Capping - Done at the cable modem or CMTS?
Vanguard
downloaded to the cable modem, it got me thinking that it has nothing
to do with capping (of downstream speed). There was a Cisco document
(Dec 22nd, 2004) which said the downstream capping is done by the CMTS
and upstream capping is done by the cable modem. Can someone confirm
this (or point to the Cisco article)?
Lonewolf
upload/download bandwidth use. They range from flat limits to class limits
for different types of traffic.
For Example:
cable downstream rate-limit
To enable DOCSIS rate limiting on downstream traffic, use the cable
downstream rate-limit command in cable interface configuration mode. To
disable DOCSIS rate limiting on downstream traffic, use the no form of this
command.
cable downstream rate-limit [token-bucket [[shaping [granularity msec |
max-delay msec]] | weighted-discard] [exp-weight]
no cable downstream rate-limit
"Vanguard" <vangua...@yahooNIX.com> wrote in message
news:nbOdnVvMTof0WDDZ...@comcast.com...
RNess
The below is from mine. Notice the caps?
Bandwidth linitation is done via bootfile in the modem.
Cable Modem Operation Configuration
Network Access : Allowed
Maximum Downstream Data Rate : 8800000
Maximum Upstream Data Rate : 768000
Maximum Upstream Channel Burst : 0
Maximum Number of CPEs : 1
Modem Capability : Concatenation Disabled, Fragametation Enabled, PHS Disabled
"Vanguard" <vangua...@yahooNIX.com> wrote in message news:nbOdnVvMTof0WDDZ...@comcast.com...
Robert Heiling
accessible by either the modem or the CMTS, but that doesn't address the issue
of which one does the actual capping for Up & Down.
Vanguard
news:5dqdnc08FM19xzPZ...@comcast.com...
> On the Cisco CMTS there are a number of commands for regulating
> upload/download bandwidth use. They range from flat limits to class
> limits for different types of traffic.
To know who has what level of service, are these policies established
based on the MAC address used when registering the cable modem?
Vanguard
news:1NWdnY9KK46JcDPZ...@giganews.com...
> Take a look at 192.168.100.1 if your modem is capable.
Thanks. I could swear that I tried that IP combination. Anyway, that
got me connected to the cable modem. Unfortunately, for the Webstar
that they put in as a replacement for the Surfboard, all I can see is
the System summary page which shows:
Name WebSTAR DPC2100
Modem Serial Number 201692480
Cable Modem MAC Address 00:11:e6:ef:87:a8
Hardware Version 2.0
Software Version v2.0.2r1242-040825
Receive Power Level 1.3 dBmV
Transmit Power Level 55.5 dBmV
Cable Modem Status Operational
About the only useful info there are the power levels. All the other
pages (Signal, Status, and Log) return "This feature is not enabled".
Thanks for the info, anyway.
RNess
An example - a residential customer upgrades to Teleworker or maybe
Workplace lite - a billing system change triggers a new boot file load.
And bingo - customer has the new service level.
Customer upgrades to the 8/768 residential service - a new boot file goes out
and again, the new level of service is now available.
Again - Robert, it's done at the modem.
"Robert Heiling" <rob...@comcast.net> wrote in message news:44AF0050...@comcast.net...
Robert Heiling
>
> Robert, it's done at the modem.
>
> An example - a residential customer upgrades to Teleworker or maybe
> Workplace lite - a billing system change triggers a new boot file load.
> And bingo - customer has the new service level.
>
> Customer upgrades to the 8/768 residential service - a new boot file goes out
> and again, the new level of service is now available.
>
> Again - Robert, it's done at the modem.
Sorry. If you have independent knowledge that's the case, then fine. My only
point is that we all know that info is downloaded to the modem in the config
file. Drawing the conclusion stated above does not follow from that evidence.
That's the only point I'm raising.
Bob
Vanguard
> Robert, it's done at the modem.
>
> An example - a residential customer upgrades to Teleworker or maybe
> Workplace lite - a billing system change triggers a new boot file
> load.
> And bingo - customer has the new service level.
>
> Customer upgrades to the 8/768 residential service - a new boot file
> goes out
> and again, the new level of service is now available.
>
> Again - Robert, it's done at the modem.
If capping were regulated at the cable modem, what would stop
customers from provisioning their own cable modems to up their cap
levels? One description of how I saw to do this was:
"Basically, you set yourself up a TFTP server to respond to your modem
when it attempts to obtain it's boot file from your provider. This
requires you to telnet into your modem and download it's config file
in the form of a "bin" file - it's config file is stored in binary
format. You then open it with a binary editor and make any adjustments
you require and upload it to your modem."
How often does Comcast send the boot file to the cable modem? Only
when billing sees a service level change in their records? On every
IP lease expiration? Every day? Every hour? The shorter the
interval the less usefulness there would be for a user to alter the
boot file.
It could be the cable modem's boot file regulates both the upstream
and downstream speeds. Otherwise, there wouldn't be the plethora of
web sites out there, like http://www.tcniso.net/ and
http://www.unixmexico.org/~uncap/www.surfboard.digitallinx.com/Software/index.html,
that seem intent on hacking cable modems, or books on how to hack the
cable modem, like http://snipurl.com/sx84. What would be the point of
hacking the boot file if the CMTS had the actual control? I see
statements, like:
"Motorola has released some new firmware for the 3100, 4100 and 4200
modems that disables uncapping. We are working on a really good
solution to block this permanently. Right now I am starting on a
project that once completed will allow someone to be uncapped and
stealth, that is making a modem not show up in the CMTS's QoS
profiles."
So one trick apparently was to load a different boot file or maybe do
a firmware update that provided for uncapping the cable modem. Oddly,
the Motorola 4200 that I had before was the one that Comcast replaced
with a Webstar cable modem. Maybe they had too many users hacking the
Surfboard modems which seem to be the favorite target of the uncapping
hackers. There was also mention that an MD5 hash might be added to
the boot file (but then an MD5 Remover tool as mentioned at one of the
aforementioned sites).
There seems to be a lot of hackers trying to undo the capping that
gets regulated at the cable modem; see
http://www.securityfocus.com/news/394 (which is an old article;
http://www.theregister.co.uk/2004/02/05/cable_modem_hackers_conquer/
is newer). So I wonder why the capping isn't simply regulated
upstream at the equipment to which the hacker has no access (i.e., the
CMTS end). Of interest was also that the hacking could allow a user
to receive all raw traffic through the cable modem to their PC so that
they could spy on everyone else on their segment; i.e., rather than
have the cable modem regulate what traffic gets passed through it, it
becomes like a promiscuous NIC that can sniff it all. Encryption can
be used but it is an option that is apparently not yet prevalent, and
Comcast's TOS acknowledges the risk of eavesdropping by other
subscribers (which would mean that they don't encrypt to the cable
modem).
So the same hackers that are uncapping their cable modems may also be
monitoring your downstream traffic, and the hacking tools are getting
easier to use. Yikes! Looks like we need a new DOCSIS standard that
obviates regulation at the cable modem and moves it upstream to gear
that is out of reach of the hackers.
Al Pilarcik
The CMTS controls the TFTP server. The TFTP server serves boot or
configuration files to the cable modem.
A Cisco UBR7100, for example, can be configured to serve boot files, though
in practice the TFTP server does so.
A typical bootfile gives service levels of 6Mbps down/384kbps up or 8Mbps
down/768kbps up. Additional bootfiles may be served in instances of network
abuse or excessive bandwidth usage.
Barry Margolin
"Vanguard" <vangua...@yahooNIX.com> wrote:
> "RNess" <ric...@nodamnspam.nessnet.com> wrote in message
> news:IomdnexYCu37ijLZ...@giganews.com...
> > Robert, it's done at the modem.
> >
> > An example - a residential customer upgrades to Teleworker or maybe
> > Workplace lite - a billing system change triggers a new boot file
> > load.
> > And bingo - customer has the new service level.
> >
> > Customer upgrades to the 8/768 residential service - a new boot file
> > goes out
> > and again, the new level of service is now available.
> >
> > Again - Robert, it's done at the modem.
>
>
> If capping were regulated at the cable modem, what would stop
> customers from provisioning their own cable modems to up their cap
> levels? One description of how I saw to do this was:
>
> "Basically, you set yourself up a TFTP server to respond to your modem
> when it attempts to obtain it's boot file from your provider. This
How would you do this? It sends the request over the cable, not the
LAN, so unless you have your own CMTS you can't intercept this.
> requires you to telnet into your modem and download it's config file
> in the form of a "bin" file - it's config file is stored in binary
> format. You then open it with a binary editor and make any adjustments
> you require and upload it to your modem."
I think the cable companies generally provision the modem to prevent
telnetting in from the LAN. They usually just open the HTTP port so
customers can look at their signal levels with the modem's web interface.
> There seems to be a lot of hackers trying to undo the capping that
> gets regulated at the cable modem; see
> http://www.securityfocus.com/news/394 (which is an old article;
> http://www.theregister.co.uk/2004/02/05/cable_modem_hackers_conquer/
> is newer). So I wonder why the capping isn't simply regulated
> upstream at the equipment to which the hacker has no access (i.e., the
> CMTS end).
If you have different customers with different caps, it may just be
because it's much easier to download a customer-specific configuration
to the modem than to load a huge configuration into the CMTS. If an
occasional hacker manages to get around it, it's not that big a deal.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
Robert Heiling
>
> [...] and moves it upstream to gear
> that is out of reach of the hackers.
Eh? What's that you say? :)
Al Pilarcik
>> http://www.theregister.co.uk/2004/02/05/cable_modem_hackers_conquer/
>> is newer). So I wonder why the capping isn't simply regulated
>> upstream at the equipment to which the hacker has no access (i.e.,
>> the CMTS end).
"But DerEngel doesn't believe any cable modem is going to be immune from
customization, and he says his team is ready to prove it. "If you have to,
you can just change the [programmable memory chip] -- desolder it, put it
back on there," he says. "As long as the customer has the actual hardware in
their hands, the customer will always be able to change what he has.""
His team has proved their expertise, time and time again.
What is not mentioned is the fact that CMTSs can and often are configured to
compare bootfiles to system service levels. If a mismatch is present, red
flags are thrown. This applies to most cable ISPs.
xDSL is different. Capping is done at the DSLAM, which is more difficult to
circumvent.
Vanguard
news:barmar-A9F6B5....@comcast.dca.giganews.com...
> "Vanguard" wrote:
>> "Basically, you set yourself up a TFTP server to respond to your
>> modem
>> when it attempts to obtain it's boot file from your provider. This
>
> How would you do this? It sends the request over the cable, not the
> LAN, so unless you have your own CMTS you can't intercept this.
Who says the cable modem has to be connected to the CMTS to get
provisioned? Any equipment that can provision the cable modem can be
used. If you had visited the links that I provided, you would find
they make devices to hook to the cable modem which provides an RS-232
interface you can use to communicate to the cable modem. Obviously if
the ISP's CMTS end can provision a cable modem then something that
emulates the same functionality can do it, too.
>> requires you to telnet into your modem and download it's config
>> file
>> in the form of a "bin" file - it's config file is stored in binary
>> format. You then open it with a binary editor and make any
>> adjustments
>> you require and upload it to your modem."
>
> I think the cable companies generally provision the modem to prevent
> telnetting in from the LAN. They usually just open the HTTP port so
> customers can look at their signal levels with the modem's web
> interface.
The same features that the ISP can disable when they download the boot
file to the cable modem are the same ones that the hackers can
reenable. If the cable modem can do it, the ISP can't stop someone
from using the mentioned tools to make use of those features and
setup. It doesn't take a lot of reading and Googling to see that
hackers can themselves provision the cable modem with whatever
behavior the hacker wants that the cable modem supports. In one case,
the cable modem is opened and two wires soldered onto the Surfboard
mainboard which provides an RS-232 interface to the hacker's computer
which can then reprogram the cable modem. This is probably only
needed to get past the physical interface of using the cable since
anything the ISP can push to the cable modem could be pushed from
another source other than the ISP. From what I've read so far, there
is nothing to prevent someone other than the ISP from programming the
cable modem.
> If you have different customers with different caps, it may just be
> because it's much easier to download a customer-specific
> configuration
> to the modem than to load a huge configuration into the CMTS. If an
> occasional hacker manages to get around it, it's not that big a
> deal.
I would doubt that the change for one customer would result in
reloading all of the "huge configuration" into the CMTS equipment.
One customer change would result in one record change. When updating
a database, you don't change every record. You just change the record
that was different.
As to not being a problem, that might be true but then I'm not one of
the cable modem hackers or part of that community nor am I an ISP to
know how prevalent or sparse is the problem. It's not like the ISPs
are publicly announcing the problem with statistics so their customers
would know, and if the customers knew then they would probably clamor
that changes were needed, like enabling the encryption to the cable
modem. If they announced the problem then more customers would know
about it with the result that the problem could get even worse. We
customers really don't know the severity of the problem. Also, as
mentioned, it seems the tools to hack the cable modems is getting
easier which would tend to make the problem proliferate faster.
The only reason why I wandered off into the cable modem hacking topic
was in trying to determine which end actually enforces the caps.
Because of the hacking it sure seems that regulation is enforced at
the cable modem. If the cable modem was the one regulating the
upstream and downstream speeds, no one would be wasting their time
hacking the cable modem. If the control were somewhere else, that's
where the hackers would focus. So while I have no absolute proof that
it is the cable modem that does all the capping, it sure seems like
that is the control point.
Vanguard
news:44aff0f8$0$17997$892e...@authen.yellow.readfreenews.net...
Without starting yet another subthread about hacking, I'm wondering
how often the boot file gets pushed to the cable modem. If it is done
often enough, maybe even once a day, it would seem to obviate most or
all the effort of hacking the cable modem (i.e., the abuse would be
short-lived). Does the cable modem only get reprogrammed when there
is a change in the customer's service plan? You mentioned
reprogramming in instances of network abuse so I have to wonder how
quick Comcast is to react to such abuse. While I've heard of cases
where customers were suspended or off-domain SMTP getting blocked due
to spam abuse, I haven't heard of a case where a customer got nailed
for deliberately changing their cap levels by hacking their cable
modem, but then I don't know if this is something the ISPs want to
publicly acknowledge.
Any info on whether or not Comcast implements encryption to the cable
modems to eliminate eavesdropping? In the past, I've used a VPN to
get connected to work from home but that used encryption to protect
that communication (i.e., it was a secure VPN). If I used VNC to
connect from home to a work host, I used UltraVNC because of its
encryption plug-in. For home, and so far, it's just personal stuff
that I don't care if someone sniffs out, but I would think it might be
of concern for customers that are running home-based businesses.
While the reprogramming (to download the boot file) might be
instigated as the result of bandwidth abuse, Comcast might not have a
clue with someone hacked their cable modem so it could pass raw
traffic to go sniff on other customers' traffic.
I hadn't really thought of cable broadband being the same as a LAN
where anyone could stick in a NIC that supports promiscuous mode.
There is some degree of trust within a corporate network between the
nodes but that certainly isn't the case with a bunch of strangers on
the same cable segment as you. It would be a nuisance for Comcast
users to have to connect to SSL proxies just so their traffic was
encrypted over the cable and something that is apparently available as
a feature that could be enabled.
When I had the Motorola Surfboard cable modem, one of the status items
was "Initialize Base Privacy". Is that the encryption mode that cable
modems can support? I believe a "Done" status means that encryption
is enabled between the CMTS end and the cable modem and a status of
"Skipped" means there is no encryption. Comcast stuck me with a
Webstar cable modem from Scientific Atlanta when they replaced the
Surfboard so I can't tell much anymore about setup at the cable modem.
This sucks. The Webstar's "System" page doesn't show anything
regarding "privacy" or encryption and all the other pages, like
Status, are disabled (perhaps deliberately in Comcast's boot file that
they pushed to the Webstar). In fact, as I recall, the Surfboard had
me login whereas the Webstar does not (because its other pages are
disabled).
Bit Twister
>
> Without starting yet another subthread about hacking, I'm wondering
> how often the boot file gets pushed to the cable modem.
Have you looked in your modem log. Looking in mine,
http://192.168.100.1/logs.htm, I can see where I power booted mine
6/30 and I find a
2006-07-07 19:56:14 7-Information B403.0 Auth Comp
which I would guess is when they checked my settings.
Robert Heiling
>
> "Barry Margolin" wrote in message
> news:barmar-A9F6B5....@comcast.dca.giganews.com...
> > "Vanguard" wrote:
> >> "Basically, you set yourself up a TFTP server to respond to your
> >> modem
> >> when it attempts to obtain it's boot file from your provider. This
> >
> > How would you do this? It sends the request over the cable, not the
> > LAN, so unless you have your own CMTS you can't intercept this.
>
> Who says the cable modem has to be connected to the CMTS to get
> provisioned? Any equipment that can provision the cable modem can be
> used. If you had visited the links that I provided, you would find
> they make devices to hook to the cable modem which provides an RS-232
> interface you can use to communicate to the cable modem. Obviously if
> the ISP's CMTS end can provision a cable modem then something that
> emulates the same functionality can do it, too.
But at some subsequent point it has to connect to the ISP and follow protocol
then.
From my same readings, I'm not sure how much of what they say is truth and how
much is bs (there's an awful lot of that on the topic). Even if they were
successful to a point, there are built-in checks to catch them. You have to not
only succeed in the uncapping, but you can't be caught in order to count it as a
success. Getting caught could result in loss of the internet connection (from
ALL providers), but prosecution for theft of services.
The cable modem is given information that it needs in order to communicate and
coordinate with the CMTS. This quote characterizes that relarionship: "The
relationship between a CM and its CMTS is a master-slave relationship. The CMTS
controls the bandwidth allocation on the upstream channel. The CMTS sends on the
downstream channel bandwidth allocation messages called Upstream Bandwidth
Allocation maps (referred to as MAPs) which define how the time units
(mini-slots) on the upstream channel must be used. " [That quote comes from a
Microsoft white paper, but the material is prevalent on the web).
A very good description of the process is at:
http://www.usr.com/support/6000/6000-ug/two.html
"Ranging
Every CMTS continuously broadcasts three separate messages on every downstream
channel that relates to the MAC layer. These messages are the synchronization
message (SYNC), upstream channel descriptor (UCD), and bandwidth allocation map
(MAP). A cable modem must continuously identify and decode these messages in
order to properly transmit data onto the cable upstream path."
"During the length of time that a cable modem is actively connected to a CMTS,
the CMTS periodically repeats this process. This is called periodic maintenance
and is determined by the configuration of the CMTS."
"DOCSIS Configuration File. . . Trivial File Transfer Protocol (TFTP) server . .
. The most basic configuration file simply enables the cable modem and declares
a maximum available bandwidth for both the downstream and upstream. "
HTH
Bob
Barry Margolin
"Vanguard" <vangua...@yahooNIX.com> wrote:
> "Barry Margolin" wrote in message
> news:barmar-A9F6B5....@comcast.dca.giganews.com...
> > If you have different customers with different caps, it may just be
> > because it's much easier to download a customer-specific
> > configuration
> > to the modem than to load a huge configuration into the CMTS. If an
> > occasional hacker manages to get around it, it's not that big a
> > deal.
>
> I would doubt that the change for one customer would result in
> reloading all of the "huge configuration" into the CMTS equipment.
> One customer change would result in one record change. When updating
> a database, you don't change every record. You just change the record
> that was different.
I have operated a major ISP network (Genuity, which was later acquired
by Level(3) -- we operated the 4.2.2.x DNS servers that everyone
switches to when Comcast's get flaky), I know how changes are done. I
never said "reload", I said "load" -- the CMTS would need enough memory
to be able to hold this huge configuration, which would make the CMTS
equipment more expensive. Whenever feasible, we preferred to put
customer-specific settings in the CPE rather than the POP.
Vanguard
> Vanguard wrote:
>>
>> "Barry Margolin" wrote in message
>> news:barmar-A9F6B5....@comcast.dca.giganews.com...
>> > "Vanguard" wrote:
>> >> "Basically, you set yourself up a TFTP server to respond to your
>> >> modem
>> >> when it attempts to obtain it's boot file from your provider.
>> >> This
>> >
>> > How would you do this? It sends the request over the cable, not
>> > the
>> > LAN, so unless you have your own CMTS you can't intercept this.
>>
>> Who says the cable modem has to be connected to the CMTS to get
>> provisioned? Any equipment that can provision the cable modem can
>> be
>> used. If you had visited the links that I provided, you would find
>> they make devices to hook to the cable modem which provides an
>> RS-232
>> interface you can use to communicate to the cable modem. Obviously
>> if
>> the ISP's CMTS end can provision a cable modem then something that
>> emulates the same functionality can do it, too.
>
> But at some subsequent point it has to connect to the ISP and follow
> protocol
> then.
That's why I wondered how often Comcast pushes its boot file to the
cable modem. The hacker provisions the modem how they want but then
Comcast re-provisions the cable modem - but how often? If the boot
file only gets pushed to the cable modem when there is a change in the
account (e.g., billing sees a change in the service plan). It could
be years before the customer makes a change, or Comcast makes a change
to what they provide, like upping bandwidth in an area.
Dr Feelgood
"Vanguard" <vangua...@yahooNIX.com> wrote in message
It's not a matter of how often they push a new boot file. It's a matter
of how they detect modems operating at speed above the setting they are
suppose to. This is quite easily detectable automatically and forwarded
to people with the power to cancel your service. When they get the
notice they can simply look at your boot file and if settings have been
changed can terminate your service on the spot.
Vanguard
news:slrneb29qp.f...@wb.home.invalid...
As I mentioned, the way that Comcast provisioned the Webstar cable
modem makes it impossible to see anything other than its "System"
summary page (when connecting to it via HTTP). The Signal, Status,
and Log pages are deliberately disabled so I can't see any of that. I
used to have the Motorola Surfboard cable modem and could see the
status and log pages. They replaced it with the Webstar and all I see
is the summary page. Trying to access the other pages in the cable
modem's HTTP server results in, "This feature is not enabled. This
feature has not been enabled in your cable modem."
During an outage, I noticed the behavior of the Webstar was altered in
that I could see those other admin pages on the cable modem. There
was a problem with getting to Comcast's DHCP server so I was getting
stuck with a 192.168.100.10. I'm used to the Surfboard that assigned
an IP address of 169.254.x.x which conforms to the APIPA standard (of
reverting to private addressing when the ISP's DHCP server is
unreachable). During that outage, I was able to see the other admin
pages when connected to the Webstar via HTTP. Once the outage was
gone (and the cable modem assigned me an IP address of 66.41.x.x),
those status, signal, and log pages were disabled again in the
Webstar.
However Comcast is provisioning the Webstar cable modem (so it works)
results in disabling those other admin pages in its HTTP server. For
example, according to
http://www.scientificatlanta.com/customers/Source/7007012.pdf, the
Webstar has its standby or soft switch to disable the Ethernet and USB
ports (but which isn't described in their user manual, but then using
the HTTP interface to its web server isn't mentioned, either, in the
user manual at
http://www.scientificatlanta.com/products/consumers/userguidepdfs/webstar_userguides/DPC2100A.pdf)
but I can't even see the feature because those pages have been
disabled by Comcast.
I'd like to see those other admin pages in the cable modem's embedded
web server but Comcast has disabled them. Maybe Comcast is pushing
the wrong boot file to my cable modem; i.e., I suppose if they pushed
a boot file designed for the Surfboard that it might not work
correctly with the Webstar. I don't know the DOCSIS standards to know
if a standard set of instructions are to be coded in the boot file and
is the same for all DOCSIS-compliant cable modems, or if the boot file
might be brand and model specific. Whatever is the problem, when the
cable modem is working, those other admin pages are inaccessible.
Warren
> That's why I wondered how often Comcast pushes its boot file to the
> cable modem. The hacker provisions the modem how they want but then
> Comcast re-provisions the cable modem - but how often? If the boot file
> only gets pushed to the cable modem when there is a change in the
> account (e.g., billing sees a change in the service plan). It could be
> years before the customer makes a change, or Comcast makes a change to
> what they provide, like upping bandwidth in an area.
Two things: You're mixing-up provisioning, and getting a config file. They
are two different things. Provisioning is done on the CMTS. Provisioning
tells the CMTS who you are, and what config file to push to you.
How often is it pushed to you? You're not going to get an authoritative
answer to this question. Why would they tip-off the hackers?
But I will tell you that any unusual spikes will be noticed by either
automatic or manual monitoring that's done on a regular basis, and if a
pattern develops, evidence will be gathered before you'll get kicked-off,
and permanently banned.
--
Warren H.
==========
Disclaimer: My views reflect those of myself, and not my
employer, my friends, nor (as she often tells me) my wife.
Any resemblance to the views of anybody living or dead is
coincidental. No animals were hurt in the writing of this
response -- unless you count my dog who desperately wants
to go outside now.
Power Lawncare Tools for Spring Clean-up:
http://www.holzemville.com/mall/blackanddecker/
Robert Heiling
Apologies for the confusion. I read that document too hastily and came away
thinking that it said that the "periodic maintenance" included pushing the
config file. That would be ridiculous now that I reflect upon it, but would
indeed have undone the hacker's efforts if it were true.
> The hacker provisions the modem how they want but then
> Comcast re-provisions the cable modem - but how often? If the boot
> file only gets pushed to the cable modem when there is a change in the
> account (e.g., billing sees a change in the service plan). It could
> be years before the customer makes a change, or Comcast makes a change
> to what they provide, like upping bandwidth in an area.
Or they could have a background audit function running off the SNMP that
compares the modem's config with the values kept on the server. Perhaps I'm
missing something there though as I'm thinking that there are copies on the TFTP
server, but Barry's comment seems to indicate that the CPE has the only copy.
I understood your original question differently than a number of other people
here. It was not a question, I thought, of where those particular numbers were
stored, but of how the capping was physically accomplished: "There was a Cisco
document (Dec 22nd, 2004) which said the downstream capping is done by the
CMTS". It was that understanding, or misunderstanding, that led to my initial
post that RNess reacted so defensively to. In any case, the answer for
Downstream is reasonably clear. The role of the CM in Downstream is a passive
one and it only sits there looking at the frames for packets that have its own
PID on them. It would be the CMTS that packages those frames in order to achieve
the specified speed.
Bob
RNess
or anything that could be construed as speaking for a (certain company)....
Thus, my post was short, factual and to the point.
And again I state, the boot file determines the speeds the modem is capable of.
"Robert Heiling" <rob...@comcast.net> wrote in message news:44B2799B...@comcast.net...
Robert Heiling
> [top-posting repaired]
There hasn't been any disagreement about that on my part and it's still unclear
why you reacted to my post in the manner you did. My post at that time had gone
on to say:"but that doesn't address the issue of which one does the actual
capping for Up & Down." and, as I say above, I was under the impression that
that was the OP's question. Since it's the CMTS that is putting the frames
together for the shared bandwidth, it would be the CMTS that needed to do the
computations and basically determine who gets what. The CM's role is that is
passive. I fail to see how any of that would be proprietary. The actual code and
hardware design, yes proprietary, but not the underlying principles.
Bob
Dr Feelgood
It would seem speed is regulated by the Modem config / boot file and
monitored at the other levels. Think of the old dialup modems still out
there. If you happen to go get one from a used parts store and end up
installing an old 28k modem your dialup speed would be regulated to 28k
or less. If you got a 56k modem that speed would be double. The speed is
still controlled at the modem. It doesn't matter that your neighbor
using a cable modem can get speeds far and above that while downloading
from the same web site.
The best way to see would be to look at the config files of someone with
and someone without speed boost available. To my knowledge speed boost
has not yet been rolled out at my location. R. Ness who posted his
config files speeds has the ability to look at his config file so when
power boost is released in this area ask him to have another look and
see if it changes.
Robert Heiling
>
> "Robert Heiling" <rob...@comcast.net> wrote in message
> news:44B39816...@comcast.net...
>
> It would seem speed is regulated by the Modem config / boot file and
> monitored at the other levels.
The config file is simply *data*. *Processing* is done by processors. For
example: Your computer can run a tax program on your tax data and produce your
tax return. The same computer & program could take my data and produce my
return. The 2 sets of data are different and produce different results, but the
software (tax program) and hardware (cpu) process it according to the same set
of rules. Don't confuse data with the processor that does the work.
> Think of the old dialup modems still out
> there.
Wanna buy one? I'll make you a good deal.
> If you happen to go get one from a used parts store and end up
> installing an old 28k modem your dialup speed would be regulated to 28k
> or less.
That's simply a function of the physical limitations of the carrier that the
modem puts on the line and that the modem at the ISP end recognizes.
> If you got a 56k modem that speed would be double. The speed is
> still controlled at the modem.
Not controlled. You mean "limited" by the technology. You can't get a Model T
Ford up to 120 mph on the racetrack.
> It doesn't matter that your neighbor
> using a cable modem can get speeds far and above that while downloading
> from the same web site.
The bandwidth on the connection between a CM & a CMTS is used in a different way
than in your serial modem example. There is sufficient bandwidth to handle a
large number of users, some at 4Mbps, some at 6Mbps. some at ..., for example
The CMTS would be outputting frames with the users' data after calculating which
needed to go out in order to honor the various caps.
> The best way to see would be to look at the config files of someone with
> and someone without speed boost available. To my knowledge speed boost
> has not yet been rolled out at my location. R. Ness who posted his
> config files speeds has the ability to look at his config file so when
> power boost is released in this area ask him to have another look and
> see if it changes.
That might be confidential and proprietary, so proceed with caution.
There's a lot more in a config file than what a user can see on those browser
screens. You'd need to be at the ISP's SNMP screen to see more of that. In any
case, I don't believe that a technical explanation of Powerboost has been
forthcoming as yet, just marketing hype of no technical interest. If there is a
flag in the config file for it, then there is a flag. That's not informative as
to how it's accomplished at a technical level.
Bob
Dr Feelgood
OPEN EYES:
R. Ness already stated he has access to his config file and posted the
information from his current one. If considering contesting that fact
proceed with caution. :) When power boost is released to an area it's
not exactly a secret as demonstrated by those who posted they have it in
their areas. If considering contesting that fact proceed with caution.
:)
>
> There's a lot more in a config file than what a user can see on those
> browser
> screens. You'd need to be at the ISP's SNMP screen to see more of
> that. In any
> case, I don't believe that a technical explanation of Powerboost has
> been
> forthcoming as yet, just marketing hype of no technical interest. If
> there is a
> flag in the config file for it, then there is a flag. That's not
> informative as
> to how it's accomplished at a technical level.
>
> Bob
How a company for profit runs things on a technical level is directly
related to the cost of how what they are doing gets accomplished. If
they can control what needs to be done for $5.00 why would they spend $
200.00 to do the same thing?
The config file can however tell the CMTS what the maximum for that
customer is thus avoiding the necessity of more costly equipment to the
ISP's that own and operate that equipment. You seem to be stuck in
tunnel vision mode with nothing to support your claims that the CMTS
regulates everything including the strength and temperature of your
morning coffee. You should have listened to that one teacher that told
you to think outside the box. :) If the Cable providers had to maintain
more costly and technically time consuming equipment we would be paying
several times what we now pay for the same service.
BTW: I once saw a model T doing in excess of 150 MPH. On a race track.
:) ( actually the Bonneville flats. )
Robert Heiling
>
> You seem to be stuck in
> tunnel vision mode with nothing to support your claims that the CMTS
> regulates everything
As I've never made a claim that came even close to that, I'll have to be puzzled
by that comment.
Bob
Dr Feelgood
I understood your original question differently than a number of other
people
here. It was not a question, I thought, of where those particular
numbers were
stored, but of how the capping was physically accomplished: "There was a
Cisco
document (Dec 22nd, 2004) which said the downstream capping is done by
the
CMTS". It was that understanding, or misunderstanding, that led to my
initial
post that RNess reacted so defensively to. In any case, the answer for
Downstream is reasonably clear. The role of the CM in Downstream is a
passive
one and it only sits there looking at the frames for packets that have
its own
PID on them. It would be the CMTS that packages those frames in order to
achieve
the specified speed.
The roll of the CM is a gateway between the customers equipment and the
internet the same as any other consumer type modem . It uses a config
file rather than a limited chipset to set it's speeds. That config file
is what tells the CMTS what speeds to set. If not there would be no
possibility of hackers changing the config file to operate at higher
speeds.
Robert Heiling
And the point is ?
Dr Feelgood
The CMTS is not controlling the speed, it is just doing as it is told by
the config files it sees. ??? The roll of the CM is not passive as you
suggest. The modem config file it like the cops with radar guns. The
freeway and your car may be capable of 140 MPH but the cop won't allow
it. :)
RNess
(If that is the right spelling)
One of those devices on an engine that limits it's speed to a certain level.
Rental truck is limited to 60Mph - I'm sure there are tons of examples.
The coax pipe from the node to the customer is capable of quite high speed,
somewhere around 36Mbps down. The modem, via the boot file is simply
capped at whatever speed the subscriber is paying for - via the boot file.
BTW, the system polls the modem on a regular basis (audit) and
also boot file download is triggered during initialization.
"Dr Feelgood" <drfeel...@comcast.net> wrote in message news:Y4KdnesY4-jDoynZ...@comcast.com...