Uncapping cable modems
Posted by creining | Filed under Security
Good article at SecurityFocus entitled Cable modem hackers conquer the co-ax. In a nutshell, a group of hackers (the good kind, not the mysterious FUD-inducing evil ones in the media) called TCNiSO released a program called Sigma that allows an uncapper or someone just curious to rlogin to a Motorola Surfboard cable modem and be dropped into a VxWorks shell. At this point any FTP server can be specified to grab configuration information from, which contains the upload/download speeds. I remember a couple years ago when I had cable internet connectivity and a Motorola Surfboard a similar type of hack could be done. The underlying design flaw at that time (maybe still present) was that the ethernet side of the cable modem would accept a configuration file instead of only accepting the configuration file on the co-ax side. So, what one would do if they wanted to “uncap” their cable modem was to grab the configuration file from the cable company’s TFTP server (advertised in BOOTP/DHCP broadcasts), change the settings which were plaintext, serve up the new configuration file via TFTP on the ethernet side, change the MAC and IP address of the TFTP server to be that of the one advertised on the co-ax side, and boot up the modem which will grab its configuration from the ethernet side TFTP server.
Comments are closed.