Is the cable system insecure?
Nonap...@gmail.com
infrastructure for cable internet access is slightly insecure. The
allegation was that since all cable drops in an area trace back to a
distribution node (which in turn make their way to the head end)
someone on the same distro node could, with some "technical
prowess" (direct quote from the source) could eavesdrop on your
communications. Is this true? I couldn't get Google to cough up any
further info on the subject, but then again I couldn't seem to piece
together completely relevant search terms.
This is perturbing news for someone who tends to be
paranoid. ::glances nervously at the cable modem:: Is it time to go
back to tin cans and string?
Nonapeptide
Bit Twister
> I just stumbled across a blurb in a networking book that said that the
> infrastructure for cable internet access is slightly insecure. The
> allegation was that since all cable drops in an area trace back to a
> distribution node (which in turn make their way to the head end)
> someone on the same distro node could, with some "technical
> prowess" (direct quote from the source) could eavesdrop on your
> communications. Is this true?
How old is the network book. Since you are a Cincinnati area
RoadRunner customer, I assume your Motorola is set for encription.
As I misunderstand it, the cable modem to head end is encripted.
Since you are a Cincinnati area RoadRunner customer, I assume your
Motorola cable modem is set for encription.
If you were to look in the cable modem web page and see something like
Initialize Baseline Privacy Done, then it is encripted.
Guessing http://192.168.100.1 would be the cable modem web page.
Ed Nielsen
your home. In those regards, the only difference between the
technologies is the point at which the individual connections become a
shared connection.
Cable is no less secure than a T-1 line or dial-up or DSL or whatever.
CIAO!
Ed N.
Rod Smith
There is some truth to the claim; however, most cable companies today
encrypt the last-mile data, which would make it difficult (perhaps to the
point of impossibility, except maybe for national intelligence agencies)
for somebody on the same cable node to decrypt your data.
That said, most Internet traffic is not encrypted, and there are lots and
lots of places on the Internet that it can be intercepted. If you're just
concerned about your nosy neighbor knowing that you've been reading all
the latest Star Trek rumors, this isn't a big deal, since your nosy
neighbor probably doesn't have ready access to all the routers between you
and the Star Trek sites. OTOH, if you're concerned about Big Brother
snooping on your activities, that's another matter. Likewise if you're
concerned about shady characters acquiring a profile on you and using it
against you (for identity theft, say). Data passed over the Internet is
compromised every day. Often this is a matter of theft of credit card
numbers, but these are typically stolen from retailers' computers, not
while they're in transit. If criminals were to compromise a router,
though, they could sift through the data it manages and grab some of yours
-- passwords or other personal information, say. There have been
allegations that the US government is doing this for data to and from
foreign countries, the difference being that the feds are alleged to have
the cooperation of the data carriers, or at least some of them, and of
course they claim to be doing it in the interests of national security --
or they would if they admitted they were doing it.
The bottom line is this: Whether you're using a cable modem, DSL, a T1
line, a dial-up telephone modem connection, or anything else, you
shouldn't consider your Internet transactions secure. If you pass anything
sensitive over the Internet, you should ensure that you're using an
encrypting protocol to do it. Fortunately, most Web retailers employ
encryption on their order pages, or at least on the ones that ask for
credit card numbers -- but as noted, data thieves manage to steal CC
numbers from the retailers' servers. (Local CC transactions are also at
risk in the same way or by waiters or whatnot copying the information by
hand, so don't swear off Internet purchases for this reason.) If you
routinely log into remote systems (getting a command prompt or desktop to
use it as if it were local), use an encrypting protocol such as SSH. For
sensitive sites, such as a bank, use a unique password, and don't store it
on your computer. (With all the Trojans and viruses out there, passwords
stored by your browser might not be secure even on your own computer.)
Particularly if you're using Windows, run anti-virus software, and keep it
updated. Use a NAT router, if your cable modem doesn't incorporate that
functionality, to help protect your home system. These basic steps will
minimize the risks, but security isn't an all-or-none thing. The only way
to be 100% sure that your Internet data won't be snooped is to not use the
Internet, and the only way to be 100% sure that your computer's data won't
be compromised is to not use a computer. In today's world, neither of
these is a practical approach, so you'll have to accept some degree of
risk.
--
Rod Smith, rods...@rodsbooks.com
http://www.rodsbooks.com
Author of books on Linux, FreeBSD, and networking
Nonap...@gmail.com
> In article <1191464795.138725.206...@19g2000hsx.googlegroups.com>,
> Author of books on Linux, FreeBSD, and networking
Thank yuo all for the responses. Much to think about.
@Rod
I suppose my initial confusion centered on this alleged ability of a
member of your shared last mile on the cable system to snoop on your
communication. To my limited understanding of networking, a snooper
would have to have some way of having direct access to that
multiplexer (or whatever the cable system uses) and then have some way
of replicating the traffic from the multiplexer back down the line to
himself. If a multiplexer (or whatever) is vulnerable, it would seem
to me that any medium, not just cable, is just as vulnerable. The book
I was reading stated that cable was more insecure by comparison to
other mediums but didn't offer any further explanation. Maybe I should
just calm down and go back to reading my Windows Administration
books... ;)
Nonapeptide
Nonap...@gmail.com
> On Tue, 09 Oct 2007 23:20:40 -0000, Nonapept...@gmail.com wrote:
> >Thank yuo all for the responses. Much to think about.
>
> >@Rod
>
> >I suppose my initial confusion centered on this alleged ability of a
> >member of your shared last mile on the cable system to snoop on your
> >communication. To my limited understanding of networking, a snooper
> >would have to have some way of having direct access to that
> >multiplexer (or whatever the cable system uses) and then have some way
> >of replicating the traffic from the multiplexer back down the line to
> >himself. If a multiplexer (or whatever) is vulnerable, it would seem
> >to me that any medium, not just cable, is just as vulnerable. The book
> >I was reading stated that cable was more insecure by comparison to
> >other mediums but didn't offer any further explanation. Maybe I should
> >just calm down and go back to reading my Windows Administration
> >books... ;)
>
> IIRC, that's about how long it's been since a cable customer could
> browse his neighbor's open shares and print to neighboring printers.
>
> --
> Bill- Hide quoted text -
>
> - Show quoted text -
Okay, if you all /must/ know, here it is:
http://www.amazon.com/gp/product/1592007929/ref=s9_asin_title_1/102-8221281-5400930?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-1&pf_rd_r=19SHBA73JHMW2TAGT55J&pf_rd_t=101&pf_rd_p=278240701&pf_rd_i=507846
Nonapeptide
Rod Smith
Nonap...@gmail.com writes:
>
> On Oct 4, 11:01 am, rodsm...@nessus.rodsbooks.com (Rod Smith) wrote:
>> In article <1191464795.138725.206...@19g2000hsx.googlegroups.com>,
>> Nonapept...@gmail.com writes:
>>
>> > I just stumbled across a blurb in a networking book that said that the
>> > infrastructure for cable internet access is slightly insecure.
>>
>> encrypt the last-mile data, which would make it difficult (perhaps to the
>> point of impossibility, except maybe for national intelligence agencies)
>> for somebody on the same cable node to decrypt your data.
>
> member of your shared last mile on the cable system to snoop on your
> communication. To my limited understanding of networking, a snooper
> would have to have some way of having direct access to that
> multiplexer (or whatever the cable system uses) and then have some way
> of replicating the traffic from the multiplexer back down the line to
> himself. If a multiplexer (or whatever) is vulnerable, it would seem
> to me that any medium, not just cable, is just as vulnerable. The book
> I was reading stated that cable was more insecure by comparison to
> other mediums but didn't offer any further explanation. Maybe I should
> just calm down and go back to reading my Windows Administration
> books... ;)
The problem with cable systems is that every customer in an area gets
every other customer's data. Remember that cable systems were designed for
TV distribution, where every household gets the same set of channels. To
feed computer data over this existing infrastructure, cable operators
simply send the data for several households down this one shared set of
cables, so in theory one person can snoop on the data sent to a nearby
location. (Upstream data also goes over the same shared set of cables and
so is vulnerable, too.) In this sense a cable system's last-mile network
is similar to a large Ethernet network that uses hubs rather than
switches.
This description, though, is incomplete; as I wrote in my previous post,
most cable operators today employ encryption and other techniques to
secure their last-mile data. I certainly wouldn't want to bet my life --
or even my bank account access data -- that the last-mile data is really
secure, but I'm not going to get too worried about the last-mile security
compared to security on the rest of the Internet. When I deal with data
that really should be securely transmitted (credit card numbers, passwords
that provide shell access to remote systems, etc.), I use encryption to
provide end-to-end security. For most data (Web page URLs, most e-mails,
etc.), I don't worry about it, since this data isn't really sensitive,
whether it's stolen by my next-door neighbor or by a spy in China.
Note also that another technology has become very common that's far less
secure than cable modems: Wi-Fi. Wi-Fi is a radio technology, so somebody
can sit in a car parked outside your home and snoop on your Wi-Fi traffic
or even use your network to access the Internet. Your internal network may
also be vulnerable to attack, since many LAN security products are
designed to protect against access from the Internet rather than from
systems on your local network. Most (all?) Wi-Fi hardware supports
encryption, but the studies I've seen suggest that this encryption is
often ineffective and is also often disabled by default. (I've not been
following this closely, though, so my information may well be out of
date.) If you use wireless networking at home or at work, you should
definitely look into this issue to learn how secure your hardware's
encryption is and, if it turns out to be inadequate, add encryption on top
of it.
--
Rod Smith, rods...@rodsbooks.com
lawrenc...@ugs.com
>
> (Upstream data also goes over the same shared set of cables and
> so is vulnerable, too.)
It's worth noting, however, that cable modems transmit in an entirely
different range of frequencies than they receive. So, while it is
theoretically possible to hack a cable modem to receive data being sent
*to* other modems on the cable segment, it is physically impossible for
it to receive data being sent *from* those other modems.
-Larry Jones
You can never really enjoy Sundays because in the back of your
mind you know you have to go to school the next day. -- Calvin
Tom Stiller
wrote:
> Rod Smith <rods...@nessus.rodsbooks.com> wrote:
> >
> > (Upstream data also goes over the same shared set of cables and
> > so is vulnerable, too.)
>
> It's worth noting, however, that cable modems transmit in an entirely
> different range of frequencies than they receive. So, while it is
> theoretically possible to hack a cable modem to receive data being sent
> *to* other modems on the cable segment, it is physically impossible for
> it to receive data being sent *from* those other modems.
>
No one said one had to use the same tuner to capture data going both
directions.
You can tune one device to (e.g.) 34.8 MHz to capture the upstream
traffic and to (e.g.) 723 MHz to capture the downstream traffic.
--
Tom Stiller
PGP fingerprint = 5108 DDB2 9761 EDE5 E7E3 7BDA 71ED 6496 99C0 C7CF
lawrenc...@ugs.com
>
> No one said one had to use the same tuner to capture data going both
> directions.
>
> You can tune one device to (e.g.) 34.8 MHz to capture the upstream
> traffic and to (e.g.) 723 MHz to capture the downstream traffic.
My point was that you *can't* tune an off-the-shelf cable modem to
capture upstream traffic. To do that, you essentially have to build,
buy, or otherwise obtain something resembling a head-end modem (but not
an actual head-end modem, since the head-end expects to control all the
end-user modems connected to it and you don't want to control them, you
just want to snoop on them), which is well beyond the capabilities of
your average neighborhood hacker.
-Larry Jones
Oh, now don't YOU start on me. -- Calvin
Nonap...@gmail.com
> In article <1191972040.493468.165...@22g2000hsm.googlegroups.com>,
> Author of books on Linux, FreeBSD, and networking
So, if I'm understanding correctly, as I sit here and look at my
modem, its receiving downstream transmissions that are headed for me
and every other cable modem subscriber in my area. The modem is
selectively choosing to ignore all but the transmissions that are
addressed to it (I'm supposing that it's filtering by IP address?). My
mind's eye is picturing all downstream content that is intended for me
being split to all nodes on my local last mile, but only being
accepted by my modem. Is that correct?
Also, (again, if I understand correctly) each transmission that I send
hits some kind of local aggregator (multiplexer?) which then, in hub-
like fashion, repeats the transmission to every port, which includes
every neighbor that has a cable modem as well as the upstream
connection to the head end? Eek! Seems like a waste of bandwidth for
the provider. Each last mile area of a cable provider's service is
essentially a big MAN sized collision domain?
As for the wireless admonitions, I think WPA2 with a decent sized PSK
is purported to be uncrackable.
Thanks for the continued discussion,
Nonapeptide
Any word on what type of encryption cable providers use?
lawrenc...@ugs.com
>
> So, if I'm understanding correctly, as I sit here and look at my
> modem, its receiving downstream transmissions that are headed for me
> and every other cable modem subscriber in my area. The modem is
> selectively choosing to ignore all but the transmissions that are
> addressed to it (I'm supposing that it's filtering by IP address?). My
> mind's eye is picturing all downstream content that is intended for me
> being split to all nodes on my local last mile, but only being
> accepted by my modem. Is that correct?
Yes, although the RF network has its own addressing scheme, it doesn't
use IP addresses. Most cable systems allow multiple IPs behind a single
modem (although there may be an additional charge).
> Also, (again, if I understand correctly) each transmission that I send
> hits some kind of local aggregator (multiplexer?) which then, in hub-
> like fashion, repeats the transmission to every port, which includes
> every neighbor that has a cable modem as well as the upstream
> connection to the head end? Eek! Seems like a waste of bandwidth for
> the provider. Each last mile area of a cable provider's service is
> essentially a big MAN sized collision domain?
No. The transmissions that you send go to the local node over coax that
is shared with your neighbors, so they receive those transmissions but
the node itself only retransmits (over fiber) to the head-end so people
attached to other nodes don't see the transmissions. And the upstream
bandwidth is divided into specific time slots that are, for the most
part, preassigned to specific cable modems, so there are no collisions
except for the few slots that are left open for contention.
> Any word on what type of encryption cable providers use?
The packet data is encrypted using either 56- or 40-bit DES. The DES
keys are managed using RSA public-key encryption.
-Larry Jones
Even though we're both talking english, we're not speaking the same language.
-- Calvin
Ed Nielsen
and have high port-to-port isolation. Not like a hub or switch or
T-connection.
The downstream path is located somewhere in the bandwidth of 88-860MHz,
while the upstream path is in the 5-42MHz bandwidth. Just where depends
on the system.
CIAO!
Ed N.
Richard Steiner
Bill M. <wbil...@hotmail.com> spake unto us, saying:
>WPA and WPA2 aren't crackable in the same way that WEP is so easily
>cracked, but both flavors of WPA are susceptible to dictionary
>attacks, and the nice thing is that you don't need to sit there and
>gather tons of packets like you would for WEP.
How much more secure are you when you turn SSID broadcasting off?
I would think that would at least deter casual drive-by Wifi cracking
(folks can't crack what they don't know exists).
Or will some Wifi detectors show hidden wireless networks anyway?
--
-Rich Steiner >>>---> http://www.visi.com/~rsteiner >>>---> Mableton, GA USA
Mainframe/Unix bit twiddler by day, OS/2+Linux+DOS hobbyist by night.
WARNING: I've seen FIELDATA FORTRAN V and I know how to use it!
The Theorem Theorem: If If, Then Then.