mailing list archives
Re: RCA cable modem Deny of Service
From: Mario Lorenz <ml () vdazone org>
Date: Wed, 27 Mar 2002 21:38:16 +0100
If you connect to the second device (10.x.x.x) on port 80, RCA cable
modem reset the user connection with inet. I proved it with my own wan ip 10.1.1
.x and with other cablemodem users IP's in the same wan. All of them reset
when I remotly connect to port 80 of the cablemodems.
This is probably more a software bug or an annoyance than a DOS vulnerability.
You should not be allowed connect to the 10.x.x.x IPs anyway. Your Provider
can fix this with a simple filter rule either provisioned into each cable
modem or on the CMTS. It has always been good practice to separate Customer
networks and Management networks (to which the 10.x.x.x Modem IP's belong).
That is not cable modem specific. Write an advisory about your Cable Provider
lacking proper security measures, not about the cable modem :)
2- Leak of Information:
I can connect to the wan IP 10.x.x.x of any cablemodem user in my node,
and take a look at the users cablemodem status information such as:
a) see above, about filters to management networks
b) the information is hardly critical. It basically tells that you have a
I can search in MIB table looking for my node server. I know that the
node IP start with 10.x.x.x and I started to search in the MIB Ops, a found
188.8.131.52.0 = IpAddress: 10.20.250.1
184.108.40.206.0 = IpAddress: 10.20.250.1
220.127.116.11.0 = IpAddress: 10.20.250.1
18.104.22.168.0 = "docsis_light_avalos"
And then I recognize the word "avalos" becouse is the name of the street
where the node fisicaly is.
Your Cable Provider did a) not separate the management network and b)
left the SNMP community strings at its defaults. There is nothing the Cable
Modem can do about.
To summarize: Your "advisory" shoots the poor messenger, ie. your cable modem,
when your Cable Provider should be, uhm, well, I guess dropping him a note
should be sufficient :)
Mario Lorenz Internet: <ml () vdazone org>
Ham Radio: DL5MLO () OK0PKL #BOH CZE EU
"I hear that if you play the NT 4.0 CD backwards, you get a Satanic message!"
"That's nothing. If you play it forward, it installs NT 4.0!"