Cable Modem Hackers Release Improved Firmware 419
FatCat writes "SecurityFocus has a story about a group of hardware and software hobbyists specializing in embeddded systems who've released their own custom firmware for Motorola Surfboard cable modems. The firmware lets you log in to an interactive VxWorks shell, or issue commands from a Web browser through an http interface. You load it by tapping an undocumented console serial port on the circuit board. So far, uncappers are apparently the primary consumers, and they're downloading up to 400 copies a day."
Great, the bandwidth hogs (Score:4, Insightful)
Is this right? (Score:2, Insightful)
Hmm... (Score:5, Insightful)
Re:My Opinion (Score:2, Insightful)
This shouldn't even be possible (Score:5, Insightful)
Re:My Opinion (Score:5, Insightful)
Something ain't right about that.
Re:This shouldn't even be possible (Score:5, Insightful)
I am certainly no expert but I think it is more difficult with this setup, than with DSL.
But I could be wrong
Harsh lesson for business (Score:5, Insightful)
Lesson learned:
Don't stake your business on being able to place artificial limits on how users use a product they buy.
DivX learned this. The RIAA are learning this. the MPAA will learn it. And looks like broadband providers will soon learn it too.
Re:This shouldn't even be possible (Score:5, Insightful)
ADSL is single line from you to your local DSLAM. Zero issues with capping at the DSLAM end.
Cable modem has tons of users sharing the same cable, and the easiest point where you squeeze down what a single user can send/receive to the cable is your cable modem. Yes, there are ways of doing it at the ISP:s end, but they are either expensive or require nasty kludges.
It's of no moment (Score:5, Insightful)
I do think it's an interesting attack on the Cable providors who have an undocumented bandwidth limitation that they enforce. One would think that a potential benefit would be an increase in the number of people who are diconnected due to this invisible marker, and some court enforced clarification/disclosure of limitations. Sadly, the activity is obviously illegal, and therefore any potential long term gains from this kind of activity are rendered unachievable.
Re:dropped carrier (Score:4, Insightful)
The thing that stinks is that our provider is great. They block a few common ports inbound to prevent casual abuse, but that's about it; it's fast and stable! Uncappers may ruin it for the rest of us with this firmware mod.
Re:Increasing Speed (Score:1, Insightful)
I'm sure people wanting to uncap their modems won't be interested in text websites. MP3s, movies and w4r3z are already compressed...
Re:Increasing Speed (Score:3, Insightful)
so the question becomes (Score:5, Insightful)
Sorry, but there's very few things worse than being a weasel.
Yeah, it's great to have m4d bandwidth, but you're really paying for a shared resource, and I think most people know that. Don't get me wrong... I appreciate the value of a good hardware hack as much as the next geek, but if you're using it to siphon huge amounts of bandwidth from your neighborhood node, that's a problem.
If you need huge, dedicated bandwidth, I'd say buy a T-1 line, or pay for a business-class account.
Re:Cheap VxWorks development system? (Score:4, Insightful)
Re:This shouldn't even be possible (Score:2, Insightful)
Not really sure about the technicalities of cable-modem capping either.
However, I don't understand how so many businesses can actually base their plans on digital boxes being "tamperproof". To my knowledge, nobody has EVER successfully made anything digital tamperproof. DVD players, XBOX'es, Cable modems, Play Stations, all have been hacked. So why on earth do they keep trying?
Sure, it can make for some very tempting business models, but COME ON. It's like building your house on an erodable ledge by the sea, and then whine about it when your property goes bye-bye into the big blue.
Of course, as politicians seems to think such behaviour perfectly reasonable, and even write laws to support it, its never going to go away. :/
Re:This won't last long (Score:3, Insightful)
Re:How to handle uncappers fairly? (Score:2, Insightful)
If it were to happen a second time, it would be time to either permanently cancel the user or escalate to less subtle threats.
Re:My Opinion (Score:2, Insightful)
No (Score:4, Insightful)
Why? Running servers for one, and I also get priority for bandwidth on the node, as well as better tech support (which I basically never use... calling tech support is a sign of weakness). Yes, it costs more, but I knew my utilization would be a good deal more than average, so I paid for the next level of service.
I personally suspect the uncappers are after some better upstream pipe... that's where residential accounts are seriously lacking compared to a T-1.
Re:Hmm... (Score:3, Insightful)
Blizzard has been ignoring you because you don't know what you're talking about. It is simply not possible to design a game that has all sensitive computation being done on the server. The game will not be playable over the internet. It simply won't perform well enough.
Re:so the question becomes (Score:5, Insightful)
I think that's the point, exactly. There are others paying for the bandwidth, while some kid with a hacked firmware is, in essence, stealing it.
Just because it's there, does not mean it's there for the taking. If you need the extra bandwidth, don't steal it. Buy it.
Also, just because the cable modem ring concept is flawed and difficult to control, by design, that does not make it justifyable to steal from them any more than it does to steal from music artists by downloading Mp3's. If you are going to be a criminal, don't play like it's not wrong. Accept that it's wrong, and get your kicks on the idea you stole something. That's less sick than the relentless and asinine justification I see all through this thread.
Re:How to handle uncappers fairly? (Score:2, Insightful)
1. a good upstream end (high end CISCO)
2. A "fair share" scheduler
The goal of the "fair share" scheduling is to make a history of usage part of the scheduling. Packets are "delayed" in delivery until the users "fair share" limits are reached.
If the bandwidth maximum has not reached, then everyone gets full speed, BUT their usage is tracked. This tracking also involves a decay function to subtract from the usage.
When the bandwidth reaches maximum, the individual destination packets are delayed by an amount proportional to the current "usage" level of that destination. Since new connections (or idle ones) decay to a 0 usage, they end up getting preferential treatment. Once saturation occurs, the heavy usage distinations are delayed while the new connections accumulate usage.
It is similar to a priority heirarchy - no use - high priority... high usage - low priority. Over time, all usage becomes balanced, and the maximum bandwidth becomes shared among all targets.
The usual difficulty in "fair share" algorithms is in determining the "decay" function. Since it is time based you have the number of seconds vs consumed bandwidth. You also don't want it to delay too long (you want the packet delayed in the 10-500 ms range, but the packet itself transmitted in as short a time as possible).
You are shaping the traffic.. And I thought this was part of the newer routers...
Re:How to handle uncappers fairly? (Score:3, Insightful)
My high school pulled stunts like this, revoking my account whenever I violated rules which they never told me about, without so much as a warning beforehand. It's not a tactic worthy of a profit-making business.
Re:cable "modem"? (Score:2, Insightful)
Cable or DSL modems are called modems, because they are essentially signal MOdulators/DEModulators. They function essentially the same way as an analog modem. DSL modems even use the same physical line, but communicate over a different set of frequencies then analog modems. Ditto for cable modem, the main difference being that cable modem taps into the cable line, while DSL modem taps into more-or-less standard phone lines.
So yeah, us illiterate slashdroids call these mystical devices cable or DSL modems, 'cause we are so ILLITERATE.
If only basic literacy came with obligatory logic and general knowledge module attached. Alas, the wonders of classical education, now long gone.