ages (via email, and on their forums) and they STILL don't get it.

Blizzard has been ignoring you because you don't know what you're talking about. It is simply not possible to design a game that has all sensitive computation being done on the server. The game will not be playable over the internet. It simply won't perform well enough.

Re:Hmm...

Most cable companies, including the ones I've worked with are using QoS on their routers to enforce and monitor folks uncapping their cablemodems. It is detectable, and the average cisco 7xxx router can handle it without breaking a sweat.

Re:Hmm...

[asdfghjklqwertyuiop]

IANAA (I am not an admin) but shouldn't bandwidth capping be handled at the ISP's end, through a transparent proxy? Not through the cable modem?

What does a transparent proxy have to do with limiting bandwidth?

Anyway, you can't forcefully limit someone's transmit bandwidth at your end. Think about it... they can shout the packets across the wire as fast as they possibly can. You can either drop them beyond a certain threshold, or you can place them into a queue on your end and bring them out of the queue at a certain rate of your choosing (this is called 'policing'). What else are you going to do? In either case, the bandwidth of the actual wire is still being consumed by the sender. The receiver is just not playing along.

You can't force the remote end to transmit at a lower speed. Unless you trust the client and then monitor what it is doing like cable systems currently do.

Re:Hmm...

You can't force the remote end to transmit at a lower speed.

What do you think will happen when the proxy server hands back packets at a slower rate?

Of course you can flood the network by starting up a dozen bittorrent sessions but how many people do that?

Re:Hmm...

[asdfghjklqwertyuiop]

What do you think will happen when the proxy server hands back packets at a slower rate?

Again, what does any of this have to do with a proxy?

The Router can slow the rate at which it forwards your packets, and yes that should effectively slow the application down.

But you still need some real upstream limits in case the remote machine is performing a DDOS attack (either because it was cracked or is being run by some retard who is intentionally performing the attack).

Re:Hmm...

[QuantumRiff]

The problem is that there is more than one user at the ISP end. My neighborhood has 650 houses that are on one fiber headend, this is not active cable modem users, but houses. (actually about 100 active data accounts) Our service has so many "channels" of digital service set aside for internet, and they are shared among all these houses. If they cap my bandwith at the ISP headend, I can effectively DOS all of the people in my neighborhood that have cable modems. Sure, i won't swamp charters 45MB connection out of town, but my neighbors will not be able to do anything. I will be the proverbial 1% ruining it for the rest. By limiting it at the cable modem, they are forcing users to be nice net-neighbors.

Re:Hmm...

[tc]

To be more specific: It's clearly possible to design certain kinds of games where all the authority is in the server - for example first-person shooters typically work in this fashion. The trouble is that those techniques don't apply so well to some other game genres, notably RTS games.

In the typical client-server style, your bandwidth requirements to an individual client scale with the perceptual complexity of the game to an individual client. In most FPS games, the complexity is relatively low - only a few units moving around that a client can see at any given time. If the complexity grows, things grind to a halt (try this with a large Quake level that's just a huge open box filled with rocket launchers - the performance sucks).

In RTS games, the perceptual complexity of the game is large. There may be hundreds of units that the client can see at any one time. In order to cut-down bandwidth requirements, a different network model is required. The usual solution is a lockstep model, where clients exchange user-inputs and each models the world deterministically. This means that bandwidth now scales only with the number of clients, and that the game can have arbitrary perceptual complexity. The drawback is increased latency (to allow for buffering, since the packets now have to be transmitted reliably), and less ability to do things like join-in-progress. Fortunately, those drawbacks are less of an issue for most RTS games than for shooters.

An additional drawback of the lockstep model is that every client needs a complete state of the world, even if it is not displayed to the user. This allows client-side hacks (e.g. subverting fog-of-war), which are indeed problems.

Combining the best of both worlds would be great, but nobody has figured out a way to do it in a satisfactory fashion yet.

Re:Hmm...

[ryanwright]

It is simply not possible to design a game that has all sensitive computation being done on the server.

What does a game need to send to the server?

- Character data (who you are, what you're saying)
- Positioning data (where you're at)
- Action data (spells you're casting, etc)
- Item data

The latter is where problem start: People can hack an item to give them whatever power they want. Then the client says "I'm doing 1,000 points of damage with my bare hands" and the server just eats it right up. There's no reason why this data cannot be checked! When I attack, the conversation should be:

Client: Attacking Hog Troll 125421 for 850 points of damage.
Server: OK, you're holding no weapons and wearing no armor. I know this because the last time you modified the items on your character, the client sent the data to me. The max damage you can do with your current outfit is 5, so I don't know what you're smoking. Request denied.

Re:Hmm...

[asdfghjklqwertyuiop]

Yes, you can design a game where some of the senstive stuff is done on the server. But some things are just too hard. I would guess cheats that give you extra visibility (map hacks) are one of them, because such cheats are so common.

Re:Hmm...

[Tinidril]

charge in the order of cents per kilobit per second in excess of whatever the modem cap is.

And then just for fun I'll start generating gobs of traffic from my 7mbps link to anybody I don't like who uses that ISP. If the kbps charge is set high enough to be a deterent, I ought to be able to do some real damage. :)

Re:Hmm...

[b1t+r0t]

Furrfu! Back in the days of Nimda, this was the thing that really brought the cable modem networks to their knees... the large amount of ARP bandwidth being taken up by all the packets being sent to "nearby" IP addresses and all the ARP requests being echoed nationwide. I'm surprised Comcast still has a network configured this way, but then someone in this article has called them "monkeys with wire", so maybe they really are that stupid.

Re:Hmm...

[Eraser_]

ARP traffic coming out of california is an obvious mis-configuration, however seeing the various classes of addresses is not. IIRC cable comapnies were given the class A "24" to play with as they chose. When you get a DHCP lease in the 24 network, it should be chopped up by a subnet mask (like, 255.255.255.0) which turns it into 255^2 class C net blocks.

Your analogy to the phone system is flawed though. Speakerphone, answering machines (voicemail), people talking over HAM radio instead of picking up the phone all involve nothing which harms the Telco, or your neighbors. When you sign up for service, you agree that you will buy 1.5m/256k for $60/month. When you uncap your modem, you now use much much more than that, but at the same price. I would go after you as well.

If I generated electricity in my back yard with buttered toast and a cat, and then agreed to sell you a kilo-watt of energy every hour, hooked you up to a transformer which would only provide that much juice, and you came in and recalibrated it to give you two kilowatts per hour, I would either bill you twice as much, or cut you off. The only difference there is I'm not "the big bad cable company" nor THE MAN.

Plus, why not ditch your $60/month internet, and go with $30/month DSL, anyways? OR did that $60 include some form of CATV watching as well? I bet you want free HBO as well, since it's just a config in the box restricting you. It's just the lock on my door keeping you out of my house. I'll hit you with a baseball bat if you break it, though.

Re:Hmm...

[quantum+bit]

Other than that, DOCSIS (in its most common configuration) is a very Big Brother-ish protocol, and your ISP will know what you're doing the minute you do it...

I don't really care about uncapping, but it would be nice to have a hacked firmware image that would pretend to speak DOCSIS but not actually give them any power to monitor or change anything...

Re:Hmm...

[UID30]

excellent idea! thus making anybody who has uncapped their modem vulnerable to large monetary loss. could even have different rates for upstream vs downstream! yes!

Re:Hmm...

[freakmn]

Umm, the modem determining the speed is kind of how it's done in the networking world, AFAIK. In a WAN (Wide Area Network) connection, there are 2 ends, the DCE and DTE. The DTE is the ISP end. It is essentially dependant on the DCE to set the clock rate. A router can be configured to set the clock rate, but I don't think the modem can be set to listen to it.

Re:Hmm...

Capping people can be done. The problem with most cable companies is they are relying on the CPE for capping. This is ok, but someone could alter firmware to not display true bandwidth. (i.e. return back from the snmp query what the config file dictates, not what it actually has.) There are devices out there by Allot, Packeteer, etc. to do rate shaping. I work with docsis on a daily basis (no, no cable companies) and we catch them after they exit the CMTS. So if a customer does manage to get their modem wide open, the best they can do is blast wide open on whatever the channel bandwidth is (in an RF perspective) to other customers on the system and thats it. Anything that exits CMTS is shaped. Sure you can DoS your neighbors so to speak. (max bandwidth, highest priority, etc), but if you're rate shaped to the internet, its rather useless for you. If you sit down to see how docsis systems work, chances are you could probably find other ways to cause pain and heartache for your neighbors via the cable network if you really wanted to. Since your neighbors are most likely running windows, probably good chances they've picked up a virii anyway and various other pieces of spyware that you wouldn't be too much of a disservice as they wouldn't know any better. :)

One final thing I'll add is that if the motorola modem allows for port 80 to be connected to on the HFC interface, then these people will be easily caught. (I don't know off the top of my head if they allow for connections via HFC interface and too lazy to go to lab to test it.) How? Look for the specific url. If end user disables port 80 and cable company didn't in config files, you flag everyone with that mac address/ip address that doesn't have port 80 enabled. If its not disabled, look for tcniso.html and if the page returns then you nabbed them. Keep in mind, I'm not rooting for the cable companies, not a single one of them has done anything to combat spam incoming and/or outgoing on their network correctly. Its been a half-assed job one way or another from what I've observed (and blocked smtp side). I just don't see this as anything major to worry about personally. Then again, I don't know how competent the staff at the various cable companies are either. If the current spam issues dictate it, good chances are this will go used for awhile and probably unnoticed.

Re:Hmm...

[Sabalon]

The things you see when you don't have mod points. An excellant point and good use of the buttered toast and cat power device.

Re:Hmm...

[robknc]

Providers can use a packetshaper.. A lot of cable co's out there already do.. They can limit the amount of traffic by ip address or by individual ports.. I've seen it used to cap all ougoing kazaa traffic to 2.5kbps on the default ports.. They could I guess use the same thing to limit the speed on each ip address to the highest service they offer.. It would be a nightmare to setup, but the most you could uncap your modem to would be the same level as the highest package that the cable co. offers.

Re:Hmm...

[tazanator]

okay first I see "24" "12" and "10" packets when sniffing ARP traffic for more than a few min. The network should be NAT'ed and firewalled into 255^2 Class C but it's not. two it takes people experamenting to discover new ideas look at the wireless stuff we love now that was pioneered by hams in the 80's using Satilites and other device. I do like the cat and butter toast and agree however at the same time realize that they will look for ways to drop the amount of power used and charged for...look at floresent bulbs. Uncapping isn't right but some of the add-ons are pretty tempting. Finally in my area if you get both CATV and Internet you get $15 off your bill so with both "basic expanded" (no movies but more than 13 channels - only way to get cartoon network) and internet it's $98 a month, My daugther loves the Cartoon channels and with her happy it's $30 extra for the cable modem. I would love to drop the cable but tell a kid they are losing cable and they go into shock :) Finally .. keep your baseball bat (I got a 12 ga.) :)

Re:Hmm...

[Tinidril]

Who says the bandwith cap will have anything to do with it? If they are monitoring the traffic at the last hop, they will see the bandwith used even if the cable modem drops the packets.

Re:Hmm...

[Lost+Race]

If your Comcrap smegment is anything like mine, the bandwidth due to the ARP drizzle is negligible. It's about 10-20 kbit/second here, i.e. about 1% of my bandwidth allocation. Yeah, it's annoying because it keeps the activity LEDs lit up at all times, but it's not really wasting bandwidth.

Re:Hmm...

Too bad he doesn't live in CT, NY or NJ. "1.5m/256k for $60/month" would be 10m/1m for $45 a month(at one point I was paying $30).

Re:Hmm...

[Frank+T.+Lofaro+Jr.]

...agreed to sell you a kilo-watt of energy every hour

A watt is a unit of power, not energy. A joule is a unit of energy. Your sentence should read ...agreed to sell you a kilojoule of energy every hour, or a kilowatt of power.

As for hitting people with a baseball bat for breaking into your house, I have a better suggestion. Make some content and put it in your house. Now if you get broken into you can sue for a DMCA violation and get rich!. :)

Monopoly

[lukewarmfusion]

In my area, Comcast is the ONLY option (outside of extremely expensive satellite alternatives). If they want to shut you off, they can. Then, you're screwed. I try not to do anything that will get me in trouble with them. Losing my cable, internet, etc. would be far worse than the tyranny of having my cable modem capped or my speed tiered. The problem is that they know this as well. That's why they can and do take these steps. My solution was the same one that Utah and others were going to do - city/state run broadband. It'd be just another utility and they could certainly offer it cheaper than Comcast. Plus, with the profits going back to the city or state, it would probably help lower/cut taxes. It's probably a simplistic view, and I realize that there are issues with letting the government control your internet access, but it would probably benefit the consumer much more than letting a monopolistic cable company charge $45 for crappy television and $45 more for internet access that goes down for "unscheduled maintenance."

Re:Monopoly

[wampus]

That unscheduled maintenance is most likely "drunk driver ran over the green box down the street." Or it is here, in RoadRunner land... but I have no complaints about RoadRunner, and I see plenty of people with complaints about Comcast.

This shouldn't even be possible

[huhmz]

Here in Sweden the caps aren't in the modems and quite frankly what kind of idiot ISP would do it this way? We are capped at the router or somesuch. I got 8 Mbit on my ADSL though which is maximum for ADSL so im not complaining.

Re:This shouldn't even be possible

errrr...... this is a discussion of CABLE not ADSL. ADSL lines are individual lines to the ISP's DSLAM, whereas cable modems are on a local network loop with other users, hence the need for capped modems......

Re:This shouldn't even be possible

[Quill_28]

Umm.. I believe cable modem use a shared line with other users.
I am certainly no expert but I think it is more difficult with this setup, than with DSL.

But I could be wrong

Re:This shouldn't even be possible

[Jarnis]

There is a big difference in technology when comparing ADSL and Cable modems. Yes, one could argue that the early cable modem standard sucks and is exploitable, but that's what is in use by millions of customers right now.

ADSL is single line from you to your local DSLAM. Zero issues with capping at the DSLAM end.

Cable modem has tons of users sharing the same cable, and the easiest point where you squeeze down what a single user can send/receive to the cable is your cable modem. Yes, there are ways of doing it at the ISP:s end, but they are either expensive or require nasty kludges.

Re:This shouldn't even be possible

[milgr]

The cable company should be able to cap traffic at the ISP based on MAC or IP addresses - assuming that all traffic from a cable loop goes through one router in order to get off the loop.

To limit traffic between cable modems that are on the same loop, they need to either limit the traffic at the cable box, or add a box to the pole.

Re:This shouldn't even be possible

[3Daemon]

Not really sure about the technicalities of cable-modem capping either.

However, I don't understand how so many businesses can actually base their plans on digital boxes being "tamperproof". To my knowledge, nobody has EVER successfully made anything digital tamperproof. DVD players, XBOX'es, Cable modems, Play Stations, all have been hacked. So why on earth do they keep trying?

Sure, it can make for some very tempting business models, but COME ON. It's like building your house on an erodable ledge by the sea, and then whine about it when your property goes bye-bye into the big blue.

Of course, as politicians seems to think such behaviour perfectly reasonable, and even write laws to support it, its never going to go away. :/

Re:This shouldn't even be possible

[jchawk]

Just on a side note for more info. . .

That's what is so cool about the DSL world, everything happens on that DSLAM, so the telco has control over your speeds.

Let's say you upgrade to a faster speed... Well remotely push an update to the port card you tie into that's in the DSLAM, then push an update to the modem and bam... You speed is upgraded.

The coolest thing to do is queue up a large download on the users PC, then push the updates to the modem and the DSLAM and you can actually see the speed increase. :-)

Then you can even remotely tweak the line that the DSL is running on... Not getting full speed that you are rated at? No problem just bump the voltage on the line a little bit and normally the problems is fixed. :-)

Re:This shouldn't even be possible

[gl4ss]

they don't really base it on it being tamper proof, they base it on that people are not so stupid that they will do it. and why they need capping? to make the service profitable or even possible to arrange(the cable can also only transfer so much data).

sure your car can probably go over 150mph, but is it legal most of the time? no.

surely you could try to shoplift some beer, is it legal? no.

sure you can hack the service providers telecommunications systems you're renting and hope you won't get caught, but is it legal? no.

anyways it looks like the authentication of the cable modems around here is done on some MAC on the cable modem, so you can't really go on changing that and they know you bought the thing(they're billing you aren't they) and can figure it out(and usually uncappers max the lines 24/7 anyways) so it's not a really big effort to catch the uncappers.

anyways uncapping isn't a that new thing, and quite usually ends up in your service getting terminated sooner or later. I kind of thought that people had stopped doing it alltogether already..

Re:This shouldn't even be possible

[Muad'Dave]

To my knowledge, nobody has EVER successfully made anything digital tamperproof.

Divx (not the codec) was never cracked. Too bad no one has the chance to try anymore; it was cool.

Re:This shouldn't even be possible

[Junior+J.+Junior+III]

To my knowledge, nobody has EVER successfully made anything digital tamperproof. DVD players, XBOX'es, Cable modems, Play Stations, all have been hacked. So why on earth do they keep trying?

Because it's not about tamper-proofing, it's about making things tamper-resistant. If they can deter a portion of people from hacking a device, it's considered a win. Some dedicated fraction of a percent may still hack successfully, most people won't, and they're the people they'll continue to make their profit from.

The only arena this isn't true is in copy protection, where defeating copy protection measures once means that the file can be copied infinitely without re-hacking.

Re:This shouldn't even be possible

[3Daemon]

Sure it's illegal to drive at 150mph (most of the time, anyways). And that is perfectly sensible. But it is, and should be, legal to have a car capable of it.

And it is illegal to shoplift as well it should be. But it's legal to have pockets you could use for shoplifting.

And I think it should be legal to hack your modem as you see fit. That does NOT necessarily mean you should be allowed to remove caps on it.

My main beef is that most businesses decide to fight the hacking itself, not the illegal/imoral/not-allowed-by-our-agreement uses of that hacking. This is has proved pretty ineffective at stopping abuses, and it does seem to create a lot of collateral damage. (Ref the whole DeCSS saga, DMCA etc.)

(I realise I was a bit unclear on that in my first post - sorry)

Re:This shouldn't even be possible

What, is it impossible to limited bandwidth per IP address or a group of IP addresses?

Re:This shouldn't even be possible

> Here in Sweden the caps aren't in the modems and quite frankly what kind
> of idiot ISP would do it this way?

Technically it is better to have the cap in the modem, and thus distribute it. That saves a lot of computing time on the ISP side, which then only routes the packets (but doesn't have to filter and count them).

Socially however you are right, capping at the clients side invites to uncap. So in real world scenarios it is better to cap at the server side, which means more sophisticated and expensive equipment.

Re:This shouldn't even be possible

[gl4ss]

I'm all for hacking the thing to add functionality that's useful(better port forws & etc), but uncapping is like tampering with the water usage gauge.

Re:This shouldn't even be possible

[srvivn21]

http://computer.howstuffworks.com/cable-modem.htm/ printable. Tons is defined by the cable company. Kludges are built into the DOCSIS standard. Rate limiting is no longer only handled at the cable modem itself.

If your cable modem experiences slowdowns at peak hours, blame the company, not the product.

Re:This shouldn't even be possible

ADSL is also a shared bandwidth Technology. The trunk line going into the CO has x amount of bandwidth. SDSL and IDSL have guaranteed bandwith with their provider. The left over is a big shared blob of ADSL. Also the majority of ADSL providers only guarantee 128/128 kbps, read your contract. Or they provide a best effort.

OH ya I provide tech support for DSL, that's how I know.

Re:This shouldn't even be possible

[Jarnis]

I was talking only about the link from your home to the nearest DSLAM. The portion of the pipe that actually uses the ADSL Technology.

SDSL/IDSL/ADSL bandwidth guarantees are completely up to each provider. Point is that with ADSL all kinds of limitations can be set up very easily, and they cannot be 'hacked' without breaking into telco systems and/or premises. SOMEWHAT harder than hacking up your cable modem - since using cable modem technology, commonly it's the end user's modem that is limiting the speed to the level that is sold to you (opening up the potential for clever hacks to circumvent this)

Crappy DSL providers may have oversold their trunk capacity. At least my ISP has *so* much pipe within the country (Finland), that what they sell you (512k? 1M? 2M? 4M?) is what you get. It's not *guaranteed* in the contract, but in reality assuming the server you are accessing has fat enough pipe, you are constantly limited by the service level of the DSL you are paying for, and not some crappy backbone connection that is oversold thru the wazoo.

Of course we pay thru the nose for this service compared to some providers in the states, but hey, I prefer to pay fairly for some good service.

Re:This shouldn't even be possible

[tswann01]

Here in Soviet Russia, improved firmware releases cable modem hackers.

Re:This shouldn't even be possible

[evilviper]

That's what is so cool about the DSL world, everything happens on that DSLAM, so the telco has control over your speeds.

No, I'd say it gives them more ability to exercise totalitarian control over your connection. Not too cool.

Let's say you upgrade to a faster speed... Well remotely push an update to the port card you tie into that's in the DSLAM, then push an update to the modem and bam... You speed is upgraded.

Not always so easy... Often, there are several people connected to the DSLAM, which is only connected to a single T-1 line (or whatever)... Increasing speed may require a lot more work than just a remote configuration change.

Secondly, I absolutely hate crappy ISPs that want to cap speeds. For $50/month (same prices as every other DSL provider in the area--but they limit your bandwidth to snail speeds) I get an uncapped DSL connection, that goes just as fast as the line can handle. Go Earthlink!

Re:confused: do ya want speed or reliable speed?

[unfortunateson]

Of course the other baffling half of this is, while Comcast is putting download hogs under their thumb, they're making it easier to be a download hog: At the end of January, they raised my cap from 1.5M/128K to 3.0M/256K (altho DSLreports only rated the up at about 160 at that moment).

Which would you rather have: possible bursts of 3MB/sec or dependable 1.5MB/sec? I'd rather have the latter if I want to do VOIP, streaming webcam conferences, etc.

Content filtering on outoging packets?

[G4from128k]

It would be nice if these enhanced firmware systems provided some level of content filtering on outgoign packets. A simple test would see if key passwords, financial account numbers, or a honeypot file name were in any outgoign packets. If so, the modded device would kill the outgoing packet and log the destination.

Re:Content filtering on outoging packets?

[way2trivial]

so how then, would you USE account #'s or passwords..
to check my bank account balance, I must type in my acct# on their website.
this information goes to them in packets

Re:Content filtering on outoging packets?

[G4from128k]

so how then, would you USE account #'s or passwords.. to check my bank account balance, I must type in my acct# on their website. this information goes to them in packets

Those packets would encrypted (or should be encrypted!) on the computer so the cable/DSL modem would not filter them. This content filtering would only catch plain-text transmissions of valuable data. I suppose it is possible that malware keyboard logger or a backdoor-using blackhatter could use an encrypted connection, but that seems like more hassle on their part than they would bother with. Anybody breaking in through a plain http, ftp, telnet, etc connection would be detected when they tried to access any honeypot files.

Re:Content filtering on outoging packets?

Use SSL. The account numbers or passwords will be encrypted, not in the clear, and therefore will not be stripped by the firmware.

This should be way too trivial to see.

Re:Content filtering on outoging packets?

[wampus]

Today's comments are brought to you by the letters S,S, and L.

Re:Content filtering on outoging packets?

[robknc]

There is already pc based software out there to do this.. If the cable mso did it then it would probably be used for the tftp config files.. which wouldn't work.. the md5 passwords are encrypted, and i think implementing this would probably cause problems when the modem attempted to retrieve it's config file..

Doesn't sound wise..

[stratjakt]

Could the cable company not quickly whip something together to scan all of their subscribers modems, and have a list of uncapped/hacked boxes in their hands within a few minutes, hours tops?

Or even better, can hackers reach this shell from the outside?

Sounds like a good way to lose your service and wind up in court.

Re:Doesn't sound wise..

[robknc]

All a mso (cable co) has to do is go into their router and look at the QoS profile table.. It has a different number for every upstream/downstream combination.. So if you are using a combination they don't offer it's pretty easy to see.. They can then locate the modem with that QoS profile and find out which customer is doing it.. But if you were to uncap your modem to say a business class speed (if this is even offered) and/or put it at the max up/down combination they probably wouldn't catch on. I used to work for Charter as a HSDT and I hacked my own modem with 10mb down 10mb up.. you still don't see those speeds.. I would get at the most 800mbps down and 600mbps up.. 1.5mb service gives about 180mbps.. then again most servers out there can't even push to you much beyond 400-600mbps.. And running any kind of game/file/etc server with an uncapped modem would be asking for it.. When the new DOCSIS 1.1 and 2.0 is implemented it will make all this much more difficult.. so much so that the average person wouldn't think it was worth the trouble..

Is it "bad netizenship"?

[djeaux]

Leaving aside the Sir Edmund Hillary rationale for hacking anything ("Because it was there") which is probably the #1 reason for any slashdottoid to crack out the soldering iron anyway, I have to wonder if this would be like circumventing any other speed limit. Aren't roadway speed limits set partly for safety & partly to control traffic?

If everybody "uncapped", would the result be enough net congestion that everyone would wind up getting "capped" speeds again? Is this a netizenship question?

As far as the ISP detecting "uncapped" cable modems, which has already been mentioned on this topic, I'd have to offer that my local cable provider employs so many utterly inept techs that they have trouble detecting when someone hooks up an unauthorized line to the pole, much less a change in the modem itself. That's why I've stuck with DSL -- 2 years with zero downtime, including a hurricane, while my cable service is down 3-4 times a week.

Re:Is it "bad netizenship"?

[JeffTL]

Cable TV down 3-4 times per week? You may need to have your wiring checked.

Re:Is it "bad netizenship"?

[just+some+computer+j]

It is true that cable is capped to control traffic, but usually is it because of the size of the pipe at the headend of the cable line. Most cities have at least a T3 line, some have OC-3, but I haven't heard of anything bigger than that. One ISP I worked for had 4 T1 lines, with only one of them dedicated to cable customers for their broadband.

And if your cable modem was going down 3 or 4 times a week, from experience I would say the cable in your house wasn't up to snuff, or the node that you were connected to with all the other houses in your neighborhood was not powerful enough. And I would agree in that most ISPs' don't do very well with tech support. Most of the people that you will talk to on the phone are salepersons, not techs. If you really want to talk to a tech, most generally, you have to ask for one. TW in the city I live does a pretty good job, but a lot of people in this city can't stand DSL, because SWB didn't do a good job laying out their network.

Either way, we all won't be happy until we get fiber to the house. But even then, we are still going to have problems.

Re:Is it "bad netizenship"?

[djeaux]

You may need to have your wiring checked.

Several times. The problem is several blocks away from my house at an amp.

For background, I have operated a local access cable channel for a church for over 10 years. It is unique in our region in that it has a reverse feed set-up. For two years, we had frequent outages on the feed from the remote site to the cable company's head end. Turned out to be a line amp midway between the two locations; it had been set to amplify the regular channels but not the reverse feed.

In this case, the cable company lines & head end hardware have changed ownership several times. The new company employs nobody who was involved with the original set-up. When they "went digital" a year ago, it was a Chinese fire drill...

Re:Is it "bad netizenship"?

Stop blaming the amp on your problems. Blame Satan instead.

HTH

Re:Is it "bad netizenship"?

[JamesD_UK]

Leaving aside the Sir Edmund Hillary rationale for hacking anything ("Because it was there")
That was actually George Mallory who died whilst climbing Everest on June 6, 1924.

Re:Is it "bad netizenship"?

[Swanktastic]

I have to wonder if this would be like circumventing any other speed limit. Aren't roadway speed limits set partly for safety & partly to control traffic?

No, i pretty much think this is analagous to tampering with your electric meter or rolling back your odometer.

Yes, a good tinkerer can do it, and the device (in the case of the car at least) belongs to you, but the whole point of the activitity is to defraud someone.

Re:Is it "bad netizenship"?

[slykens]

[offtopic]

Stop blaming the amp on your problems. Blame Satan instead.

In this case he is still accurate as in most cases Satan runs the local cable company. (Well, ok, maybe not Satan himself but one of his minions. There aren't many companies that can abuse their customers like the cable company and still have them come back for more)

Re:Is it "bad netizenship"?

[ari_j]

I'd always heard that speed limits were originally intended to improve overall fuel efficiency. Of course, now they're still there to generate BS citations and supposedly improve safety, but you have to consider the full history of a law before you can go making analogies with it.

If I'm the only guy on the road, and I am driving a vehicle that I am personally able to safely pilot through any possible obstructions on the road at X speed, why should I drive 0.5*X?

That said, if the terms of service suck and you signed them, then the "own damn fault" rule takes effect, and as long as their sanctions against you fall within what the TOS allow, they are in the right.

Not to mention that this isn't even a cool hack. Sure, they found a serial port that they weren't supposed to know about. But can it run NetBSD? ;-D

Re:Is it "bad netizenship"?

[djeaux]

THANK YOU! I knew it wasn't Sir Edmund but I couldn't find the correct reference. I am now changing my little list of quotes with your correction. :-)

Re:Is it "bad netizenship"?

I'd always heard that speed limits were originally intended to improve overall fuel efficiency

No, speed limits were *originally* imposed for safety reasons.

The national speed limit law of the early 70s (since repealed) was intended to improve fuel economy. But that had nothing to do with speedlimits on local streets, etc.

Re:Is it "bad netizenship"?

[ari_j]

Ah, that's what I get for being general. I meant on highways. :P

Harsh lesson for business

[Stiletto]

Lesson learned:

Don't stake your business on being able to place artificial limits on how users use a product they buy.

DivX learned this. The RIAA are learning this. the MPAA will learn it. And looks like broadband providers will soon learn it too.

Re:Harsh lesson for business

[Puls4r]

What harsh lesson learned? If you mean the one where all these folks who uncapped get their balls legally cut off, then yeah... I suppose you're right.

Re:Harsh lesson for business

And, I suppose, BMW will learn this and stop electronically limiting my car to 150 MPH?

Re:Harsh lesson for business

BMW doesn't STAKE IT'S BUSINESS on limiting your car to 150MPH. Please read the parent post again. You lose.

Re:Harsh lesson for business

Lesson learned:

Don't stake your business on being able to place artificial limits on how users use a product they buy.

DivX learned this. The RIAA are learning this. the MPAA will learn it. And looks like broadband providers will soon learn it too.

Oscar Meyer learned this.

Sniffing

[Quill_28]

So cable modem lines are shared.

If you got a shell from the modem, could you then sniff the traffic?

Just curious.

Re:Sniffing

You can access the cable modem via a local web page like an ADSL modem by setting the ip on the network card to a specified one and you go to the page. Read the manual . its there.

You get advanced settings. Try the manufacturer of the modem and download a config tool, my ADSL modems maker has them.

My cable modem is the same.

Re:Sniffing

[milgr]

More than a shell is required for sniffing traffic. I don't know what comes with the box, but typically the network drivers must be set up to sniff the wire in promiscuous mode.

Additionally, as the article indicates, the current cable modem standard supports encryption - so sniffing won't be so useful if it is turned on. The newer version of the standard has encryption turned on by default.

Re:Sniffing

[DOCStoobie]

the cable modems themselves run on a prive IP network, and have access-lists to only talk to certain IP's on the CABLE interface, so, without hacking either the provisoining server, or the CMTS(cable modem termination system) you will NOT be able to access the cable modem itself. Now, if you were able to fool the modem into thinking that YOU are the provisioning server, and either change frimware or config file, the CMTS will detect that, and force the modem to "update" its config/firmware, setting it back to the cable co.;s configuration ... at least thats how MY cable co.'s system operates.

Re:Sniffing

[DOCStoobie]

you can get to them that way also, but can't make any changes, it simply shows you the TX and RX level, MAC addresses, IP leases ETC.. Diag only...

Re:Sniffing

I most definately can make changes to my ADSL settings and I can change a hell of ALOT. I have yet to try my cable modem.

Re:Sniffing

[Quill_28]

Good points.

Re:Sniffing

[evilviper]

If you got a shell from the modem, could you then sniff the traffic?

It wouldn't be as simple as that, but yes, you could sniff all traffic from your local neighborhood... This is one reason why cable modems were considered so massive of a security problem in the past. With the DOCSIS standard, your modem is also a bridge, so local access to that data is very difficult. You would have to have firmware specifically made to forward all traffic.

Additionally, you can do things that are much more fun. For instance, where you are on the same subnet as others, you can get through any NAT box, trivially. This does not work if their NAT box has stateful packet-filtering (and it is enabled), but since Linux's IPFilter/IPChains doesn't really support state (experimental patches only), and few embedded devices have stateful packetfilters, it would likely work 95% of the time. Hack your modem and you can browse around people's internal networks, no real technical skill required.

It's of no moment

[picklepuss]

It's interesting today, but it won't last. I wouldn't really bother with it. If the ISP is capping it at the modem and users find a way around it, the ISP will just figure out a way to cap it in a different place - they'll probably put the cap on the other end of the pipe where they have absolute control of the firmware/hardware.

I do think it's an interesting attack on the Cable providors who have an undocumented bandwidth limitation that they enforce. One would think that a potential benefit would be an increase in the number of people who are diconnected due to this invisible marker, and some court enforced clarification/disclosure of limitations. Sadly, the activity is obviously illegal, and therefore any potential long term gains from this kind of activity are rendered unachievable.

Re:It's of no moment

Is it possible to uncap my modem in such a way that the cap remains in place for all IP addresses except the other cable modems in my area ? All I really want to do is get huge bandwidth to a nearby collection, which is only 5 blocks away. If I could do this, hopefully it wouldn't cost the cable company any money in internet bandwidth and they also wouldn't notice.

If you have an advertisement that was mailed to your house, which (for example) advertises a cable service "50 times faster than a modem", and your service is NOT 50 times faster, then any time the cable company complains about you running servers you can counter-threaten to report them to the Postmaster General for mail fraud; this will usually shut them up.

Similarly, I wonder if there advertisements might be used against them in this case -- mod your modem, and then just send them a certified letter telling them up front that you did it and that you had to do it to get the advertised service which you paid for.

Re:It's of no moment

[kobaz]

Your post is so pathetic I don't even want to explain why it is, but I will anyway. Any bandwidth increase from any cablemodem will cost the cable company more money.

Its simple: You use up more bandwidth, you pay more (Unless you are withen your allocated limit that you are already paying for). Thats how it works in the real world.

As far as advertizing/mail fraud? Roadrunner advertizes their services as UP TO 50 times faster. If you have say, a 56k dialup maxing out at about 6k/sec and you switch to a cablemodem that you can max out at 300k/sec then you have gotten yourself a line that is 50 times faster. But if you only get a cable hookup that gives you 100k/sec, it still meets the advertizement since your getting speeds UP TO 50 times faster.

So, if you want to uncap your modem, go right ahead, you should hopefully like dialup because thats all you will be able to get after they ban you.

This won't last long

[Knightsaber2003]

As soon as someone from Motorola reads this, they'll be popping out new firmware to cable ISP's right quick. It's quite easy for the ISP's to push this out in a night or two. I do it for a living :)

Re:This won't last long

[Peridriga]

IDDWYDFAL (I don't do what you do for a living) but, couldn't it be possible for the flashed firmware have a option to refuse to allow a pushed firmware update?
Since essentially they are overwriting almost all of the programable material on the boxes wouldn't this be simple task?

Although you'd run the risk of your ISP saying if (modem.firmware != current_version) {disconnect_service}, I'd say that'd effect their QoS if some of the customer boxes didn't accept the update.

Re:This won't last long

You're actually wrong. The modified firmware disables remote updates. HA!

Re:This won't last long

[arctan1701]

hmmmm... i own my cable modem. my contract says nothing about allowing my cable company to access my computer systems and make changes. shouldn't this be a form of hacking/terrorism and be punished by death as it is for the rest of us?

Re:This won't last long

[tomcio.s]

No it isn't as simple as that in most cases.
See, in deployed network, where you don't have physical access to the box you can't afford to not be able to communicate with it.

So a company like Motorolla would not allow this to be a 'changable' option in the first place.

Re:This won't last long

Not at all. You make the wrong assumption that you live in a place of and for the people. You do not. You live in the first stages of a corporate state.

Re:This won't last long

of course your modem will also not be issued an IP next time it requests one, then the isp says 'HA!' right back at ya

Re:This won't last long

[confused+one]

It's not expressly in the contract; but, is built into the DOCSIS standard. Use DOCSIS modems and expect the ISP to have remote control. Like it or not.

Re:This won't last long

[Knightsaber2003]

Simply put, if the 'bad' firmware refuses to allow a push, the ISP will just plain refuse the MAC address. Sure, it'll be uncapped until someone notices...and that doesn't take long either.

This is the US

We have to reserve a certain portion of all economic activity for our lawyers, else they're likely to run wild in the streets and start chewing the tires off cars.

With caps inside the cable company's network, there would be no oppurtunity for legal disputes and the resulting lawyer's fees....

Cheap VxWorks development system?

[jerryasher]

For engineers eager to gain VxWorks experience inexpensively, how reasonable a development platform is this modem?

Re:Cheap VxWorks development system?

[Quasar1999]

Umm, you are aware that VxWorks runs fine on an x86 based PC? Why muck around with a modem and hacking, when you could install VxWorks on a PC and worry about learning the system, not hacking the hardware.

Re:Cheap VxWorks development system?

[the_mad_poster]

Why muck around with a modem and hacking, when you could install VxWorks on a PC and worry about learning the system, not hacking the hardware.

I'm sorry, sir. You seem a little lost here. Are you aware that this is Slashdot? :-)

Re:Cheap VxWorks development system?

[jerryasher]

Last time I checked (3-4 years ago), VxWorks was not available for downloading. I assume by your post that that has changed. Glad to hear that.

Re:Cheap VxWorks development system?

VxWorks costs thousands of dollars. I needed it once for a special network processor(IXP1200) that had an ARM core on it but had to use Linux instead.

Re:Cheap VxWorks development system?

[The+Vulture]

As far as I know, vxWorks is not freely available. The company that I work for pays for it for use in their products.

What the poster meant is that there are several variants of vxWorks available. There are variants for MIPS and ARM (which most cable modems are based off of nowadays), PPC and x86. So, you can run vxWorks on an x86 if you want.

-- Joe

Re:Cheap VxWorks development system?

[jerryasher]

It's certainly the case that to distribute the OS you need to buy it.

If you are joe random programmer that wishes EXPERIENCE developing VxWorks applications, there are no downloads I can see on the WindRiver site to download the x86 Intel version for learning.

So if I can pick up this modem for $100, get to a VxWorks shell with the new firmware, then potentially I have access to an experimental VxWorks development platform (one with at least two ethernet ports to boot!) that I don't think I can obtain otherwise from WindRiver or elsewhere.

Re:Cheap VxWorks development system?

[tippen]

It's not a development platform at all. It doesn't include compilers or other development tools...

Re:Cheap VxWorks development system?

[The+Vulture]

I won't comment on the legality of this, because I'm not a lawyer. I don't know if it's legal or not.

It's quite possible that it would be a decent vxWorks development platform. WindRiver uses patched version of GCC (the patches mainly apply to specific variants of the processors), and I personally find the GUI project maker of Tornado (the client side tools of vxWorks) to be absolutely awful. Makefiles work much better.

However, in order to actually compile applications, you'll need the static vxWorks libraries, you'd have to figure out a way to extract them from the cable modem binary (I don't know anything about Motorola's firmware file format, so I don't know if you can do this or not) in order to link, short of buying the development environment.

So, it might help you learn some stuff about the vxWorks shell, but maybe not much else.

-- Joe

so the question becomes

[The+Tyro]

Why do this on a shared medium, particularly one you have to share with your neighbors? I like my neighbors, and I get almost 3.5 megabits down, which is pretty quick. Plus, my neighbors know I'm the cul-de-sac computer geek, and they'd probably come to me if their connections slowed to a crawl. What am I supposed to do? Play dumb when they ask me if I know what's up with their slow connections? That's pretty weak... and looks even weaker when the cable company tells my neighbors that someone in the neighborhood uncapped their cable modem... Hmmm... wonder who that person could be?

Sorry, but there's very few things worse than being a weasel.

Yeah, it's great to have m4d bandwidth, but you're really paying for a shared resource, and I think most people know that. Don't get me wrong... I appreciate the value of a good hardware hack as much as the next geek, but if you're using it to siphon huge amounts of bandwidth from your neighborhood node, that's a problem.

If you need huge, dedicated bandwidth, I'd say buy a T-1 line, or pay for a business-class account.

Re:so the question becomes

[ShavenYak]

If you need huge, dedicated bandwidth, I'd say buy a T-1 line, or pay for a business-class account.

Erm, a T1 is only 1.544mbps. That's hardly huge, dedicated bandwidth. It's about the same as the average cable cap. It sure isn't what the uncappers are shooting for.

Re:so the question becomes

[senatorpjt]

If you need huge, dedicated bandwidth, I'd say buy a T-1 line, or pay for a business-class account.

Do you actually think they run another line for a business-class account? You just get a bigger piece of the pie. Really, i'm satisfied with the downstream I get, but I'd really like to be able to raise my upstream. They always say "People use more downstream than upstream", but if that's the case, why do they need to cap it so low? Sure, for browsing webpages, but for remote access to my home machine, it sucks ass.

Re:so the question becomes

Then get the business class line. If you're doing more than web browsing or online games that chances are it's work related anyways. In your case it is. :) Time warner business class around here is maybe $100 more but you get 5 mbit up/down.

Re:so the question becomes

[FictionPimp]

Screw Downloads, I just want to upload files to my friends faster then 16k without loosing my 3 meg downstream why can i download an iso at 600k plus, but can't send a zip to a friend in less then 10 minutes?

Re:so the question becomes

[Fulcrum+of+Evil]

Erm, a T1 is only 1.544mbps. That's hardly huge, dedicated bandwidth.

Um, that's exactly what it is - you can get a T1 and max it out all day long. Your provider won't complain or threaten to cut you off - they'll just send you a bill.

Re:so the question becomes

Sorry, but there's very few things worse than being a weasel.

Whats that? Civic responsibility? Goddamn pinko, commie, anti-American. Don't share, take as much as you can as soon as you can, and badmouth anyone who tries to stop you. Get with the program, man

Re:so the question becomes

[Tassach]

T-1 is 1.5M down/1.5M up, on a dedicated connection. Comcast's standard offering is currently 3M down/256K up on a shared connection, which is more or less typical for cable modem. Remember that a basic T-1 package will almost invariably have a SLA guaranteeing that you won't have more than N minutes of downtime per month, at least 5 static IP addresses, and a noticable absence of draconian/asinine AUP terms. Of course it's going to cost roughly 10X as much as a cable modem connection, but it's well worth it if you really need those extra features. Of course there's SDSL if you're close enough to your CO, which can give you the same features as a T-1 for about 1/2 the cost. The Covad web site has rates posted, if you want to see real numbers.

Re:so the question becomes

[Awptimus+Prime]

Do you actually think they run another line for a business-class account?

I think that's the point, exactly. There are others paying for the bandwidth, while some kid with a hacked firmware is, in essence, stealing it.

Just because it's there, does not mean it's there for the taking. If you need the extra bandwidth, don't steal it. Buy it.

Also, just because the cable modem ring concept is flawed and difficult to control, by design, that does not make it justifyable to steal from them any more than it does to steal from music artists by downloading Mp3's. If you are going to be a criminal, don't play like it's not wrong. Accept that it's wrong, and get your kicks on the idea you stole something. That's less sick than the relentless and asinine justification I see all through this thread.

Re:so the question becomes

[jpmkm]

Every damn type of connection is shared, they are just shared at different levels. DSL is shared at the isp level but there is still only so much bandwidth to go around. If a cable segment is legitimately getting overloaded then they add a run to balance it out. If a segment is illegitimately overloaded by people modifying their modems then they cut that person off. Yes, dedicated likes like T1s don't have to share bandwidth with anyone, but you pay the price.

Re:so the question becomes

[BLKMGK]

Actually to me th question becomes - what can it do OTHER than uncapping? Are there any legit uses for this? The article mentions the possibility of firewall and NAT but that's not yet done. What else does it do NOW?

Re:so the question becomes

[nolife]

Why do this on a shared medium, particularly one you have to share with your neighbors?

All bandwidth is a shared medium. DSL to your house is not shared between you and the CO but that unshared segment is useless. Everyone in your neighborhood uses that same CO and you all are sharing the pipe the CO has. Not much different then a CM. I'd imagine a T1 from that CO to your house would share the same upstream also. If your CO has a good pipe you may not notice it, if it is small, you all will suffer the same. I do not know under what conditions the responsible CO party decides that the CO bandwidth needed upgraded but I'm sure /dev/random plays a role.

Re:so the question becomes

[thedillybar]

But DSL providers, for the most part, have enough bandwidth at the shared level to meet everyone's individual needs.

For example, if I have 10 customers with 768 down, I start with 2304 (768*3) total. If the customes overload that on a regular basis, I can increase it until they don't. Problem solved.

Cable providers have 1 line going to a number of people. There's a max speed on that line. Whatever they do, short of running another wire on the poles, they can't increase the bandwidth.

It's certainly not as easy for a cable provider to increase the "shared bandwidth" as it is for a DSL provider.

Re:so the question becomes

[thedillybar]

I heard "VxWorks shell" so I'd imagine you could run whatever processes you'd like on it.

Might be useful for the few geeks they don't leave their machines on 24x7.

Re:so the question becomes

[WNight]

Actually, cable is rarely ever bottlenecked in the local loop. The speed cap is applied to the "modem", not to the line. The line is still much faster than the backbone connection to the internet. You really can't max out the local loop (unless you're file-sharing with neighbors) because you're bottlenecked by the internet connection.

It's very rare that cable users (or DSL) can't max out a speedtest page at their ISP website, at least to their programmed limits. It's when you go out to the internet and find that your cheap-ass ISP bought a single T1 for your half of the town that you get the lag.

Re:so the question becomes

[aelfwyne]

Hey, the same applies for DSL. SBC DSL - you can max it out all day long and they don't complain either. And with the new packages out, the speeds are the same as cable at around the same price ($45 for 3.0 mbit, and arguably 6.0 mbit if you listen to the techs on dslreports).

Seriously, why people insist on sticking with cable when the providers are treating their users like this I don't know.

Re:so the question becomes

[aka1nas]

You're also assuming your non techie neighbors understand that their bandwith is shared among the node. I doubt most of them do unless they had a techie friend who told them and they actually remembered it.

Re:so the question becomes

[Fulcrum+of+Evil]

Hey, the same applies for DSL. SBC DSL - you can max it out all day long and they don't complain either. And with the new packages out, the speeds are the same as cable at around the same price ($45 for 3.0 mbit, and arguably 6.0 mbit if you listen to the techs on dslreports).

I doubt that. $60/mo doesn't even cover bandwidth, and just forget about an SLA (important if you're running any sort of business). Try $600-800 per month.

Re:so the question becomes

[Pointer80]

Can you provide some links to the thread(s)?

/pointer

Re:so the question becomes

Being an End User, You're not going to get medium that's not shared at some point. It's a matter of what teir your provider's SLA falls with-in. If you have a Dedicated T1, chances are your ISP is a Teir 1 provider that provides an SLA guaranteeing you the maximum out of that T1. Cable and DSL companies are not Tier 1 providers and therefore add disclaimers to their advertised speeds. Trust me the Pipes going to a CO are going to be more then enough accomodate yours, your mommas, and your great-aunts gardners 768kbps SDSL. The point is, DSL and Cable companies have alot invested into no over-subscribing their systems. When some ass clown comes in pee's in the community broadband pool I hope his ass get's shut down.

Re:so the question becomes

[ShavenYak]

Doofus, I can max out my 2mbps cable all day long and my provider (Charter) won't complain. Neither will I, since I'm paying 1/10 the cost of the T1 for more bandwidth. If I weren't satisfied with that, and wanted to uncap my modem, how exactly would getting a T1 instead of cable help me?

Re:so the question becomes

[jandrese]

If you want to look at it that way, we are _all_ sharing the internet bandwidth right now. Even the guys who hook directly into the backbones. The difference is that it is far more economical to run high bandwidth pipes to the CO than it is to run them to every cable modem customer's home. The Cable modem guys have to share a less bandwidth with more people in the end.

Also, (to draw an analogy), Cablemodem is like an hub, while DSL is like a switch.

Re:so the question becomes

[senatorpjt]

I'm unemployed.

Re:so the question becomes

[ViVeLaMe]

because with cable technology, upstream is f'in *rare* and expensive.
Be a *real* geek, and discover how things work. For example, go take a look at this.
Notice it has 2 downstreams, and 8 upstreams.
Each DS is around 35M (average, depends on frequencies, modulation, and so on.).
Each US is around 1.5M (average, depends on frequencies, modulation, and so on.).
check out the price of those cards. Your cable provider would need 1 of those for each 8 morons who uncapped their upstream (you can't use more than one US channel with one cable modem).
They simply can't afford this, for the price you pay, and hope to make a buck.
Oh, and for uncappers everywhere.... On DOCSIS, you may uncap your cablemodem, you may disguise it cleverly, but it *still* shows on the routers.
I should know...I work at a cable network operator and i'm currently working on the automatic and periodic check *on ther routers* of the negociated DS/US by each CPE with the CMTSs, wrt to subscribed down/upstream plans.
Some people are in for a major spanking, and the end of their service.

Re:so the question becomes

[thedillybar]

Then why do people generally complain more about cable slowing down than DSL slowing down?

Is it just because more people use cable? Or do the cable companies think they'll make more money with their current structure, while the DSL companies think they should upgrade bandwidth to meet the customers needs?

It seems that with so many different cable/DSL companies, if the problem was company policy, then you would see it in both cable and DSL connections. It seems that it's only visible in cable connections as of right now...

Re:so the question becomes

[ryanvm]

Sorry, but there's very few things worse than being a weasel.

Weaseling out of things is important to learn. It's what separates us from the animals. Except the weasel.

-- Homer Simpson
Boy-Scoutz n the Hood

Re:so the question becomes

Its a myth put out by the DSL companies who want to sell more connections. They're all shared somewhere down the line.. But it's true, you should always be able to get very near your cap when downloading from a local page.

Re:so the question becomes

[senatorpjt]

Just because it's there, does not mean it's there for the taking. If you need the extra bandwidth, don't steal it. Buy it.

Fair enough. It seems that if I wanted to double my upstream though, it shouldn't cost more than double what I pay for "home" service, especially considering I wouldn't be getting any additional downstream bandwidth. I'm not unwilling to pay for it, but I am unwilling to pay what they're charging. I don't uncap, I just come on slashdot and bitch about the price of cable service.

At least from Time-Warner, the "Business" class cable is a complete ripoff for what you get in addition to the "home" service. For instance, I feel what Speakeasy charges for 3.0/768 is reasonable ($100/month). Unfortunately, Speakeasy doesn't offer service here, so refer to the previous paragraph regarding bitching about cable.

This is part of a broader trend that really pisses me off, which is "Home" being sort of a codeword for the absolute bottom-of-the-barrel shit for the lowest common denominator. How many of you who use Windows use "XP Home" at home? The same goes for Dell, when I went to look at buying a laptop on dell.com, if you look at "Home" they only have the lowest-end laptops listed. I had to go to "Small Business" to see the good ones, which are certainly not "too powerful" for home use.

(An exception to this, I bought a "business" computer in 1996, which actually was - it was FCC Class A. I never got any complaints from neighbors, though. :)

I don't think it's inconceivable that someone doesn't want good hardware or service just because they're not at work.

Roadway speed limits are revenue makers

If traffic laws in the US were really designed for traffic control and safety, we wouldn't have 55 MPH speed limits on roads designed for 75 or 80. Nor would we have red light cameras that trigger 2 seconds after the light turns yellow but before it turns red.

We'd do like Germany does: enforce keep-right-pass-left so we wouldn't get the Los Angeles knuckleheads who cut an overloaded SUV doing 45 MPH across five lanes of traffic that's doing 70 MPH just so they can sit in the HOV lanes and go 50 MPH.

But let that car get in the HOV lanes when the line is solid instead of dotted and we fine them $271 or more.

Re:Roadway speed limits are revenue makers

[cayenne8]

Yup....I'm willng to bet, if the revenue was directed away from the police themselves...say, to a fund that went back to drivers that didn't get tickets that year...that the emphasis placed on sitting out and hiding around a blind corner to catch you going 10-20 over the limit would turn to something more positive.

Maybe like cruising bad neighborhoods looking for murderers, thieves and crackheads and cleaning them out of those neighborhoods so they'd be nicer places to live?

Surfboard

I had a Motorola Surfboard.

It died.

The guy who came to replace it (with a cable modem from a different manufacturer) said that he replaced quite a few dead 18-month-old Surfboards.

Re:Surfboard

[Walker2323]

I work for a cable company doing Internet installs, and in the 5 months that we've been using the 5100 Surboards, I've yet to replace a faulty modem. Far more reliable than the Terayons.

Re:Mindless

I forgot to add that the tcniso group (DerEngel) fell into (?federal?) pressure and now has backdoors in the firmware, not to mention blocking irc.fibercoax.net and www.fibercoax.net with their firmware. It's really silly.

Spam

[Bill,+Shooter+of+Bul]

If you make Spam a crime, then only criminals will have Spam. And that would be a tragedy that our fragile repulic could ill withstand.

How to handle uncappers fairly?

[lordmoose]

Okay, I work for a cable ISP. We don't want to send jack-booted thugs to shake down some 13 year-old kid who's just hacking to see what happens (I've been down that road myself). What is the best way to handle someone who uncaps their modem?

I'm not the SysAdmin, just a concerned employee.

Re:How to handle uncappers fairly?

[base3]

Cut off the user's service, and when they call, say that you noted a "network anomaly" and will need to reset their client equipment. Reset the parms, turn the service back on. No accusation necessary, and the subscriber will probably get the message.

If it were to happen a second time, it would be time to either permanently cancel the user or escalate to less subtle threats.

Re:How to handle uncappers fairly?

[PhuCknuT]

Cap it again, send them a warning that they are being watched and they WILL lost their service PERMANANTLY if it's done again, and make sure you keep an eye on them and enforce it.

Re:How to handle uncappers fairly?

stick a shotgun barrel in their mouth and say...

"do you feel lucky punk?...."

at least that's what it says in the comcast employee handbook....

Re:How to handle uncappers fairly?

[DOCStoobie]

Well, you do what my cable co. does and make uncapping impossible using "source verify". It verifies the source of the frimware and config, and will only allow modems that are set up properly to work....

Re:How to handle uncappers fairly?

Send them a registered postal letter letting them know they're in volation of TOS and what it may lead to. However, let them know they're not in trouble as long as they don't do it again.

At least, that's what I'd do.

Re:How to handle uncappers fairly?

To do it fairly requires:

1. a good upstream end (high end CISCO)
2. A "fair share" scheduler

The goal of the "fair share" scheduling is to make a history of usage part of the scheduling. Packets are "delayed" in delivery until the users "fair share" limits are reached.

If the bandwidth maximum has not reached, then everyone gets full speed, BUT their usage is tracked. This tracking also involves a decay function to subtract from the usage.

When the bandwidth reaches maximum, the individual destination packets are delayed by an amount proportional to the current "usage" level of that destination. Since new connections (or idle ones) decay to a 0 usage, they end up getting preferential treatment. Once saturation occurs, the heavy usage distinations are delayed while the new connections accumulate usage.

It is similar to a priority heirarchy - no use - high priority... high usage - low priority. Over time, all usage becomes balanced, and the maximum bandwidth becomes shared among all targets.

The usual difficulty in "fair share" algorithms is in determining the "decay" function. Since it is time based you have the number of seconds vs consumed bandwidth. You also don't want it to delay too long (you want the packet delayed in the 10-500 ms range, but the packet itself transmitted in as short a time as possible).

You are shaping the traffic.. And I thought this was part of the newer routers...

Re:How to handle uncappers fairly?

[bhima]

Bill them for excess bandwidth used. It's only fair! I have fair use bandwidth during day and open in the middle of the night. all for about 45 euros per month.

Re:How to handle uncappers fairly?

Extrapolate the monthly service fee based on the bandwidth they're consuming. When mom and dad start getting huge cable bills, something's going to give.

Re:How to handle uncappers fairly?

[HeghmoH]

There should certainly be a less-subtle threat somewhere before permanent cancellation. It is utter bullshit if somebody pulls a stunt where they call you, say "we found some problem, can you reset your equipment?" with the hope that you will get the message, then cancel your service just because you thought your experiment and the phone call weren't related.

My high school pulled stunts like this, revoking my account whenever I violated rules which they never told me about, without so much as a warning beforehand. It's not a tactic worthy of a profit-making business.

Re:How to handle uncappers fairly?

"all for about 45 euros per month."

Man, if I had 45 euros, I wouldn't blow it all on a month of internet service. I'd buy a new car or something.

Re:How to handle uncappers fairly?

[CustomDesigned]

Modem capping should be viewed as a convenient service provided by the cable company to make it easy for customers to stay within the bandwidth limits of their service plan and avoid large bills - not a draconian limitation on their freedom.

The ideal solution would be to make sure your routers can accurately measure bandwidth usage, then make sure your contracts let you bill for usage beyond what the modem is capped for. When some 13 year old uncaps the modem for the first time, a courtesy call to the parents avising them of why the cable bill is about to increase would be in order.

After that, as long as they pay the bill and the money covers the increased cost, let them go at it. You might make sure that the same bandwidth via regular capped service is cheaper than the "a la carte" rate paid by uncappers.

One thing to watch out for is a deeper level of fraud. My aunt was billed thousands of dollars for 900 porn calls made by phreaks. The phreaks had hacked into the telco computers to bill their calls to unsuspecting customers. When relying on bandwidth metering to bill for "a la carte" expanded service, there is the possibility of those records being hacked by the truly evil.

Re:How to handle uncappers fairly?

[Frank+T.+Lofaro+Jr.]

Report them to the customer's neighbors and let them do the dirty work for you. :)

Re:How to handle uncappers fairly?

[The+Vulture]

If they find a customer who they think has uncapped their modem, have the support staff set their NAC (Network Access Control) in the config file to 0 (03 01 00). The modem won't be able to pass traffic from the machine(s) behind it, and the customer will surely call you to find out why they can't get online. This assumes that they're still pulling down a config file from you, if your tech team has the "shared secret" enabled, it should be virtually impossible for them to create/edit the config file themselves (because then the HMAC-MD5 digest won't be correct).

You can then talk to the customer in more detail to see what's going on.

-- Joe

Re:Mindless

Why is this marked offtopic ?

Um...I don't think so

[just+some+computer+j]

Why would I want to uncap my cable modem? The people that do this are playing Russian Roulete and eventually, they will shoot themselves in the head. Not to mention piss off the neighbors for slowing down their porn searches.

Not just uncapping

I'm primarily interested in this as I occasionally get problems with the intercepting http proxy on my cable modem and would like to disable it.

Re:Not just uncapping

[ides]

These are most likely separate issues. The proxy will be in your way no matter if your modem is uncapped or not.

Re:confused: do ya want speed or reliable speed?

[nolife]

Which would you rather have: possible bursts of 3MB/sec or dependable 1.5MB/sec?

Service in my area has not been burstable, it has been constant, so far..
I can pull my full 3Mb/sec at any time during the day or night on any day of the week. I have never seen a time when the speed delivered to my house was less then 3Mb/sec (or roughly 350-380KB/sec of actual downloaded data). My speeds are noted when pulling from Giganews which averages about 5 ms away. Speed tests to other sites like CNet vary widely and are not consistant as is any ftp or web site.

I work for a cable ISP...

[strAtEdgE]

... and I can tell you that this wouldn't work on our service. Nor almost any cable service. You would get cut off within the day you started to exceed your bandwidth cap.

As for the question "why is the bandwidth capping happening at the cable modem?", I beleive the answer is that it has to so that the CMTS bandwidth (the bandwidth on the cable plant between the modem and the cable router) is not used up. But that's not to say that the bandwidth you use at the cable router end isn't closely monitored. Hence why you will get shut off in no time flat when you start to exceed your provisioned bandwidth.

Re:I work for a cable ISP...

[drcobb]

If your employer is like most, your checks could easily be circumvented by frequently resetting the SNMP counters on the modem. Most providers only check the CPE snmp counters rather than running any sort of IP accounting on their end for speed/lazyness. In one instance I know of a provider that bitches if you transfer more than 1gig a day. I'm not sure about this firmware, but this problem was solved for a 'friend' by using an APC masterswitch and a cronjob resetting the modem 10 min before every time the snmp counters were polled by the ISP. I'm not sure of vxworks but several other firmwares for other vendor devices allow you to clear snmp counters on the fly...

Re:I work for a cable ISP...

[strAtEdgE]

Cable ISPs are, of course, well aware of this technique and have at least two good ways I know of to combat it. In short, I wouldn't recommend messing around unless you're willing to accept the risk of being religated to something other than cable... something which is almost certainly going to be slower, ironically.

Re:I work for a cable ISP...

[throbbingbrain.com]

You would get cut off within the day you started to exceed your bandwidth cap.

Are they watching for overall data transfer or burst rates? If my 256K upstream was uncapped to 3MB/sec, the daily/monthly transfer volume wouldn't change at all. Only a quick burst on the rare occasion that I send a file.

Running a 24/7 Kazaa server is a whole different story, of course.

Re:I work for a cable ISP...

[ViVeLaMe]

they're looking at "how much your cablemodem negociated with the CMTS", which is your max.
If you load a 10Mb/s config file in your cablemodem, that's what he'll have to ask to the Broadband router. And it *will* show.

No way!

[Prince+Vegeta+SSJ4]

in fact I've been getting the lowest latency ever ever! Look Out Duke Nukem Forever!

SEE!

c>ping -t www.google.com

Reply from 216.239.41.104: bytes=32 time=10ms TTL=244

Reply from 216.239.41.104: bytes=32 time=17ms TTL=244

Reply from 216.239.41.104: bytes=32 time=7ms TTL=244

Reply from 216.239.41.104: bytes=32 time=4ms TTL=244

Wooho^C^C%%$*&$%.Destination host unreachable

Mirror, anyone?

The server just died.

Anyone happen to have a mirror?

T1? Don't think so.

[jasonhamilton]

It's funny that you said "huge, dedicated bandwidth" and T1 in the same sentence, especially in this context. If you opted for a T1, you'd be limited to around half your current shared bandwidth, so your reasoning confuses me.

Re:T1? Don't think so.

[titzandkunt]

Hmmmm. So your cable provider offers 3mbps down/256kbps up?

Go for it: Try and max it out 24x7x365, while a T1 subscriber maxes out their 1.54mbs up/1.54mbs down.

1 month later, the cable subscriber will be...

a) Booted off the net.

b) Throttled down to dial-up speeds.

b) Both "a" and "b" while being offered a "Business" package for $$$/Month with no alternative.

...while the T1 subscriber is still pumping packets up and down at 1.54mbps.

T&K.

Re:T1? Don't think so.

[jandrese]

And the cable modem user will still be laughing at you for paying a 10x markup to support a SLA that you don't even come close to needing. T1s are priced for business that depend on constant support and can afford to pay through the nose for bandwidth. For home users it doesn't make sense at all, but no phone company I've ever seen offers a T1 without the SLA (which should reduce the price significantly).

They got too much attention...

[babymac]

Their site was pulled completely just moments after this story was posted:

http://www.tcniso.net/

Blame it of MyDoom

[Prince+Vegeta+SSJ4]

Cable Company: We must disconnect your service based on a violation of your service terms

Consumer: what do you mean?

Cable Co: You have hacked your cable modem and uncapped the bandwidth

Consumer: Who? Wha? Un-what? I haven't touched my modem

Cable Co: We show your upstream/downstream at 6Mbps/12Mbps

Consumer: Stream? My Modem is in the house

Consumer: I've heard about a bunch of new viruses or something, can they cause this?

Cable Co: Well, yes but

Consumer: Do you protect me from these viruses?

Cable Co: We try, but..Do you have Antivirus

Consumer: Yes, Norton Something or other

Cable Co: Are your definitions up to date?

Consumer: Yeah, I bought the latest version @ Compusa, they haven't come out with another one since March ......Click...no dialtone

It's great software

[sootman]

I just uncapped my cable modem and it's great! There is no way my ISP can stop me! Mwa ha ha h*&%$#@^NO CARRIER

cap?

[wfberg]

"So far, uncappers are apparently the primary consumers, and they're downloading up to 400 copies a day."

If they just downloaded it once, maybe they wouldn't exceed their cap?

No

[The+Tyro]

I know for a fact they don't run another line, because I purchased one of their business-class accounts for my corporation.

Why? Running servers for one, and I also get priority for bandwidth on the node, as well as better tech support (which I basically never use... calling tech support is a sign of weakness). Yes, it costs more, but I knew my utilization would be a good deal more than average, so I paid for the next level of service.

I personally suspect the uncappers are after some better upstream pipe... that's where residential accounts are seriously lacking compared to a T-1.

Hmm download tracking

[nurb432]

Suppose if they track which customers even download the firmware, then send you a nice letter ' we know what you have, better not use it if you want to keep your service'

Re:Hmm download tracking

[spiritgreywolf]

Yes, and that nice letter will open a s**tstorm investigation by every privacy pundit and activist group on the planet asking just exactly how much MORE information they are gleaning above and beyond their "nice letter".

I'm sure some people within the bowels of organizations like your ISP's collect data surreptitiously, but they usually aren't going to be stupid enough to let you know they do it. But I also must agree with another poster that said most people are simply too stupid to do anything with the information they could get.

I work in the medical industry. The access to private information people have is utterly frightening - even in spite of recent HIPAA privacy regs that threaten massive monetary injury to those that violate it.

Legalese docs are one thing to protect a corporate entity; what individuals do while "on the job" are something else entirely. And again, I doubt if even Comcast is that freaking stupid to kick out a letter like that.

You'll get busted

[Space_Soldier]

I don't know all the details of cable modem hacking, but even if you managed to uncap it and make it not report that it was uncapped back to the ISP, the ISP can still bust when they look at the logs/charts of traffic/unit of time.

Personal experience with uncapping

[CompWerks]

I have an uncapped cable modem and I swear they have never caugh

Re:Personal experience with uncapping

NO CARRIER . . . heh :)

Re:Personal experience with uncapping

[Hurklefish]

I didn't get it at first, but once I did, possibly on of the funniest things I've read at /. =)

CABLE MODEM MAC CLONING

[Aeorach]

Hey all.. the SecurityFocus email states that the Sigma creators blocked the VxWorks functions that allow the changing of the cable modem's MAC address. Does anyone know of any current possibilities for making that change?

Re:CABLE MODEM MAC CLONING

I'm pretty sure that as soon as you change your MAC, you are offline.

Re:CABLE MODEM MAC CLONING

use their old software, more info from the BETTER GROUP fibercoax... :) TCNiso is gay, don't give them donations when fibercoax will give you better software for free.

Re:CABLE MODEM MAC CLONING

[Aeorach]

if you change the mac of a non provisioned modem to that of a provisioned one, you will GET online - if you're on another CMTS or network segment that is....

building by the sea

[way2trivial]

have you even HEARD of federal flood insurance?
people don't whine, they gleefully collect

Screw uncapping, I just want my diagnostics back.

[Resaurtus]

Cox locks us out of the SNMP interface on our own modems. Now I understand taking away write privs but I feel I should have the right to see exactly how my modem is configured. Little things, like exactly what is my cap set at? Is it seeing errors? Whats my power level and SNR?

As I own that hardware, I feel I have a right to see how well it's working. Many issues (Like signal loss) would likely be within my own home and something I could fix. This software would probably let me read this information, however, as I don't own one of the modable products I'll probably look for one with all the info I want on a web page rather than getting a hackable one.

Uncapping? puh-leeze

[caveat]

thats one of the perks of living near NYC - we have Cablevision, so we get optonline...10/1...mmm, that's some tasty cable lovin', and i don't need to screw around with my modem to get it! w00t!

Download limit reporting

[LittleLebowskiUrbanA]

I'd just like to keep my modem from reporting to the ISP whenever I go over the 1GB a day limit. ANy thoughts on that?

You forgot the second half of that

[BLKMGK]

256K UP. Frankly I'd like a little more upside bandwidth. I would LOVE to be able to setup a small FPS gaming server but the low bandwidth going up prevents many of the interesting games from being played. I have IDSL also because my cable company won't allow hosting of content either - that sux. IDSL is only 144K and while it can do some VOIP stuff it's not enough for FPS games either. I would GLADLY pay extra for the bandwidth I desire but COMCAST says no such plans exist...

Re:You forgot the second half of that

I would LOVE to be able to setup a small FPS gaming server

Yeah, I know. I would like to as well, but I imagine that if everyone started doing this it would put a fairly large strain on their network.

It's a shame, because a dedicated line to use for this purpose is damn expensive, and it's quite impossible to recoup this cost unless you get large amounts of donations, or you use it as advertisement for your already-in-place ISP (as a tax write-off mostly, though a few people might surf over and buy what you're selling).

The best option so far is to co-locate a server at a datacenter or local ISP. You get the connection at a relatively decent price, and you get your own server somewhere. It's still more expensive than a single person would probably like to pay, but it's quite a bit more reasonable than trying to get a T1 or faster to your home.

VxWorks, ay?

[Luyseyal]

VxWorks, ay? Maybe NASA will issue a filesystem patch...

Learn to spell

Hobbyist... hobbyist... hobbyist... hobbyist...

broadband to the perfection

[mr.+spike+2]

Sure, most of the advanced communication equipments are having "undocumented console access port" on pcb, for both product development and servicing/diagnostics purposes. And these ports do allow to upload any firmware to any chip onboard or change any settings in eeprom or nvram.

i , myself, am that bad guy developing basband dsp signal processing equipment/modems and creating various speed limiting things inside them.

For example, if you are (technically) on network access through V.35 wirless transfer (may it be anything at Your end - a DSL, ADSL, dialup, cable or anything), in most cases all streams from 64kbit to 2Mbit are transferred through same 2mbit time-slot on wirless system, it's just a matter of stting on the port modules. So by taking 64kbit cable net access, You have already paid for 2Mbit bandwidth. And only the limit set in NVRAM is what cuts down Your speed.

AGGH!!!! GET A SPELLCHECKER!!!!!

[jeddak]

"...group of hardware and software hobbiests..." that's spelled hobbits, thank you very much.

FBI raids uncappers

[Devistater]

Seems like most of you dont even click on the other links in the story :) The link "uncappers" leads to an older slashdot story about FBI raiding uncappers. With today's paranoia you could probably have secret warrant too. Plus, who doesn't have at least one illegal MP3 or movie or game or application? Once they find that they could expand scope of warrant and get you for that even if they dont get you for uncapping. I think the dangers of uncapping far outweigh the benifits, especially as DSL companies like SBC (and people who resell thier lines like sonic and dslextreme) are currently offering 6.0/607 lines for $45ish a month. Repeat of the link in the story: http://slashdot.org/article.pl?sid=02/11/22/013226 &tid=123

Yeah, and what the fuck is "dangar"??!!

n/t for me either

Slow Upstream

[Nintendork]

I don't use much of my downstream. Maybe 50MB per day average. I do most of my surfing and downloading at work. What I do need though is faster upstream bandwidth. Right now, Comcast is limiting it to 256kbps (32KB/sec.) and I need around 768kbps to host Halo games on my Xbox. If they had a plan where I payed $10 more a month or something close to that for the increased upstream bandwidth, I wouldn't hesitate to go that route.

-Lucas

Re:Slow Upstream

[srvivn21]

Never happen. As has been pointed out before, they use the discrepancy to allow for hosting websites in Co-Lo, where the opposite traffic patterns from home usage occur.

I'm in the same general boat though. I'd rather have a high out-route.

Re:Slow Upstream

[the+grace+of+R'hllor]

Upstream costs. Being able to receive data from the world for your club of end-users is cheap compared to having the world listen *to* your end-users.

Anyway, the problem with uncapping is not the fact that it's shared (eventually, it's all shared, when you get to the ISP's main connections), but that the headends are limited-capacity devises. xDSL has seperate connections right to the end, whereas cable modems connect through several devices with limited statistics.

It's fairly trivial to overload a headend with an uncapped modem, which is why an ISP will come down like a ton of bricks on anyone who tries it.

One small detail you overlooked

[TubeSteak]

the SecurityFocus article specifically states that you can get "free anonymous service using "unregistered" modems". That means you don't have to call up your cable company and give them your modem's MAC address. Do you see the implications? Next time you drive by a model home for sale:
1. go in
2. Hook up your hacked Motorola modem
3. Attach a cheap WiFi station
4. Free internet
Feel free to reflash and/or change your MAC address as needed.

This is theft

[JPriest]

It is theft, the fact that this is front page news on /. speaks volumes about the OSS community.

Re:This is theft

Your baseless accusations speak volumes about your momma.

Bitch.

Re:This is theft

[JPriest]

PS. It only works with DOCSIS 1.0, most MSO's are now on 1.1, a few have 2.0 systems deployed

From the article: The DOCSIS 1.1 and 2.0 specifications only accept firmware that's been digitally signed by the cable company. "Once you move to a DOCSIS 1.1, and we already have some cable operators deploying 1.1, this hack is not a viable hack any more.... One mistake, and it turns the modem into a brick."

Re:This is theft

[Devistater]

I checked the firmware site briefly. There were a lot of tools on the download page to do MD5 signature hacks. Perhaps this gets around that? I dont know I'm just guessing, perhaps someone with more knowledge can say.

Re:This is theft

[genixia]

What the fsck relevance does this have to the OSS community? Since when did /. become the official or even the de-facto mouthpiece of said community?

I've got news for you, since you obviously missed the memo. Slashdot has degraded so much that most of the OSS community laugh at it.

Re:This is theft

[JPriest]

The MD5 apps are for the modem config file, not the firmware.

Re:This is theft

[The+Vulture]

DOCSIS 1.1 and 2.0 do address some security concerns (like tricking the cable modem into grabbing a config file from the Ethernet port instead of the cable port), but if I understand the article (and the website of TCNISO), they have access to the serial port. Once you can issue commands at the vxWorks shell, you can pretty much figure out how to get around the security checks.

Oh, and yes, DOCSIS 1.1 and 2.0 *allow* firmware to be signed by the cable company (or by the cable modem vendor), but, the operator has to specifically enforce this, it's not automatic. And I've received requests from cable operators for unsigned firmware for DOCSIS 1.1 modems. Just like the MD5 that everybody talkes about - yes, the config files are verified with an HMAC-MD5 hash, but if the operator doesn't put in a good "shared secret" for the hash, then you have no security.

-- Joe

Where's the DSL firmware?

I'd like to know if there is a collection of DSL modem firmware anywhere. I recently had my DSL modem replaced and that 'fixed' my upload and download speeds being reversed.

My provider sent out a firmware fix a while back that was directed at 10.0.0.1, but all scans of that addy are not turning up anything.

This request is only for educational purposes - I would never uncap, as a company that let me have close to a 1000k upload for over a year would most certainly notice.

Nifty little Linux Box

[codepunk]

Boy one of those things would make a nice little linux box. How long before someone figures out how to flash it with a 2.6 kernel?????

I triple dog dare you!

Re:Nifty little Linux Box

[Devistater]

You must have missed the story yesterday about the Linksys Wireless G switch/router :)

Re:Nifty little Linux Box

[codepunk]

It has been at least a hour since this was posted and I still do not have screen shots of the penguin frame buffer image booting on a surfboard, it seems the linux community is slow to respond. Of course I know there has got to be at least a half dozen /.'s that are ripping the covers off their modems as we speak.

You get an 'E' for Effort

[Mulletproof]

Unless there is a way to mask the bandwidth blackhole your uncapped connection creates, the chances of unplesantries between you and your provider are very high. Unless you hack [i]somebody[/i] elses connection ad route crap through them to you (which strikes me as more trouble than it's worth), it would seem to be fairly easy to track and shut you down.

Nah, think I'll skip this one, thanks.

Interesting about securityfocus

So Im sitting at work, and yes i work inside a Comcast Call Center, and I come across this post, and it catches my attention. So I click on the above link to view the article at securityfocus, and I receive:
HTTP Error 403 - Forbidden
Internet Explorer

Im like hmm, thats interesting. So I load up my special http bouncer and waaa laa. Im able to now view securityfocus. Just curious if they have purposely have decided to block comcast ips or something, cuz it wasnt an outgoing block msg i receive, was a incoming block msg.

Re:Screw uncapping, I just want my diagnostics bac

[detritus.]

What kind of cable modem do you own? The surfboards have always (from at least the SB3100 and up, from my personal experience) had a web interface (192.168.100.1) that displays upstream and downstream power levels, frequency locks, SNR, as well as an event log. I have Charter cable. SNMP would be nice if it were accessible to the customers (to set threshold monitors, etc.) but having the web interface is much better than nothing at all. I don't know if they have the capability to lock out the web interface, but there's really no point in it.

Re:Screw uncapping, I just want my diagnostics bac

[SuiteSisterMary]

Do you own the modem, or are they provided as part of the service? Rented or leased?

cable "modem"?

[enkidu87]

Am I the only one who cringes when people refer to cable or DSL "modems"? I would think in a supposedly technologically literate place like /., that someone would say something.

Maybe the meaning of the word is becomming lost knowledge.

Re:cable "modem"?

No, many people go through the "I must save the world from its own ignorance!" phase. Most of them get over it. (Some don't... they're often armed with copies of The Watchtower.)

Unless someone else's ignorance is hurting you in some (non-trivial) way, your motivation for correcting them probably has more to do with satisying yourself than genuine concern for anyone else.

Re:cable "modem"?

[enkidu87]

WHile I generally don't bother correcting people, I do find it strange that people who should know better continue to use incorrect terms.

Re:cable "modem"?

Enlighten us, then, oh wise Yoda, how to call these wondrous devices?

Cable or DSL modems are called modems, because they are essentially signal MOdulators/DEModulators. They function essentially the same way as an analog modem. DSL modems even use the same physical line, but communicate over a different set of frequencies then analog modems. Ditto for cable modem, the main difference being that cable modem taps into the cable line, while DSL modem taps into more-or-less standard phone lines.

So yeah, us illiterate slashdroids call these mystical devices cable or DSL modems, 'cause we are so ILLITERATE. :P

If only basic literacy came with obligatory logic and general knowledge module attached. Alas, the wonders of classical education, now long gone.

Re:cable "modem"?

[windex82]

They are both called a splitter, smart ass.

Re:cable "modem"?

Actually, I have always thought calling it a "bridge" would be better.

WTF!?!

[swb]

ARP traffic from California on an INDIANA segment?

That makes no sense at all. IANACableInternetEngineer, but I would have supposed that the ethernet broadcast domain for a cable segment would have been a street or neighborhood at the smallest, to perhaps a larger multi-neighborhood segment at the biggest.

Bridging entire states together into a giant broadcast domain sounds just kind of dumb, and also sounds like it would waste hundreds of megabits of expensive long-haul service as well.

What DOES make sense is that you're seeing multicast traffic or just misconfigured customer equipment ARPing for addresses that don't exist, and you're not really seeing layer 2 traffic that originated in California in Indiana. I'm pretty sure that even Cumcast is smarter than that.

Re:WTF!?!

Here's a quick snap shot...

13:22:26.772384 arp who-has c-24-11-230-186.client.comcast.net tell c-24-11-230-1.client.comcast.net
13:22:26.553788 arp who-has c-24-11-230-194.client.comcast.net tell c-24-11-230-1.client.comcast.net
13:22:25.932477 arp who-has c-24-11-236-81.client.comcast.net tell c-24-11-236-1.client.comcast.net
13:22:25.932484 arp who-has c-24-11-236-81.client.comcast.net tell c-24-11-236-1.client.comcast.net
13:22:25.274118 arp who-has c-24-11-237-56.client.comcast.net tell c-24-11-237-1.client.comcast.net
13:22:24.654220 arp who-has c-24-11-230-194.client.comcast.net tell c-24-11-230-1.client.comcast.net
13:22:20.171981 arp who-has c-24-7-247-198.client.comcast.net tell c-24-7-247-1.client.comcast.net
13:22:18.892119 arp who-has c-24-7-247-100.client.comcast.net tell c-24-7-247-1.client.comcast.net
13:22:08.695667 arp who-has c-24-7-247-175.client.comcast.net tell c-24-7-247-1.client.comcast.net .08 to .26 so 18 sec. log on the router ... you can resolve but I am in the 24.11.231.XX block so to see these shows a bad router config....

Re:WTF!?!

[tazanator]

thats pretty close to what I show too ... looks like a weekday afternoon. last capture mine showed a few 10.xxx.xxx.xxx and 12.xxx.xxx.xxx in it also.

They can

[emkman]

There are many methods cable companies uses to detect uncappers, such as MD5, special TFTP header detection, etc. TCNiSO has developed software to pretty much defeat all these checks. Sigma isnt the first thing these guys have done, they have been working on all sorts of software ever since DOCSIS 1.0 came out. Luckily for the cable companies, if you RTFA youll see that DerEngel has offered a program to detect Sigma. No cable companies have taken him up on the offer yet, probably consider it a sign of weakness.

Re:They can

[exhilaration]

probably consider it a sign of weakness

I'd guess that there are a few dozen cable company techs acrossing the world trying to decompile Sigma right now. Giving TCNiSO money would only help them produce better versions of Sigma.

PARENT POST=TROLL. PLEASE MOD DOWN.

[radoni]

that is all.

It's not all about uncapping!

[bugnuts]

Did anyone catch the cool stuff about possibly streaming music to your PC? I pay for digital music, and would love to get this sent to my pc instead of upstairs on the tube. I pay for the digital tv stuff, and would love to get that on my pc instead of just the standard cable channels fed as input to my ati all-in-wonder.

This whole thread is sounding like all those spurious arguments for gun-control. "Oooo, uncapping is illegal, and this allows people to do it, therefore this software should be illegal." Cry me a frikkin river, it's also illegal to drive drunk so maybe we should outlaw cars? There are plenty of potential legal uses for hacking the modem, and I'm really surprised the /. crowd is merely concentrating on uncapping the bandwidth and buying into the alarmist hype like a bunch of RIAA apologists.

Re:It's not all about uncapping!

Nice troll A++++ would do business with again.

"Got Code?"

[radoni]

no code, no balls, some advice...

shush!

liar, liar, pants on fire

[ph43thon]

not sure if you're trolling.. but most everyone who's been paying attention for the last 8-7 years knows that the problem with Cablemodem is that you share bandwidth with your neighbors. If the modem isn't capped, then you can suck up all the bandwidth that's available to your neighborhood. I have no idea what the topology is for a cable providers.. but my guess is that they run fiber or whatever to different hubs.. which then branch into the neighborhoods. So, they can cap off a neighborhood.. but they only know the mac address of the cablemodem hogging the bandwidth for that branch. Specifically, if you could interface with a cablemodem and have it generate a random, approved MAC address every N hours/minutes, then you could get free cablemodem access "forever". (Until they figure out a neat way to put a stop to your evil plans)

Anyhow, I've decided that you're a troll.. this is just to keep other readers from being misled.

p

Re:liar, liar, pants on fire

[picklepuss]

No, not trolling, at least not intentionally. I understand the concept of shared bandwidth, and I think that everyone should "play nice" with their neighbors. I learned to share in kindergarten, unlike a lot of other people I know. I was more referring to the broadband bandwidth limitations that we all know are ambiguous and undocumented. I made the connection which I think a lot of people missed. The fact that a.) the broadband company obviously knows how much bandwidth you're using if they're able to send out these letters, and b.) if you uncap your cable modem, you're obviously going to be using a hell of a lot more bandwidth. There'd be no other reason to do it. So even if they can't determine whether or not you've changed you're firmware, they'll still find a way to shut you down.

One would almost hope they handle it that way, as it would skim over those few people who have upgraded the firmware for reasons other than uncapping their connection speed. Anyway, the point of my earlier post was not to say that broadband companies should get rid of bandwidth limitations... they should just disclose them. That's all. I'm not saying they're bad, I'm saying we want to know what they are.

Re:confused: do ya want speed or reliable speed?

[br0ck]

Same for me, I've been getting a very reliable 3000/300 connection since their upgrade and giganews runs anywhere from 340 kb/s to 400 kb/s. It looks like half the people testing on dslreports are getting that speed or better. Also, they're planning on 50 Mbit/s within two or three years.

Mars rover cable box?

[Validus]

VxWorks and PPC the mars rover is farly simler to my cable modem huh? well if is goes down thay ahe no excuse for not being able to do a remot debug :)

27/10 aggretate speeds

[caveat]

At least that's what the DOCSIS spec supports. I don't know the upper bandwidth of coax, but I'd imagine it's pretty high - 200+ channels of digital video and music is no mean feat.

My two cents - CPE is not the place to limit

[jroysdon]

Cable companies need to limit bandwidth usage at the head-end, not at the CPE. If I own my cablemodem, I should be able to use it however I like, short of abusive network activity. If me and my neighbor want to play high-speed games or transfer files as fast as the coax will handle, we should be able to. Upgrade the infrastructure and limit upstream, but not locally.

Re:My two cents - CPE is not the place to limit

[MHerrington]

true, you may own the modem, but you also contradicted yourself. you do not own the coax, that is the property of the cable company and can only be used as they see fit.

Re:My two cents - CPE is not the place to limit

If you plan on doing this for a quite long time, it might be more cost effective just to string Cat5 between you and your neighbor.

Re:My two cents - CPE is not the place to limit

[Thomas+Shaddack]

Little problem with this. If I understand the issue correctly, cable behaves quite like old 10Base2 Ethernet; what's sent into it is sent to everybody on the segment. The total bandwidth of the segment is limited, not only the upstream connectivity.

Re:My two cents - CPE is not the place to limit

[NoMoreNicksLeft]

Not really. It's divided into "slots", and your cable modem can only talk when its turn comes up. Cable modems just recieving all the initialization stuff fight over a few open slots, but since most don't initialize at the same time anyway, it's rarely a problem.

Bandwidth is still limited, but it's something ungodly on my HFC networks. Enough that he could easily do 10mps to that local neighbor, and not really bother anyone.

unfair moderation

whoever modded this down needs to lose their privileges.. its an opinion that doesn't attack anyone.

I suspect the moderator will pay in metamod

Gee, are you sure?

[billybob]

I cant believe this is marked as insightful. It's times like this I wish there was a "No Shit, Sherlock (-5)" moderation option. :P

Re:Beep Beep

Why exactly is that off-topic? This is about firmware that is often used for removing caps.

Hope I catch you in metamod.

How long...

How long until I can run Seti on my cable modems spare CPU cycles? :)

Re:Beep Beep

Don't worry, they just did. :)

Re:Screw uncapping, I just want my diagnostics bac

[The+Vulture]

Here's the catch. The cable operators don't want you seeing the power level and the SNR (or your caps for that matter). Not everybody out there knows what these numbers mean (hint: SNR as high as possible, power level between 0 and 48, give or take, around 30 is good, I don't remember the numbers on the negative side). If you get two people who don't know what these numbers mean, they'll compare numbers, and suddenly the cable operators are flooded with calls like, "Hey, John's SNR is higher than mine, fix it now!". It's an added support burden on them, and they can't always fix the problem (many times, it's an issue with the coax wiring in your house).

CableLabs also has a list of parameters that aren't supposed to be viewable by customers, I don't remember off hand everything in that list (I know that the IP address of the modem is definitely one of them, I don't know about power level and SNR).

The problem with showing end-users the caps is that even though you may be capped at say, 1Mbps downstream, you might not be able to pull that in when everybody in your neighborhood is using their cable modem. Again, somebody might call in and ask why their measurement tool of choice isn't showing 1Mbps and demand it be fixed.

As for SNMP... Well, currently, SNMPv1 and SNMPv2c are used in cable networks, which is very insecure. Some operators might be using SNMPv3, but I haven't heard of anybody using it. SNMP security on modems is very weak, you can look at RFC2669 for some info as to what modems support for SNMP. The basic goal, unless you're using SNMPv3 is to setup groups of subnets and community strings that give read, write or read/write privlidges. All uncncrypted. Very weak security, really.

-- Joe