Cable Modem Security - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Cable Modem Security

  1. #11
    Senior Member VicE$DoS$'s Avatar
    Join Date
    Nov 2002
    Posts
    209
    JK999,

    Go to www.sofaware.com

    Buy a Checkpoint Sofaware Box about $199 plug it in front of your pc....then carry on as usual

    Seriously tho..Sofaware.... they're great boxes and have a few spare ports (incase you get a laptop or a playstation or an Xbox or something in the future)

    A doddle to install and easily managable - even by a non technically minded person.

    Cheers
    v$d$
    I remember when Nihil was ickle. Does that mean I'm old?

  2. #12
    Member
    Join Date
    May 2003
    Location
    Somewhere in Texas
    Posts
    76
    r8devil is right.

    Unfortunately the only thing you can do is to protect yourself. If you try to bring it up to management, you've done your job. They would have to request an "evaluation."

    Your concern is commendable, but you're just learning what some of us have known for a while: how apathetic some companies, management teams, and others can be when it comes to security. You have taken the correct pill, and now you are seeing the seedy truth.

    g'day!

  3. #13
    Senior Member VicE$DoS$'s Avatar
    Join Date
    Nov 2002
    Posts
    209
    Here's one for all of you then,

    WHY is it that we all bitch, moan and accuse our ISP's of being 'apathetic' & Seedy?

    ISP Means 'Internet Service Provider'
    The definition of which is to provide Internet Connectivity to the end user.

    There's no mention of security in its name at all, Why do we all assume its our ISP's duty to provide us with a secure connection? Afterall they are a profit hungry business they dont wanna spend upwards of £13,000 ($21,000) on an Unlimited Firewall license.. thats not including the hardware and man power & training needed to run it.

    TV and Radio providers arent secure, Nor is any Telephone provider.If you want a secure radio channel YOU THE USER has to buy an encrypted transmitter / reciever one for each end. If you want an encrypted phone line YOU THE USER has to purchase a point to point encryption system. Why should the Internet be any different?

    And if the Internet was so brilliantly secure we wouldn't all be here now reading this would we?

    Sh1t someone give me the red pill ... I wanna go back to never never land.

    This is not directed at anyone but I really would like to hear a justification from someone as to why our ISP's should protect us.

    Cheers
    V$D$
    I remember when Nihil was ickle. Does that mean I'm old?

  4. #14
    Junior Member
    Join Date
    Jul 2003
    Posts
    2

    Cable Modem Security

    Thanks for all the responses.

    Two specific sub-topics I want to address. . . .

    >Yeah, I'm just going to go right out,
    >hack their DOCSIS modem,
    >then go after their box to build up my business,
    >then go to jail.

    Clearly, the poster of the above grossly misinterpreted my term "simulated attack," especially the "simulated" part. Perhaps "probe" might have been a better term for me to use. I had in mind the sort of action in which a lot of stuff is sent against the system from the outside--stuff similar to what a real attacker would use--but the folks inside the system probably won't even notice that anything is going on unless they are the techies whose job is to keep track of such things. I'm not sure if my ISP even has such people, or how well they do their jobs. If a properly designed probe revealed some serious weaknesses, and I were given a summary, I could (as I mentioned in my initial post) talk to the right people about those weaknesses.

    Which brings me to another quote:

    >How apathetic some companies, management teams,
    >and others can be when it comes to security.

    This remark, and related statements about how the protection of my personal home system is mainly my responsibility, are basically sound. In fact, I think that Lindsey Communications (the ISP involved here) should be discussing this very fact with each person who subscribes to their cable modem service. We should know exactly what the ISP is responsible for and what is out of their hands security-wise. The contract that we signed doesn't really cover anything significantly related to security.

    Anway, thanks again for the help.

  5. #15
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    JK: The reason that ISP's and management companies do not provide security is really rather simple..... They can't without inconveniencing their customer base and costing them a small fortune which, in turn will have to be passed on to the customer base in the form of higher costs, (they are not a charitable institution but rather another "Joe" trying to eek out a living in a pretty cut-throat environment). The inconvenience and/or higher cost will drive their customer's away thus they go out of business.

    To explain: Imagine I am the ISP and I decide that I will properly firewall my network to protect my customers. Initally, it would appear to be a low cost service to me and the expense I pass on to you would be minimal. But this isn't the case. You see, to _properly_ protect you I have to block all ingress and a lot of egress. For example I know that one of the favorite ports for malicious activity would be 31337. I would block that both inbound and outbound. But let's say you are a security type and work from home and want to scan your work systems, (or one of your customer's systems), for a Trojan hiding on that port. Well... You can't because my firewall is stopping you. So you are going to call me to get it fixed - you just raised my support expense because while my tech is talking to you he isn't talking to someone else. But it gets worse...... In order to help you I need someone in place that has a thorough understanding of firewalls and is trained to manage the firewall. Now you really put up my costs because instead of the $10/hour tech I could have got away with I now need a $30/hr tech. The real problem there is that my $30 tech will spend 99% of his time doing $10 work..... That's a huge waste of skill and a huge cost that I need to pass on to you.

    That's a bit of an extreme example but think about all those people that want access to their computers from work through PCAnywhere etc. All those people that play online games that require a port switch after the initial connection to be able to play. Before you know it I have so many holes in the firewall that it might as well not be there - and for my additional cost for no effective service it simply wouldn't be there - it doesn't benefit either of us.

    So, security is, plain and simple, a personal thing. What I want blocked will probably not suit you and what you want blocked would almost certainly not suit me. Therefore, since there is no consensus there can be no, cost effective, solution.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #16
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    You seem to be an educated person, so I won't needlessly insult you with profanities, but I will not be as understanding and diplomatic as Tiger Shark.

    Anyone here can “probe” ports, that is not illegal. And yes, almost all here could probably do it without the ISP realizing it. But what you ask,
    stuff similar to what a real attacker would use
    is what this site is all about, to LEARN what hackers would use and protect against it, but actually using it the way you request using it would not be legal.

    There is much debate in your ( and my ) Congress, as is in many countries and the security field in general, on who is responsible for Internet security. I agree that the ISPs should be held to a greater standard then they are now, ( and the manufactures of programs and hardware, such as wireless networks, etc. ... don't even get me started on that! ) should have as the bottom line security and the users' right to be secure as their top priority. But the bottom line right now is that it is the USERS responsibility to ensure that their systems are secure, NOT the ISP's. ( there is too much money in the way they are doing it now, and not enough political pressure. )

    I recommend to everyone that they, at the very least keep their Operating System up-to-date with current security patches, have up-to-date anti-virus programs running, and have a firewall installed and properly set up. If you don't, you are not only asking for trouble, you are inviting it, and you are a bane to society and should be disconnected and banned from the Internet. ( that includes CIOs who don't follow those rules!)

    .. I think that Lindsey Communications (the ISP involved here) should be discussing this very fact with each person who subscribes to their cable modem service.
    I think maybe you should provide us with more info if you truly want help. I can find NO reference to “Lindsey Communications” but “lindseycom.com” is hosted by Comcast Cable, but there are numerous cable providers for your state. Which is possibly your cable provider?? Check out their terms of service!

    Now, as to your arrogance. I hold to the firm belief that anyone more arrogant then me is an *******. ( you can quote me on that! ) You are, in my opinion definitely more arrogant then me!! To think someone who, as a new member, who never posted before, subscribing with a “throw-away” e-mail account such as a yahoo account instead of the account which your ISP ( in this case the cable provider ) provided you with, would come to a community such as this and try to entice and solicit members to commit illegal acts by daring them with statements such as
    ... this should be enough info to give any decent hacker a start
    and
    this might be a way for you to drum up some business
    justifies my opinions.

    Mr. Educated, go back to ****ing school!
    ( I did say needlessly )
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  7. #17
    Senior Member
    Join Date
    Aug 2001
    Location
    Calgary, AB Canada
    Posts
    140
    I'm kidding with this, but just to prove a small point to our thread starter, if it was anything else other than a security related post, it would sound like...:

    My friend & I recently moved into a new apartment complex. The company that owns it offers, among other services, security patrols. Since our old beater car was giving us way too many backfires, and the slowest version (12mph) of the engine speed is only two RPMs. We decided to buy a new 'always on' car, a faster car that could 'download' faster!

    So far, it has been working fine. However, I noticed that when the apartment employees were helping us get set up they mentioned absolutely *nothing* about security. There was not a word about the added exposure and risk associated with "really fast" cars like race cars. I have a car alarm <<insert vendor name here>> running, but we all know that such car-based setups are not necessarily the best. I'm considering a hardware car alarm, but I don't know very much about how to find the best value.

    Here's my request: since my apartment patrol provider seems to be both clueless & apathetic about the specs of my race cars engine, maybe someone with a bit more experience than me would care to build a fire under their tail. One of you theives out there should be able to run and hit a car or something for a simulated attack that would find some of the security problems that doubtless exist here. I could then pass the info along to the appropriate people and get some discussion going. If you work for a company that deals in Grand Theft Auto, this might be a way for you to drum up some business.

    The company that owns this apartment complex has their web site at:

    http://www.we-only-do-our-jobs.com

    The snail address of the local apartment management:

    Jim Bob
    12345 Fake Street
    Someplace snazy
    This should be enough info to give any decent car theif a start.

    If anyone out there wants to contact me privately, here's my email address:

    should-have-read@faqs.com

    Thanks.

    <<insert someones name here>>

    Yeah, ^^^ does that sound smart to you? Um, no. Go to the book store, and READ! (Hey, you don't even have to buy the books! You could get a 'shoplifter' to 'simulate' an attack, and maybe get it for free, and teach them bookstores a lesson for doing business!)

    Yeah, um, no. Plz read the faqs next time....

    Dave
    Alcohol & calculus don't mix. Never drink & derive.

  8. #18
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by dstevens1958
    I'm kidding with this, but just to prove a small point to our thread starter, if it was anything else other than a security related post, it would sound like...:

    My friend & I recently moved into a new apartment complex. The company that owns it offers, among other services, security patrols. Since our old beater car was giving us way too many backfires, and the slowest version (12mph) of the engine speed is only two RPMs. We decided to buy a new 'always on' car, a faster car that could 'download' faster!

    So far, it has been working fine. However, I noticed that when the apartment employees were helping us get set up they mentioned absolutely *nothing* about security. There was not a word about the added exposure and risk associated with "really fast" cars like race cars. I have a car alarm <<insert vendor name here>> running, but we all know that such car-based setups are not necessarily the best. I'm considering a hardware car alarm, but I don't know very much about how to find the best value.

    Here's my request: since my apartment patrol provider seems to be both clueless & apathetic about the specs of my race cars engine, maybe someone with a bit more experience than me would care to build a fire under their tail. One of you theives out there should be able to run and hit a car or something for a simulated attack that would find some of the security problems that doubtless exist here. I could then pass the info along to the appropriate people and get some discussion going. If you work for a company that deals in Grand Theft Auto, this might be a way for you to drum up some business.

    The company that owns this apartment complex has their web site at:

    http://www.we-only-do-our-jobs.com

    The snail address of the local apartment management:

    Jim Bob
    12345 Fake Street
    Someplace snazy
    This should be enough info to give any decent car theif a start.

    If anyone out there wants to contact me privately, here's my email address:

    should-have-read@faqs.com

    Thanks.

    <<insert someones name here>>

    Yeah, ^^^ does that sound smart to you? Um, no. Go to the book store, and READ! (Hey, you don't even have to buy the books! You could get a 'shoplifter' to 'simulate' an attack, and maybe get it for free, and teach them bookstores a lesson for doing business!)

    Yeah, um, no. Plz read the faqs next time....

    Dave
    for the best car safety:

    Download AK_47 V 3.0

    And then shoot anyone that walks near your car. While your at it, kill the guy that sold you it. All car dealers **** you in the ass anyway so he had it coming. then grab his money. After this you should have no problem with anyone trying to steal your car. If you do, **** em, AK pings can go threw police body firewalls and even the hardware "door" model.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •