Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Adelphia's Cable Modems Compromised 182

texus writes "The Adelphia PowerLink Cable Modem Internet Service Provider, that serves 5.5 million customers nation wide, was found to be vulnerable of a major security flaw that allows cable modem subscribers to spy on each others traffic, as well as the ability to modify other users internet packets in realtime. The severity of a potential attack could allow a malicious subscriber to gain access to the customers private activity on the net, as well as the capabilities to hijack connections, intercept SSL/SSH/VPN encrypted sessions, hijack and poison dns servers, and perform a Denial of Service on the entire subnet. The advisory on BugTraq officially states that it didn't seem like Unix machines that logged onto the network were affected, but reports from other Adelphia subscribers indicate that this was inaccurate and Unix users are vulnerable as well."
This discussion has been archived. No new comments can be posted.

Adelphia's Cable Modems Compromised

Comments Filter:
  • Shit.... (Score:2, Interesting)

    3/4 of my family uses them, I've got to go spread the word...

    Thank $DEITY is do Linux on dialup, for once!
  • Hmmmm... (Score:5, Informative)

    by MattCohn.com ( 555899 ) on Saturday December 14, 2002 @11:06AM (#4887149)
    took a couple times to load, so just in case the server is flaking out and about to ban /. reffers...

    Problem Description:

    A certain set of subnets on Adelphia's Powerlink network are treated as a HUB/SWITCH and therefore allow cable modem subscribers promiscuous monitoring of the subnet, and arp poisoning (man in the middle) attacks. Upon finding this flaw, it seems to only affect windows users dhcp requests, as for *nix it hands off an entirely different subnet ip address that is not vulnerable. This doesn't stop one from booting into *nix and manually configuring their ip to be on the vulnerable subnet. To review, with arp poisoning, one can do a tremendous amount of malicious activity on a subnet, from DoS'ing the network, to hijacking DNS servers, and even attacking/cracking SSL/SSH/VPN negotiations. Promiscuous mode, one can passively monitor all traffic on the subnet, obtaining private information, including logins/passwords, and private email.

    Vulnerable Subnets:

    please contact security@invisiblenet.com for info regarding specific subnets.

    Solution:

    The solution is varying on how the cable networks topology is handled, and arp poisoning, as we know is not a completely solvable issue without a physical/virtual separation of Layer 3 from Layer 2 in the OSI Model. For promiscuous mode, don't have the network in HUB mode.
    • Guess What (Score:2, Interesting)

      by Anonymous Coward
      On any cable network, ARP spoofing is available, not just in this example. It is quite easy for someone to do this.
      • Re:Guess What (Score:4, Informative)

        by Subcarrier ( 262294 ) on Saturday December 14, 2002 @11:29AM (#4887260)
        On any cable network, ARP spoofing is available, not just in this example. It is quite easy for someone to do this.

        Depends on the equipment. Some cable routers allow only a limited number of IP address to MAC address mappings per modem and refuse to override an ARP table entry in the cable router with a different IP address once it has been created. Packets that do not have MAC and IP addresses matching the entries for the modem session get dropped.
    • Re:Hmmmm... (Score:3, Interesting)

      by aggieben ( 620937 )
      Why aren't the *nix subnets vulnerable? If you can drop your cable modem into promiscuous mode, it seems like even in a switched environment you could perform an arpspoof and still intercept/hijack connections and so on.
      • The article seems to imply that certain subnets are misconfigured, and presumably those subnets have windows clients only on them, the unix clients being on other subnets. Whether this is intentional or accidental is not mentioned. If not many clients are involved, and there are far more windows clients than unix, coincidence seems possible. But maybe there are enough differences in windows and unix clients (SMB shares? NFS) that it makes sense to keep them on separate subnets.
  • by Anonymous Coward on Saturday December 14, 2002 @11:08AM (#4887154)
    A vast warehouse of porn and spam doesn't really need a lock, now does it?
  • by eyegor ( 148503 ) on Saturday December 14, 2002 @11:08AM (#4887156)
    Given that they're teetering on the edge of existance, most of the good people have long since fled.

    I've being trying to find a competent person at Adelphia so I can get my cable internet service working. It's been weeks and they can't figure out why there's no return path for my signal. If they can't get that right, cable modem misconfiguration issues shouldn't be surprising either.

    I'm beginning to question my decision to move from IDSL to cable.

    Sheesh....
    • I've being trying to find a competent person at Adelphia so I can get my cable internet service working.

      Well, at least they're giving you good security. :)
    • Yeah, I belive I had the same problem for a weekend once then it just went away, go figure. Yes their people are extreme idiots. They don't even know they have an office in my town when I call them. They don't know what their own messages say is wrong when your waiting on the line for hours. I called them once and the machine said they were having problems like mine. When i got to a person I told him I thought the machine had answered my question, he said there were no such problems. Odd. When they sent a guy I hear his CB/radio thing have a person say that they had a outage in my town that weekend, i mention to him that must have been the problem and he responded with that there had been none when his own office said there had been 3 seconds before. Ether wacky coverup or very dumb people. Either way adelphia still has issue. Things like getting my bill before the due date would be nice to. And don't even begin to get started on trying to get digital cable from them upgrade.
  • by gregsv ( 631463 ) on Saturday December 14, 2002 @11:08AM (#4887159)
    It's nice to see that the computing industry as a whole is following Micro$oft's example and taking security "so seriously". [securityfocus.com]
    • I think that is a mockery of Microsoft, not taking threats as a joke. The exploit has full text to back it's claims.

      Perhaps if the same exploits didn't keep showing up you wouldn't see bugteams mocking Vendors.
  • not all that new... (Score:4, Informative)

    by Anonymous Coward on Saturday December 14, 2002 @11:10AM (#4887169)
    ARP poisoning has been around since...well...ARP! Its really easy to do and I'm surprized that it hasnt made more of a storm than it really deserves. Hopefully this story will bring to light the problem a bit more.

    There are patches out there for linux that will secure the ARP table, I wrote one but there are better and I dont remember what they are called but search...you will find.
  • *envisions some enterprising individual hijacking every packet on his cable network* Wow...yeah, that's a bug and a half...hopefully all that's needed is a firmware update.
  • by martyros ( 588782 ) on Saturday December 14, 2002 @11:13AM (#4887187)
    Does someone want to explain to me how they can intercept SSL connections? I thought the whole point of encryption and secure protocols was that we need not fear sniffing and man-in-the-middle attacks...
    • by gregsv ( 631463 ) on Saturday December 14, 2002 @11:17AM (#4887202)
      They can sniff the session, but all they will get is meaningless rubbish unless they can decrypt it. This is nearly impossible to do when using 128 bit SSL encryption.
    • by Ed Avis ( 5917 ) <ed@membled.com> on Saturday December 14, 2002 @11:18AM (#4887206) Homepage
      If you've already connected to a host in the past, and you know what its public key looks like, then you are protected from someone else pretending to be that host (unless somehow they had got hold of the private key as well). However there is always a first time connection - when ssh prompts you saying this host is not known but its public key signature is XXX - and for that you are vulnerable to man-in-the-middle attacks.

      With SSL for websites the host's public key may be signed by some authority like Verisign. But even when it isn't, don't you just click OK automatically?
      • This is why if it's important to you, you should always check the fingerprints of keys via some secure channel. I usually don't bother with SSL, but I have a cheat sheet with my SSH host keys on it in my wallet, so I can make sure I've got the right system when I connect to one of my systems.
        • I have a cheat sheet with my SSH host keys on it in my wallet, so I can make sure I've got the right system when I connect to one of my systems.
          Actually I've wondered how to check that. When I ssh into a new host, it gives me a warning like:

          The authenticity of host 'foo.bar.org (111.222.33.44)' can't be established. RSA key fingerprint is (some sequence of colon-separated 2-digit hexadecimals).

          How do I check that "fingerprint" against the contents of ~/.ssh/known_hosts/ which I presume is what's on your cheat sheet? Or to put it another way, how do you generate a cheat sheet of those RSA key fingerprints?

    • If you are in a position to intercept (as opposed to just sniffing them) the IP packets you can hijack the TCP connection before SSL kicks in and insert a transparent proxy into the connection. To do this you need to be on the same subnet with either one of the end hosts or have access to one of the routers on the path.
  • Uh-oh (Score:5, Interesting)

    by Elflord1999 ( 465328 ) <elflord@p[ ]hoses.org ['syc' in gap]> on Saturday December 14, 2002 @11:14AM (#4887191)
    Wow. I work in the second highest level of network support at Adelphia and I had no idea. Of course, there's just three guys or so that deal with the actual modems and their boot files. I'm going to point this out to the higher ups and see what can be done, methinks.
    • Re:Uh-oh (Score:2, Interesting)

      So are we looking at another example of BugTraq giving out the exploit before it can be fixed? IIRC this has been an issue with BugTraq in the past.
      • Re:Uh-oh (Score:5, Insightful)

        by GigsVT ( 208848 ) on Saturday December 14, 2002 @11:36AM (#4887284) Journal
        There is no exploit, at least not in the normal sense. It's just the way TCP/IP is designed.

        IMHO, this is really a trivial problem, one that nearly all cable modem networks were always subject to. They can do some stuff to mitigate it on the network side, but really this isn't anywhere near the gravity that the Slashdot blurb makes it out to be.
    • Re:Uh-oh (Score:2, Funny)

      by GigsVT ( 208848 )
      Well, I work for the highest level of support at Adelphia and you're fired!

      No, just kidding, but really I doubt your company would appreciate you posting messages like that, should have went AC at least.
      • I'm sure that they won't really discover anything about me, I'm not worried.
      • What can they do -- send a pink slip to Elflord1999? (How many Elflords do you figure work for them anyway?)

        But maybe they can find this guy and can him so they can prove how competent they are at security and efficient management ... or maybe that's not their best strategy ... but they're not obligated to me smart. Yeah, I probably would have AC'd it, and I'm a nobody.
    • Please, do point this out to the higher ups
    • Have nothing to do with this. At Adelphia, like
      most companies, the UNIX admin types and the Network
      admin types are constantly at odds with each other.
      Finger pointing, etc. This is a great example of
      attempting to deflect the blame onto those UNIX
      admin types that admin the actual modems and
      their boot files, instead of blaming Sam, your
      network overlord. :) You should be ashamed. The
      UNIX admins that admin the services have nothing to
      do with the network hardware they are connecting to,
      or how they are configured as they don't own the
      network or it's hardware.

      One of the things I really hated about
      Adelphia when I was there. In contrast, at
      MindSpring, the network and UNIX admin type
      guys all worked on the same floor together on
      peachtree street and were treated as equals, and
      encouraged to work together.
    • Oh please... (Score:2, Informative)

      by sstamps ( 39313 )
      Well, I can tell you that, before Adelphia bought out my local cable company, Prestige, I NEVER had so much as a single BOOTP packet outside of my own. Now, about 10% of the traffic I see is CONSTANT BOOTP requests from other customers all over the country. It is painfully obvious that Adelphia operates their network in HUB mode, when Prestige operated theirs in SWITCHED mode. You DO know what that means, right?

      BOOTP traffic should never leave the private UVR segment; period. In fact NO broadcast traffic of ANY sort should be allowed to leave the private network segment at all.

      So, don't give me that "it's an non-issue because it is TCP/IP" crap. It is an architectural issue that YOU guys need to clean up on your own network, otherwise, someone needs to do some network technician house-cleaning (all the way up to the CIO, if necessary) and send some people back to flipping burgers at McDonald's.

      While we are on the subject of security, why aren't you guys doing something about all the sequential IP scans that are going on in your network right now? Why isn't someone cleaning up THAT mess. Let's see, according to the firewall, I have 4 different scans going on right now; it has been as high as 12.

      That, and I have been having fits with your mail server (and, no, this isn't the first time, either; it happens so often, I just switch over to my own until you guys eventually finish reading your sendmail HOWTO and get it fixed).

      I realize that with Adelphia being more or less in bankruptcy right now, customer support is not very high on your list of things to take care of (just like network engineering), but don't come in here and tell us that it is a fundamental problem outside of your control when it is NOT. Get control of your network and stop making excuses.
      • I'm an Adelphia customer... I ran Ethereal (on my internal LAN, through NAT -- so I shouldn't be seeing anything from the cable modem anyway). I'm getting flooded with a bunch of "V2 Membership Report"s, from various and sundry hosts on the network, using IGMP (Internet Group Membership Protocol, I believe). They all seem to be local, but I've never understood what they meant.

        Is that what these are? They're being multicast to 239.255.255.250, which is reserved by ARIN (a multicast netblock?)

        I've always regarded these as random garbage, but never as a security risk. (Although I can see why they would be.) Is this what the article is referring to?
        • Actually, IGMP is Interior Gateway Management Protocol, which is probablu what Adelphia is using to communicate between their routers. You shouldn't be seeing those, as the UBRs should be filtering them out for you (unless there is another one of their routers on the customer side of your UBR). The one I am connected to seems to filter it out.

          If you are seeing the packets on your own private network, then your broadband router is also passing them, and maybe you should filter it out.

          No, what the article is referring to is the potential for spoofing responses to ARP and BOOTP/DHCP queries to setup man-in-the-middle attacks. You won't see these inside on your private LAN segment, but if you can somehow run a sniffer on the public side, you will see TUNS of ARPs / BOOTP requests.
          • You WILL see ARP packets on your own private subnet, but these are your own and are OK.

            You WILL see BOOTP/DHCP packets if you are using dynamic addressing, but again these are your own and are OK.

            "These are not the packets you are looking for..."
  • by rob_from_ca ( 118788 ) on Saturday December 14, 2002 @11:16AM (#4887198)
    Yes, this is bad for a variety of reasons.

    However, this is nothing magical, from the initial bugtraq description it sounds like just plain ole' arp snooping. Which means for encrypted, authenticated traffic (SSH/VPN/SSL), it's only going to work if the user ignores the security warnings because of the wrong keys, or the keys themselves have been stolen (a whole other ball of wax).
    • This is meaningless if you're using shared keys.

      If the spoofed host and my VPN box do not share the same key, then the connection will not initiate.

      For SSL, the same is true (as the CA Signing key wouldn't make sense.)

      It's only for SSH with password authentication, that this becomes an issue -- because then the user will accept the security warning and still enter their password. Yet another reason why you shouldn't use plaintext passwords with SSH alone.
  • by UpLateDrinkingCoffee ( 605179 ) on Saturday December 14, 2002 @11:20AM (#4887219)
    I have adelphia (I'm very happy with the service... 3Mbps downloads most of the time) but I like many others run through a router because I thought the normal operation of cable broadband is that anyone in your "loop" was essentially on the same subnet and could sniff packets, etc. at will. Is this really anything new?
  • Security (Score:5, Funny)

    by MeanMF ( 631837 ) on Saturday December 14, 2002 @11:25AM (#4887236) Homepage
    You mean that packets sent out over the Internet might be subject to interception?? The horror.
    • Did you know that your land line and cell phone calls can be tapped? Or that clerks in any of the institutions to whom you give your credit card numbers could steal them--or worse--*sell* them for profit! *shudder*

      Your car, for instance, can be bugged and tracked by a Nav positioning satellite so that the baddies will know where you are every minute of the day! I could go on, but now I think you see...it's *horrible*!

  • by Anonymous Coward
    The Openbsd project is humilated!
  • Unless your using a router your essentially on one very large LAN. Everyone on your node would be able to sniff packets from everyone else until your traffic hits the CMTS. This is why weird things like having the hostname and workgroup left as the standard pc manufacture name can cause your internet to slow down.
  • I use a similar device, a netgear thing - somehow I feel likihood of Netgear and others in the same market place getting a quick fixs out is remote. The o/s it runs doesn't give much away about itself, but it's not actually written by netgear (syos or something), and the documentation is minimal for some non-intuitive commands. Guess you get what you pay for, to an extent, that's why big firms buy expensive gear.

    At least if happen to hear about such a vulnerabilty I can build a linux box to do the same. but dedicating a noisy big old pc to this task...who would want to? Already my house is never really quiet.

    RG
  • Hmm.. (Score:5, Funny)

    by (eternal_software) ( 233207 ) on Saturday December 14, 2002 @11:52AM (#4887339)
    Well, I'm an Adelphia subscriber and I haven't noticed any problems so f
  • It doesn't even take any particular incompetence of the network admins. _Any_ shared internet service that runs unencryped is always going to be vulnerable. It's only a hacked flash away. Security updates like this are just a little taste of the truth of surfing through a shared 'net connection.

    This is just one of the reasons why I suggest to people I know that they buy DSL. Better security, assuming competent admins.
  • I mean, everyone in the neighborhood's signals are transmitted over the same cable circuit. Anyone could snoop on other people's packets.
    • At least for DOCSIS cable modem systems (not necessarily true for some older proprietary systems) this is not supposed to be true. The DOCSIS modem is an Ethernet bridge with some very specific additional behavioral rules. It should only learn individual MAC addresses from the customer side, and by default it should never bridge unicast packets received from the cable side unless they match a learned address.

      When I run tcpdump on my household server (acts as the gateway for our LAN), I can see traffic destined for us, and ARP who-has messages from the CMTS. The ARP messages are Ethernet broadcasts that have to be bridged. If users at Adelphia can see all the traffic, and it's a DOCSIS system, something (probably the cable modem configuration file) is really screwed up.

  • Not credible (Score:5, Informative)

    by hagbard5235 ( 152810 ) on Saturday December 14, 2002 @12:22PM (#4887470)
    This doesn't sound credible to me. In a Cable Network the CM ( Cable Modem ) receives on a downstream frequency band and sends on an upstream frequency band to the CMTS ( Cable Modem Termination System). The spec requires the CM CMTS system to act as a bridge. It is NOT hubbed. You can listen on your ethernet port until you're blue in the face and you will only see your own traffic and the broadcast traffic on the network. Period. Ever.

    Now, this does not rule out ARP spoofing, but the only really interesting ARP to spoof would be the one for the default gateway on the network. Since the gateway for the network is living on the CMTS and since any ARP request must pass through the CMTS before getting to our spoofer, I would expect the spoofed replies to arrive after the legitimate ones from the CMTS. Additionally, I would not be surprised to find out that the CMTS suppresses attempts to ARP spoof it's addresses ( and if it doesn't now, it will in the near future ).

    • Re:Not credible (Score:4, Informative)

      by Frater 219 ( 1455 ) on Saturday December 14, 2002 @01:04PM (#4887690) Journal
      The spec requires the CM CMTS system to act as a bridge. It is NOT hubbed.

      Bull pickles. I recently got Adelphia cable modem service myself. First thing I did, practically, was to plug the cable modem into my Mac OS X box and run "tcpdump" on it, to see whether or not they had secured the local network against sniffing. Sure enough, I could not see any of the other customers' actual traffic -- but I certainly could see:

      • DHCP requests (but not responses)
      • ARP requests for the gateway's IP address
      • ARP requests by the gateway for customer IP addresses
      • IGMP

      It seems pretty trivial that someone with the right mildly altered software could easily set themselves up as a DHCP server and hand out fake gateway information, or as an ARP-poisoning proxy. Good reason to check your network settings for suspicious things if you use DHCP.

      • Sigh...
        • DHCP requests are ethernet broadcast traffic.
        • ARP requests are ethernet broadcast traffic.

        A bridge will broadcast all ethernet broadcast packets to all hosts on the network. I don't know what kind of IGMP you were seeing, but I'd be astounded if it wasn't either bound for the ethernet address of something behind your cable modem or the ethernet broadcast address.

        • A bridge will broadcast all ethernet broadcast packets to all hosts on the network.

          Yup ... and it won't stop my host from responding to one of those with a phony DHCP or ARP response. Hence, forgery; hence, the problem noted in the article.

  • by A Guy From Ottawa ( 599281 ) on Saturday December 14, 2002 @12:25PM (#4887483)
    From security focus bugtraq:

    It seems to only affect windows users dhcp requests, as for *nix it hands off an entirely different subnet ip address that is not vulnerable. This doesn't stop one from booting into *nix and manually configuring their ip to be on the vulnerable subnet.

    Does anyone else find that funny? Windows users are vulnerable to a security flaw by default (as usual). But, (if they feel left out) Unix users can configure their box to be vulnerable too!!

  • by Ektanoor ( 9949 ) on Saturday December 14, 2002 @12:30PM (#4887512) Journal
    Well, on /. we frequently see some trolls that consider themselves so smart and experienced to say some enormities. And, I'm already seeing some saying the usual: "And so what? That's just another /. newsfud". Please, while /. is well fudded, there are things you should keep the mouth shut and think a little before saying something.

    The submission shown here may look, partially innocent for house wifes and the common guy in the street. They have lived with so many hacks, virus and trojans, that there is not much to worry about that. Unfortunately, many people do not know that such silly big providers also support someone who is not so simple and humble like your personal computer. They may be segments of corporate networks, departments that are too remotely located, that it is far cheaper to link them to some provider, rather than spending money to create an isolated channel. You may understand this, and still think that the biggest problem for the majority is the fact that information can be stolen. Correct rationale, if we consider the "majority", but again, bullshit. The big problem can be one or two clients of this provider. Clients that, if something goes wrong there, no one of us may have time even to say "shit". And no one will care to put you in a shinny wooded coffin. The best you may expect is a few tons of concrete and a mixture of chemicals so that your body quickly decomposes... Or that your body is quickly turned into ashes...

    The problem between big providers and such clients, is that, being a provider with reputation, dimension and emphasis, clients tend to forget some simple rules of the trade. They think that this huge provider does his homework and maintains a minimal level of protection. Meanwhile, these same clients, do not only forget to check the security of such links, but also forget about isolating such channels from their own critical sectors of activity. In the result, a malicious hacker may break-in in minutes into some critical zone. This may be a control station of some distribution system, an industrial zone, or the control room of the corporate network.

    Such situations happen and happen too frequently to consider it mere incidents. Thankfully, many of these break-ins are made by people who still have the shoulders in their head. Thankfully, breaking into the majority of corporate networks still demands some art and skills. However, this situation may change, if we all start considering that such problems, like the one described on the submission, are mere "features" that one may live with. If you consider that it should be that way, then don't be admired to see some big factory dropping tons of shit into the air or water. Don't be admired that suddenly a whole communication network goes fool and even 911 doesn't work in the middle of some critical situation. Don't be admired that your company produces things that blast or short-circuit at first use. Don't be admired that the lights go off every 5 minutes and all your home electronics are burning out. These are not stories taken from the hat. These are very concrete scenarios of real holes found somewhere around.

    These things do not happen now so frequently because Internet is in its very early age (and still many people, like engineers, do not trust it). But some of these holes are already there, waiting right around the corner for the first maniac script kiddie (yes, there are already holes that such lamers may exploit). If we keep this mood, of not caring about security, we will have all guarantees that something will seriously go wrong in the future.

  • by yack0 ( 2832 ) <keimel@nOspAM.gmail.com> on Saturday December 14, 2002 @12:32PM (#4887525) Homepage
    Adelphia sucks. [adelphiasucks.com] I guess in more ways than one now.

    Please, don't mod this down as a troll, it isn't, it may be blatant advertisement for a sucks.com web site, but it's not a troll ;)

    j
  • by archen ( 447353 ) on Saturday December 14, 2002 @01:07PM (#4887703)
    Good, then maybe some hacker will get confused and intercept my Adelphia cable TV hookup and inject some decent fucking cable programming for a change!
  • by autocracy ( 192714 ) <slashdot2007@sto ... m ['mo.' in gap]> on Saturday December 14, 2002 @02:18PM (#4888019) Homepage
    Yes, this vulnerability does exist. I re-posted it to adelphia.security-issues as soon as I recieved it from Bugtraq (7 PM Eastern, on the 12th). So it's been almost 48 hours. No word from Adelphia has been recieved by me yet. For details on the vulnerability: Hooked directly to the cable modem, I can see packets flying around in the same manner as if I were on a switch. It's like a really wide-spread LAN. I've even been able to identify certain users of the subnet I'm on (some guy who lives by a popular ice-cream place uses Adelphia. I know this 'cause his name is also on his car's license plates). Whether or not the use of tools such as Ettercap work I can't confirm (Re: I'm not willing to confirm). I've started calling Adelphia's NOC, but they're really not dealing with this very well...

    More info as I get it...

  • According to the DOCSIS 1.1 specification it is the responsibility of the cable modem itself to not pass other users traffic through, as cable internet is a shared medium like a hub. Some things will get through, though, since they are passed to a broadcast like DHCP, SSDP requests, and IGMP. I have Adelphia and can see these things coming in, as I should, but not other people's web traffic. Sounds to me that they posted something on BugTraq that is written up in a specification. Check out Cablelabs [cablelabs.com] for the DOCSIS 1.1 specification.
  • Adelphia is Garbage (Score:5, Interesting)

    by chunkwhite86 ( 593696 ) on Saturday December 14, 2002 @03:24PM (#4888296)
    Alow me to explain:

    1. Adelphia recently declared bankruptcy. Their CEO was the Number 1 CEO in the whole US for taking insider loans. Above Tyco, Enron, or Worldcom. The crooked bastard took an insider "loan" for OVER a quarter BILLION dollars. His reason for the loan was "Unspecified personal business".

    2. Their service sucks. I'm on the phone with their help desk at least once a month because the internet connection is down. Their tech support people are a bunch of brain-dead bozos reading from an "if: then" style troubleshooting manual - plus, it usually takes 45 minutes or more of waiting on hold to get through to a real human. Definitely some of the worst customer service in the industry.

    3. They are not complying, or planning to comply with the federal regulation passed in October that prevents cable providers from forcing customer to purchase service "bundles" to get a particular channel. The regulation states that a cable provider must provide, upon the customers request, the premium channels they ask for in an a-la-carte style manner.

    As an example, if I wanted to get the HBO channel at my house, Adelphia requires my to "upgrade" to their digital cable service for an additional $9.95 a month, plus $7/mo per TV (I have 3) plus pay $25.99 a month for the HBO bundle. Do the math - that equals a additional $57 per month just to get one premium channel. This practice is strictly forbidden by the recently passed legislation.

    And to top it off, the lying bastards told me that they don't have the technology to provide a single premium channel (no bundles) to a home, and that they don't have the technology to send certain premium channels to their analog cable subscribers - that they must "upgrade" to digital cable. The reason that they are lying bastards is that I have a friend who used to get just HBO (w/o a bundle) to his analog cable home (back when they offered this option). He canceled that channel but they never turned it off for him. Right now today he gets a single premium HBO channel to his analog cable home.

    My advice is to avoid this sleezy bunch at all costs - unless you like paying out the nose to support their insider lending (Yes, I know GWB thankfully just passed legislation making corporate insider loans illegal.) habbits and unfair business practices.
    • For what its worth, I've read recently in a newspaper that it is now illegal for a cable company to require upgrades to get a premium channel. Sorry I don't have a reference, but I read it from a newspaper while visiting my parents.
  • so can most older proprietary modems. it has to do with encrypting traffic from the modem to the CMTS, which I suspect creates some overhead. perhaps they're just being cheap? I'm on Cox.net, and if I go to webmail.cox.net it's an http not an https on the page where you submit your username and password. On the public internet this would be an issue but inside the cox.net network, you can't sniff your neigbors traffic because of the way the modems are setup (no I haven't tried, but if I did, am fairly sure what I could see I couldn't read).

    if you want all the dirt on how these modems work, go see the documentation at Cable Labs [cablemodem.com] , they're the people who certify the equipment.

    Thee's a reason I call myself broadbandbradley, I couldn't think of a good handle ;-)

  • While I agree with you that a security flaw in the modem itself is just terrible, does slashdot really have to make statements like:



    The severity of a potential attack could allow a malicious subscriber to gain access to the customers private activity on the net, as well as the capabilities to hijack connections, intercept SSL/SSH/VPN encrypted sessions, hijack and poison dns servers, and perform a Denial of Service on the entire subnet.



    So what if the user intercepts SSL/SSH/VPN traffic from hosts behind the cable modem? The entire purpose of those protocols is to prevent man-in-the-middle attacks, and encrypt traffic so that the security of the transport (as seen here as entirely untrustable) is no longer an issue.

    This type of fear mongering is what drives daily stories on the front page of slashdot, and has become entirely too irritating to deal with.
    • The problem with ettercap is that it allows for a man-in-the middle attack against ssh 1 implemenations. That includes seeing the cleartext data passing through....

      Also... many routers/firewalls and access devices that have ssh only have ssh 1 capability.... so there goes that protection.... since ettercap can intercept those... (Yes... the fingerprint presented would not match.... but then how many would know to check the fingerprint?)

  • I haven't checked Adelphia, but most Broadband ISPs are very up front about telling customers that there is absolutely no security provided by them. It's probably in the TOS, too. The only thing the ISPs block stuff for is performance tuning.

    I've heard a number of stories about people finding Windows printers they didn't own when they got their cable modem connection...

Kiss your keyboard goodbye!

Working...