Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Cuts Infected PCs' Network Connections

Posted by timothy on from the and-sends-them-copies-of-knoppix dept.

fidget42 writes "I just noticed this article over at Infoworld. It seems that Comcast is finally doing something about the machines on their network that are being used by spammers. They are now cutting off service to those customers who have computers that have been hijacked by spammers. Now, if only other broadband ISPs would start policing their user base ..."

3 of 592 comments (clear)

  1. Cox does this... by h0mer · · Score: 5, Informative

    I know anecdotal evidence is pretty much worthless, but my friend got infected with all sorts of nasty ad/malwares, along with Blaster and a couple other worms. Cox deactivated his cable modem, he had to call them and go through phone hell to get his service back. So I'm not really sure it's only Comcast doing this.

    --


    I'm on top of my game like I'm standin' on Xbox.
  2. Re:Other ISPs start to do this? by mikeophile · · Score: 5, Informative

    Take a look at this site and you will be able to imagine it quite easily.

  3. Re:Other ISPs start to do this? by drinkypoo · · Score: 5, Informative
    Unless you have supplied the cable modem, this only works when your cable provider is stupid. I worked for Cisco (interesting that their name crops up so many times on that page) and I happen to know that as they shipped the software to their licensees (among them sony and samsung) it looks for a configuration file only on the cable interface, and never on the ethernet, so in order to hijack the modem you would need your own cable head end (cisco calls them a uBR) and an up-converter, and you would have to hook it up to that head end at least every time you started it up.

    Now, most cable modems have solder pads for a diagnostic connector, which is usually a 3 wire RS-232 serial connection. Sometimes it uses an unusual voltage, and you need a little box to change the levels. If you got access to the diagnostic connector, and your modem had the proper flash image in it, then you could program it through the diagnostic interface.

    I can imagine that some modems you purchase from Fry's or what have you will look for config on ethernet, though I doubt many of them do.

    For more insight on why this typically won't work, the default route on the device typically points to the cable interface, or does not exist if the cable interface is not hot, and the device has two modes of operation with regard to IP addresses on the internal interface; either it sets itself to 192.168.100.1, or it sets itself to whatever the config file tells it, and it starts proxying DHCP requests. Either way it is not going to be able to find your bogus TFTP server on the network unless it is badly misconfigured to begin with.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"