Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Plans Cable Boxes with Integrated Wi-Fi and Snooping

Posted by michael on from the all-in-one dept.

Kaa writes "Short version: Comcast's cable modem/802.11g base station that is made by Linksys has capabilities to 'phone home' to Comcast and tell them how many devices are connected to your WiFi base station, how much bandwidth they are using, etc. It also has the capability to 'disable LAN segments' which, I assume, means they can kick your devices off your home network if they choose to do so. Something tells me this particular device won't make it into my house..."

38 of 427 comments (clear)

  1. Smoothwall by Anonymous Coward · · Score: 5, Informative

    Simple Solution:
    Put a smoothwall box or another router between your home network and the new cable modem (as I'm sure many of us already do). Although the wireless access would be nice to use, 802.11b/g access points are pretty cheap these days.

    1. Re:Smoothwall by justforaday · · Score: 5, Insightful

      Simple Solution: Put a smoothwall box or another router between your home network and the new cable modem (as I'm sure many of us already do). Although the wireless access would be nice to use, 802.11b/g access points are pretty cheap these days.

      even simpler solution: buy one of the many many many available router/wifi AP combos out there and don't pay the extra charges that comcast wants you to pony up...

      --
      I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
    2. Re:Smoothwall by Anonymous Coward · · Score: 4, Informative

      I just got Speakeasy. It's awesome, although a little pricey. However, you can get static IP's and NO port blocking! Leaving Comcast behind and never looking back.

    3. Re:Smoothwall by AndroidCat · · Score: 5, Funny
      and don't pay the extra charges that comcast wants you to pony up...

      I knew there must be a pony in there somewhere.

      --
      One line blog. I hear that they're called Twitters now.
    4. Re:Smoothwall by jrockway · · Score: 4, Informative

      It doesn't help. A full nmap run will take maybe thirty seconds. Any script kiddie can scan you. Also, you probably shouldn't be worried about script kiddies. They won't know what ssh is. Someone may really want your data, and changing ports ain't gonna stop 'em from trying to get at it.

      It does break all internet standards, though. That's always a great thing (*rolls eyes and looks at M$*)

      --
      My other car is first.
    5. Re:Smoothwall by Allen+Zadr · · Score: 4, Informative
      Er, actually, if you read further down, [specifically, Table 5-6 (page 37)], you will find that most ports and protocols will be entierly uneffected by these technical extensions.

      If you use SMTP, yes, so too will this. Unless you let the CableHome system access the SMTP of your devices, you have nothing to worry about.

      It uses DHCP, well, so does my current Cable-Modem. In fact, all DOCSIS cable-modems can offer DHCP. No surprise there.

      Ping - yep, looks like it will block pings into your network (or answer for you). Nothing every DSL modem doesn't already do.

      TFTP, slightly more worrisome, but a good standard to allow remote updating of devices that they own (and need to manage).

      This is about selling more network devices into your home that the average user won't know how to set up with an old Linux box and a pack of bubble-gum. They will get to sell more stuff, and make more money. Many users will get the benefit of neat network appliances in there home .. that they merely have to pay a separate subscription fee for.

      The network segment shut-down is there to cut-off devices that they own but you are trying to use anyway, but don't want to pay the subscription service for.

      Yes, there is room for abuse, but it's not nearly as bad cutting off all other WiFi. It wouldn't be technically capable of telling a WiFi router apart from an in-home network switch or a NATting Linux box. I suppose the built-in WiFi would block your own WiFi's signal, but that doesn't point to a conspiracy.

      --
      Kinetic stupidity has a new brand leader: Allen Zadr.
    6. Re:Smoothwall by 0x0000 · · Score: 4, Funny
      even simpler solution: buy one of the many many many available router/wifi AP combos out there and don't pay the extra charges that comcast wants you to pony up...

      As an recent victim of the Comcast scam, I feel that I should point out that it is a virtual certainty that Comcast will attempt to cook up some scheme to prohibit use of their network using any equipment that is not "approved" by their MBA-wielding, $1-billion-from-Micro$oft-funded, shit-for-brains, corporate thugz.

      Apparently Comcast has issues with allowing their victims (you know, the ones they pretend are "customers") to actually use the service.

      Heads up, Comcast management: the next time one of your high-school-dropout, red-neck-trailer-trash, gun-fetish, drooling "tech support" MORONS tells me "You can't do that" I may just go fukking POSTAL. You should make your employees aware of this, since they will no doubt rate some hazard pay in their capacity as human shields protecting YOU from .... well, somebody less disgruntled than, ME, since I would never even consider trying to PROTECT MY RIGHTS AS A CONSUMER, especially against huge, honking, big dick corporate like yours, oh mighty Gatekeepers of Broadband Access -- no matter how fukking STUPID, CLASSIST, PREJUDICED, and IGNORANT YOU ARE -- right? eh? So. We understand each other? You a) provision the cable modem I paid you for, and b) you provide the bandwidth I pay you for, and you c) leave me the fuk alone about what devices I can hook to that connection, and I don't have to come all the way over there to straighten it out with you in person .... k?

      I really wish .... oh nevermind.

      --
      "The Internet is made of cats."
  2. This is a product for the lusers... by LostCluster · · Score: 5, Interesting

    Sure, the /. user won't want this in their house...

    But the user who is too dumb to configure WiFi without Comcast's help needs this. This technology could let Comcast's techs lock down any access point who's not running WEP, and see to it that all the devices the customer has are taking their DHCP assignments properly. Of course, anybody reading this will know how to do these administrative tasks on their own, but those who are clueless can have trust Comcast configure their router and firewall to optimal settings.

    If this cuts down the number of worm-vunerable computers on the Internet by letting those who don't know what they're doing hand the controls over to Comcast, I won't complain.

    1. Re:This is a product for the lusers... by LostCluster · · Score: 5, Insightful

      Yea, you won't complain until Comcast won't give you service unless you have "compliant" hardware

      However, Comcast can't require you use their cable modem to connect to their system. That's simply against FCC rules. The FCC usually hates it when the service provider starts mandating that only their hardware be used.

      (Think... If they could, wouldn't they be doing that already?)

    2. Re:This is a product for the lusers... by 2names · · Score: 5, Insightful
      The FCC usually hates it when the service provider starts mandating that only their hardware be used.

      We _are_ talking about a Government agency, right? And God knows that no Govt agency has EVER changed policy or regulations to appease a corporation...[rolling eyes]

      --
      "I'm just here to regulate funkiness."
    3. Re:This is a product for the lusers... by the_mad_poster · · Score: 4, Interesting

      I can't use just any old modem I want for Adelphia. It has to provide certain *ahem* "features" that let them do some level of snooping. Of course, this is all in the name of helping me troubleshoot my connection.... yea.. sure... depsite the fact that they've never successfully found a problem remotely...

      They can't make you use any specific modem, but they CAN mandate that your modem must have certain "features" and "standards" under the guise of helping you out. Then, they can push that this tech gets standardized and start requiring it for new connections.

      Never underestimate the power of a monopoly to get it's way when it comes to raping consumers.

      --
      Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
    4. Re:This is a product for the lusers... by slickwillie · · Score: 5, Funny

      Maybe I don't want one in MY house, but I'd sure like my neighbor to get one.

    5. Re:This is a product for the lusers... by DrEldarion · · Score: 4, Interesting

      I wouldn't let comcast, of all people, to administer my computers. Nor would anyone else want to, no matter how technically-alternatively-enabled..

      I'm sure you'd be surprised how many "technically-alternatively-enabled" people would jump at the chance to have Comcast administer their computers.

      I'm not saying that it would be in their best interests, but if you're clueless about computers, a well-known company offering to take care of everything for you is something you'd squeal in glee about.

      In fact, I'd imagine that a significant portion of computer-illiterates would give FULL control of their computer to any well-known company (say, MS) if the company put enough marketing spin on it ("Imagine having all your computer problems fixed with one call! We'll even do it all for you, you just sit back and relax!")

  3. Easy fix. by grub · · Score: 4, Informative

    Simple, just put another firewall between that snoop box and your LAN.

    --
    Trolling is a art,
    1. Re:Easy fix. by Mad+Bad+Rabbit · · Score: 4, Funny

      try to put a firewall between it and all your wireless devices!

      No problem: just put it inside a Faraday cage.

      Of course, it will be tricky to find the right spots
      to cut holes in the wire mesh for a given IP address
      and port number...

      --
      >;k
    2. Re:Easy fix. by Gojira+Shipi-Taro · · Score: 4, Insightful

      Once we're on my side of the demarcation line (in this case the cable modem) it's not the cable company's network. It's MY network. And none of their damned business.

      --
      "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
  4. Huh? by danielems · · Score: 5, Insightful

    Why aren't bandwidth quotas sufficient?

    1. Re:Huh? by ciroknight · · Score: 4, Interesting

      Well in theory this technology could be good if they only charged you for the bandwidth you actually pulled through your modem, but they could do this without their level of snooping.

      My guess is that they just want more control over your modems, making sure that there's no way you can modify the bandwidth you use (uncapping), automatically updating firmware ([[could be good: block certain ports during a virus emergency]]), etc etc etc... but the fact still remains: they could do all of this from their side of the network.

      So really, you have to question what they're going to do with this..

      --
      "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  5. Security risks? by pseudochaotic · · Score: 4, Insightful

    The "disable LAN segments" thing sounds like it could be a security risk. DOS, anyone?

    --
    And the l33t shall inherit the 34r7h.
  6. Beyond the pale..... by erick99 · · Score: 4, Informative
    This is beyond the pale. It's like the RIAA in the sense that there is an arrogance about what they can do while selling you a service. Here is the pertinent part of the docment that is labeled "The goals for the CAbleHome Management Portal include:"

    * Enable viewing of LAN IP Device information obtained via the CableHome DHCP Portal (CDP)

    * Enable viewing of the results of LAN IP Device performance monitoring done by the CableHome Test Portal (CTP)

    * Provide the capability to disable LAN segments

    I hope that at some point, we, as users, can vote with our wallets and stop this nonsense. The more we give into this kind of seller-bullying, the more we can expect.

    Happy Trails!

    Erick

    --
    http://www.busyweather.com/
    1. Re:Beyond the pale..... by Brightest+Light · · Score: 4, Insightful

      As many other people have pointed out, this is not something that the average slashdotter is going to want to have. But this is will be a great thing for the clueless. The average person who wants to browse the web and get email, who has no clue about setting up and locking down a proper network will love this. Now all they have to do is plug it in and go, Comcast takes care of the rest. I would rather have comcast controlling the routers/waps of the clueless. Ideally, they'll do things like monitor for abuse and worm traffic, and kick offenders offline until its fixed. This is not something Comcast is forcing on its users, its a service that is going to make things better for the customer as well as for the rest of the internet. From what the article says, its entirely optional. Wouldn't you rather have the networks of the people most likely to get infected with the latest worm/spyware/whatever be monitored by somebody who actually has a clue (as much clue as Comcast has, at least..)? Stop fighting new technology just because you wouldn't use it.

  7. So...? by YanceyAI · · Score: 5, Funny
    If I decide to throw a lan-party, they'll disconnect my buddies remotely, then what? A bunch of pissed-off, masked comcast SWAT guys show up?

    That's just evil. Count me out.

    --
    Can I bum a sig?
  8. easy solution -- $19 wifi router, no rebates by Jaeger- · · Score: 4, Informative

    router @ compusa

    cheapest i've seen considering there's no rebates involved...

    2.4GHz 11Mbps Wireless Router with 4 Port Switch, 802.11b
    Manufacturer: FMI
    Mfg Part #: WE711APR
    Product Number: 295106
    Original Price: $89.99 (79% Off)
    Regular Price: $69.88
    Internet Special: $18.99

    --
    E V E R Y T H I N G I W R I T E I S F A L S E
  9. Hold LinkSys Accountable, too. by saberworks · · Score: 4, Insightful

    Don't only blame Comcast. If LinkSys is doing this in one device, what about others?

  10. COMCAST: I don't know.... by dnahelix · · Score: 4, Informative

    When I signed up for COMCAST broadband I was told I could have up to 5 computers connected (using a server assigned DHCP address on each machine)
    Well, last week I got a letter from COMCAST telling me that they have determined I have more than on machine connected to my cable modem and that if I don't respond by June-something they will terminate any other IP addresses beyond one. Although, for and extra $9.99 a month, I can have up to 4 extra (5 total) IP address.
    I think those sons-of-bitches are pulling a scam and have bait-and-switched me. I was very up-front with the rep when I signed up and told him I needed to have 5 computers connected and would that be a problem... "No, of course not," I was told, "You can connect up to 5 computers, we just don't support and LAN/ethernet-hub problems you might have."
    FUCKING LIARS

    --
    Slashdot Eds Link Anonymous Posts With Logged Posts
    They Are Vermin Feeding On Each Other's Feces.
    I Hate \.
    1. Re:COMCAST: I don't know.... by Geoffreyerffoeg · · Score: 4, Informative

      You missed something. There's an important difference.

      You are using multiple IP addresses. This means you're using a hub, not a router. Multiple IPs are commonly extra priced.

      You want to use multiple devices with NAT. Buy a proper router and plug it in, then plug your devices into there. They'll all use the same IP, and Comcast will be happy.

      The only mistake on their part is not stating that multiple computers must share one IP.

  11. Re:Continue BOYCOTT by YanceyAI · · Score: 4, Informative

    They just doubled my connection speed. For free.

    --
    Can I bum a sig?
  12. I'm out. by Schezar · · Score: 5, Interesting

    I'm done with consumer/residential broadband. Blocked ports, slow connections, poor customer service, arbitrary limitations on use... It's just not worth it anymore. I've dealt with dead lines and clueless techs for too long.

    Instead, I'm springing for commercial/business class service. The support is better, the speeds are higher, and the service is usually excellent (since businesses won't put up with the same garbage residential users will).

    Consider this: a cable modem usually costs about $40-$50 a month for residential service including a single IP address and bandwidth caps. I can get 1536k x 256k commercial DSL for about $80 a month that includes web hosting, DNS, and 5 IP addresses. The extra $40 is not much, and you can offset that by selling access to your neighbor if you're so inclined (perfectly ok with most providers).

    The above costs about as much as most people pay for a cable modem and cable TV, and quite frankly, I've found that lots of bandwidth is far more entertaining than lots of TV stations.

    I'd list some companies that offer comparable service plans, but I don't want to look like an astroturfer. Hit Google and you'll find lots of nice options (as long as you live somewhere civilized ^_~)

    --
    GeekNights!
    Late Night Radio for Geeks!
    1. Re:I'm out. by Minwee · · Score: 5, Interesting
      "I'm so angry at my ISP that I'm going to give them even more money so maybe they will provide the kind of service I was supposed to be getting in the first place."

      I think you're their kind of customer. How much more will you cough up when they start screwing with your "business class" service?

  13. This must explain their version of "Big Brother" by AtariAmarok · · Score: 4, Funny

    This must explain the Comcast version of the "Big Brother" show. I was wondering why it always showed my own living room.

    --
    Don't blame Durga. I voted for Centauri.
  14. Some features of New Comcast Cable by AtariAmarok · · Score: 4, Funny

    US Robitics cable modems burst into flame upon connection.

    Local FBI agents walking down the street now greet you by first name.

    "they can kick your devices off your home network" means that your toaster, radio, blanket, and vacuum have left home never to return.

    Reality TV shows feature different rooms in your house.

    --
    Don't blame Durga. I voted for Centauri.
  15. Don't let Comcast freak you out by kardar · · Score: 5, Insightful

    If there is one thing to be learned from Comcast, it's that they have an IMMENSE subscriber base. Outrage is commonplace. But it's also important to not let it consume you. It seems like over at Comcast, there are like "too many chefs in the kitchen" sometimes. Every now and then, one of these chefs will do something that is extremely unpopular. It takes a little while, and then things fall back into place the way they should.

    In any case, Comcast does eventually get the message, but you may have to speak somewhat louder or go down to the office yourself, or write the "right person" a letter, describing your problem.

    So while you, as an individual, may have to, at some point, stand up and assert your rights in the face of an immense company such as Comcast, the important thing is to do it with conviction, to not panic, and to maintain a level-headed approach to the whole situation.

    There is nothing worse than being constantly dragged into these massive online bitching sessions that explore every possible worst-case scenario from every possible angle.

    The most important thing to do with Comcast is to remain calm, and chill out, while trying to stay informed. This, unfortunately, is a serious challenge, because the information that you need to know is usually buried in a veritable hastack of hatred and negative emotions. It's unfortunate, really.

    Eventually, when there are options, other options, for those folks who don't live within the necessary distance from the CO, or, when Comcast learns that many very technically knowledgable users don't have a choice when it comes to broadband access (whichever comes first), then these problems are going to go away, for good. The sooner the better.

    I think Comcast has come a long way towards making things more friendly for alternative OS's and do-it-yourself home networking, and I have a feeling that these two things will be around to stay. That's just my feeling.

  16. 3Mbit/sec ... Are you sure? by Libertarian_Geek · · Score: 5, Insightful

    Try to use 3 Mbit/sec for an extended length of time, and see what happens. Chances are, you'll get a nast-gram in the mail saying "You're using too much bandwidth!, 3Mbit/sec is the name of our service, not a description!".

    --

    www.facebook.com/DareDefendOurRights

    www.fairtax.org
  17. I've got one now. by bl1st3r · · Score: 4, Informative

    Comcast on the whole is not that bad. They actually had a knowledgable tech out here to help get shit set up. The problem exists at the corporate level where policy is made. They have stuff set up upstream to make it so that only Windows and Mac machines can use their service. The tech here got them to disable that for me.

    I currently have the Wireless Gateway that they are discussing and while I don't know about the stuff they claim it can do, I do know a little about it's use.

    192.168.0.0/24 == NAT range used.
    192.168.0.1 == Router admin interface
    192.168.100.1 == Router tech summary interface

    Both those interfaces == HTTP. Both interfaces use the same password by default.
    User: comcast
    Pass: 1234

    That's the default. They also recommend at install time that you don't change that.

    I think that's fishy as hell so that was the first thing I changed. Luckily the tech here on site was competant enough to ask me what WEP key I wanted to use and let me pick whatever phrase I wanted. That showed intelligence.

    On the whole, I have no complaints with them. If they fuck with my service, maybe I'll have problems. But Charter (local competition) isn't much better.

    --
    hrrm.
  18. Lord - please stop the FUD by Allen+Zadr · · Score: 5, Insightful
    This is not specifically against the top AC post here, but, "Lord, please stop the FUD".

    The new CableModems specific purpose is so that Comcast can sell add-on units that they also control. Think Cable DVR equipment that can also be accessed by your computer (through these protocols). With all far-reaching technologies, including this one, there is a lot of potential for abuse. However, if abuse occurs, a lot of folks will be signing up for DSL or Satellite service (where DSL is not also available).

    Bottom line... this will allow comcast to sell Network Appliances. They make money, $$. If Time Warner were doing this first, I'd be much more prone to believe the "RIAA conspirists". If AT&T (no longer part of ComCast) were still involved, I might be more worried about Vonage devices.

    At the same time, this will enable Comcast to sell their own VoIP (like vonnage) devices for their own telephone service. Basically, home cable-extension appliances are not new, but they are just starting to get popular. This technology will enable that sector to grow.

    As commonly said here... follow the money. I see money in additional in-home networking appliances, like Cable-Radio (delphi style) - - if you don't pay for it, they can cut off that "segment".

    --
    Kinetic stupidity has a new brand leader: Allen Zadr.
    1. Re:Lord - please stop the FUD by clickster · · Score: 5, Insightful

      Bottom line. If it's on my side of the gateway, they have no right to snoop around. Whether it's determining how many PCs connect to my home network (PC to PC traffic doesn't suck up their bandwidth) or monitoring the traffic on my LAN, it's none of their business. PERIOD. Once the traffic leaves the gateway and starts heading down their cable lines, fine. But whether or not I'm streaming an MPEG, MP3, etc from one PC to another within my home is none of their business. To me that's like having my cable box monitor my DVD player and VCR. Sure they all interconnect, but so what. I don't try to hack into my cable company's billing server because I think they're overbilling me.

      --
      If you mod me down, I shall become less powerful than you could possibly imagine.
  19. From someone inside by Anonymous Coward · · Score: 5, Informative

    Disclaimer: I am a Comcast employee. I am not trying to defend this product/standard/company, but will clarify a few things.

    The cablehome pro standard shown in the article show what it can do, but not what Comcast is actually doing. What is currently implemented does not intrude in the ways suggested. Comcast employees can view basic information like current DHCP leases, # of WLAN clients and router config (parental settings, etc) The cablehome standard implementation is currently very limited, only in certain areas at this time.

    I also want to say that I disagree with many Comcast policies, but we don't care what is connected to the gateway unit. The gateway is set in the firmware to only give 5 DHCP leases. If one wants more devices they need to set it staticly, but non-Comcast installed devices are not supported anyway.

    Also keep in mind who this product is marketed to - the average family lacking the technical ability to configure their own wireless network.

  20. From the inside. by Anonymous Coward · · Score: 5, Informative
    I'm currently doing a project for a contractor that works for Comcast. I also do trouble calls for them on occasion when they get really stumped by a customer's computer, but I'm expensive so they usually send 5 or 6 of their techs before they call me. (Mac DHCP issues, LSP problems, INF overloads...)

    I can say with authority that these devices suck. They have custom firmware with the vast majority of the normal Linksys functionality stripped out. The end user isn't even supposed to be able to access the web interface. (The login is comcast/1234 if anybody needs it...) About the only good thing is that they come with WEP enabled with no key by default, so if the install technician (who usually knows only slightly more than the end user) forgets to go in and set a WEP key, no wireless clients can connect. I'm not even sure it's possible to disable WEP on them... I know it's not through the normal technician 'install' interface, but there is an avanced WEP screen I haven't played with too much.

    Comcast wants to charge something to the effect of $20 for the network + $10 per additional computer monthly, depending on your region. They want the install technicians to call in the MAC of each connected device, which are stored in the space in Comcast's system where additional outlet information usually goes. I am not sure whether this actually does anything. One of Comcast's lead technicians explained to me that the first time they went out (3 of them) to try to get one of these devices installed, they spent 6 hours working on it, only to discover that the problem was they hadn't called in the MAC addresses. Contrast that with my own experience, having installed 4 of these (showing the contractor's techs how to do it), all of which have worked just fine wireless without calling in the MACs. I don't know if that's a permanent solution though, in each case the customer took my recommendation that they get a normal cable modem and buy their own router to save money, so we removed all 4 of the ones I installed within a day or two. (Obviously I won't be telling you exactly who I am, someone at Comcast might be reading this...)

    Anyways, if they've got some grand scheme to restrict access to approved and payed-for devices, it looks to me like it's not working yet...