Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
News

Security Focus on Cable Modem Uncapping 489

Anonymous Coward writes "Cable modem uncapping allows broadband customers to boost their bandwidth to 6 or 7 times what they're paying for, by spoofing their modem's TFTP client into downloading a hacked DOCSIS configuration file. Kevin Poulsen at SecurityFocus reports that a new underground program called OneStep makes the process easy and fun for the whole family. Broadband companies are cutting off the uncappers that they catch, but things could get out of control soon."
This discussion has been archived. No new comments can be posted.

Security Focus on Cable Modem Uncapping

Comments Filter:
  • by ObviousGuy ( 578567 ) <ObviousGuy@hotmail.com> on Friday May 10, 2002 @02:49AM (#3495323) Homepage Journal
    Just because technology allows you to do something, does not mean that it is also legal.
  • lovely (Score:5, Funny)

    by zAmb0ni ( 214345 ) on Friday May 10, 2002 @02:55AM (#3495335) Homepage
    and they will be totally suprised when their cable company cuts them off at their knees:

    http://www.dslreports.com/forum/remark,3155491~r oo t=attbi~mode=flat
    • by Anonymous Coward on Friday May 10, 2002 @08:26AM (#3496211)
      Just because they didn't realize I was going to steal from them shouldn't allow them to stop letting me steal from them.

      When I signed up for service, I knew this hack was available. That means when I signed up for service, I had every reason to believe that I would get unlimited bandwidth forever.

      When will these companies get it. They are going to piss so many thieves off that sooner or later they are only going to have paying customers that follow the rules, or aren't heavy enough users to worry about. And then what will they do, besides make money. I mean what good is a network that isn't crawling on its knees from all the MP3 and warez sites. Some people just don't get it.

      Someone buy these guys a ticket, so they can hop on the clue train.
  • by Anonymous Coward
    is like uncapping a coke bottle. You get access to the beverage, but you also release some bubbles. If you don't understand the comparison, well neither do I.
  • Now virii will be spread by:
    REAL!!!_cable_modem_uncapper.exe
    and not:
    cable_modem_uncapper.exe
    • Why bother with a virus? I think it would be funnier to see a real cable modem uncapper be spread. Thousands of users download and install them innocently, alongside their crappy BOOST software and everything that opens multiple connections. The combination will push their bandwidth to its limit, and then.. heh, well it would be better than a virus. Virii can be gotten rid of by loading a backup. AT&T is much more bitchy than that.
  • by jukal ( 523582 ) on Friday May 10, 2002 @03:00AM (#3495350) Journal
    The way the bandwidth limiting has been done in these modems, is completely similar to telling 5 year old kids to take only one candy, and then go yourself watch football to another room (or as a fin, Icehockey) - when you return after the match you can be sure that there is no candies - or bandwidth - left.

    IMHO, the operators were just asking for this. NEVER trust the client.
    • by RollingThunder ( 88952 ) on Friday May 10, 2002 @03:49AM (#3495468)
      Actually, I like this. It gives the abusers enough rope to hang themselves, and they evidently ARE catching them.

      This means you get to easily identify, then remove, the buggers who are screwing your bandwidth distribution and forcing you to spend tons in extra capacity. A minor short-term risk for long-term gain.

      I have to say I also don't mind that some warez d00d may just finally learn that yes, there are consequences to your actions, even on the Internet.
    • I work at a cable company, and I stress this exact point. It is a silly way to cap bandwidth in the first place, and it was crazy to ever be adopted. Maybe this is why Docsis is only an ad-hoc standard?
      The bad part is, the method of enforcing speeds employed by most (I stress MOST, you bet your ass that my methods aren't so easily fooled) cable operators has the same problem. They want to get your speed by SNMP query to your cable modem. Which again puts the trust in the client. While I haven't seen any SNMP faker hacks, I'm sure that they aren't too far behind. Another silly note is that most of those guys are comparing your speed to a list of approved speeds, not to a list of what customers bought what. This includes thier Business lines, which run over the same gear. You won't be able to sneak through with a 2meg/2meg pipe, but a 1.5meg/768k is a service they probobly sell, and would get right through thier checks.

      The control method that you will see soon is called "shared secret", and is an encrypted passphrase-type method. Basicly, your cable modem gets a config file that has a key in it, which is basicly a signature of the bin file. It then generates a new passkey based on those two items, and send it to the CMTS. The CMTS verifies that it got a correct passkey, and then lets you connect. The encryption they used is junk, though, and there are efforts underway to break it. This is yet another dumb method that will only work for a short while!

      What I will say is that there is a better way, and it is 100% effective. Your cable modem doesn't just "make up" a speed and magicly work, it has to register its rates with the CMTS. This is where the speed is truly controlled. While it isn't likely that Cisco will have a good method for capping individual users at the CMTS level, they are nice enough to tell you what speed someone is registered at. This is the method that I am using, and I *am* comparing speeds against what customers are paying for... So if you live in a town where you can get Imo's pizza, the square beyond compare, this is your warning! :)

      On the flip side, once an abuser is identified, the info gets sent to marketing, and who knows what happens from there. We don't just pull the plug on abusers (yet).
      • Hopefully marketing will realize there is a market for a residential service with a higher upload cap! I need more than 128kb/s for streaming my mp3 collection since I have it VBR encoded @~200kb/s avg. I would also like to allow my work pc to vnc/ssh/term service into my home pc's, this will work but will be extremely crappy over 128kb/s. Note that none of these are business uses and I can deal with residential service guarentees, but I want more bandwidth on the upload! Standard Docsis rates are almost 12:1 D/U, my usage pattern on dialup is only about 5:1 and most of the stuff I would do with broadband would push it to 4-3:1. When I need massive amount of sustained bandwidth and service guarentees I pay for, hence my 6Mb/s burstable to 7.5Mb/s ATM circuit(s) at work, but cable co's aren't commercial ISP's, they are residential ones, they should offer a decent residential service.
  • Oh wonderful (Score:3, Insightful)

    by olman ( 127310 ) on Friday May 10, 2002 @03:03AM (#3495359)
    This is just great. And I thought our cable service was overloaded as it was. Never to worry, thought, they do send cease&desist nastygrams to everyone who exceeds an arbitary download quota as it is. In any case, you'd think it'd not be that difficult to monitor the bandwith usage per node and ..

    Actually this reminds me of the a**wipes who used to download pr0n with threaded ftp clients from within the student network. We had a shared 512kbit line and you can see where this is leading to. Ditto for download managers with "segment" support. I fully realize I'm using making the download even slower for everyone else by using Getright to have 4 independent connections.. Some people are just more equal than others, dammit!
    • Re:Oh wonderful (Score:2, Interesting)

      by ImaLamer ( 260199 )
      I fully realize I'm using making the download even slower for everyone else by using Getright to have 4 independent connections.. Some people are just more equal than others, dammit!


      The optimal use would be to find mirrors.

      I often download my linux iso's in Windows because I like Getright so much. It can usually find mirrors around the world and I can get an iso in about 45 mins - something almost impossible when new iso's are released.
  • by ez76 ( 322080 ) <slashdot.e76@us> on Friday May 10, 2002 @03:03AM (#3495360) Homepage
    It just goes to show what's possible when a generation of clever minds is continually frustrated by their inability to develop a digital descrambler for the Playboy channel.
  • by zAmb0ni ( 214345 ) on Friday May 10, 2002 @03:06AM (#3495362) Homepage
    Give me something that I can actually use like...

    A program that will cap my CS ping at 10ms.
    A program that gets rid of my horrible packet loss.
    A program that gives me reliable service without downtime every other day.
    A program that will uncap my 1GB/mo limit on usenet download
    A program that gives me customer service who knows what they are talking about.
    A program that gets rid of my horrible Comcast service and gets my old (more reliable, lower priced, higher bandwidth, more featured) Mediaone service.
    • >>>>A program that will cap my CS ping at 10ms.
      Doesn't matter, I'll still nail you with my leet desert eagle skillz!

      >>>>>A program that gets rid of my horrible packet loss.
      install new network cables :)

      >>>>>A program that gives me reliable service without downtime every other day.
      OH now that was a funny one!

      >>>>>A program that will uncap my 1GB/mo limit on usenet download
      How much porn can u look at? I mean .jpgs are small man!

      >>>>>A program that gives me customer service who knows what they are talking about.
      That would drive the cost of the service up! imagine these companies having to pay intelligent and skilled people to answer the typical question they receive... which any phool getting paid 2 bux over minimum wage can do from a FAQ sheet :)

      >>>>>>
  • Unless you're severely capped (at around 512kbps) I don't really see an issue with it. Most sites I go to I can only get around 70-100 kBytes/s on a download. This is far less than the 1.5Mbps cap usually put on the modem. Going to my ISP's download test site (which is connected by a fat pipe) I got 400kBytes/s, or 3.2Mbps. Basically, the chokepoint is mostly at the other end, not at the home user's end. When websites all have huge pipes running from them then maybe this will be an issue, but until then it's probably a moot point.
    • Re:Capped cable (Score:2, Insightful)

      by semeniuk ( 179287 )
      You're right about websites, because they rarely have 'the big pipe' ... but newsgroups are a different story.

      I easily hit the top advertised speed for my DSL service when I'm downloading from usenet ... and the more bandwidth I have, more educational material I can download from newsgroups (and there's tons of educational material there! :-))
  • (note: I work for a cable ISP)

    This vulnerability only exists in Surfboard modems. RCA, who has a HUGE market penetration, especially since they're cheaper, smaller, and better featured (for ISPs anyhow) than the competition, are *not* vulnerable to this, and can't be "uncapped."

    I'm really surprised I haven't heard more about what other ISPs who have rolled out more Surfboards plan to ask *Motorola* about this. Couldn't they just turn off the damn ethernet port for the duration of the initialization sequence?
  • What goes around... (Score:2, Interesting)

    by redgekko ( 320391 )
    I can't wait to read the next Slashdot article entitled "Cut off by Cable, It's Just Not Fair", in which everyone bellyaches about their newfound understanding of the "cable monopoly" definition.

    Think about it... even if it did get "out of control"... cable providers could simply restrict bandwidth further up the line (someone please explain why on earth it would be delegated at the modem in the first place???).

    Anyone remember years ago when the same thing happened with DirecPC's service?

  • Uncapping (Score:4, Insightful)

    by Dante_H ( 537218 ) on Friday May 10, 2002 @03:13AM (#3495384)
    Yeah, I uncapped my cable modem (in the UK, on Blueyonder) for a period. 500kbyte/sec transfers were fun, but then when I had a power cut I had difficulty respoofing the modem with the configuration file. Apparently the cable company disabled the process of the modem getting the file.

    A friend of mine, who also uncapped his modem but for a longer period received a letter from the cable company saying "Someone in your household has illegally attempt to modify one of the devices supplied by Telewest. Please desist or your service will be permanently withdrawn" or something like that.

    My cable connection ocassionally gets uncapped for random periods, and I don't notice until I start downloading something (e.g. larger driver file) and get 300kbyte/sec.

    If more information was available for customers to see how much bandwidth cost the ISP, then perhaps our expectations could be realistically scaled. Is having an uncapped 3 hour period between 2am and 5am feasible? I could simply schedule large downloads for that period. At present, I may as well just download at peak times, which probably is more irritating to the ISP receiving calls about slow web pages, or somesuch.

    • First :
      It is slightly different because Telewest modems are suplpied by Telewest are property of Telewest and you are only leasing them.

      So you have actually tampered with telecommunications equipment belonging to the telco which in the UK as elsewhere may lead to a very fat fine.

      I am amused by the fact that they only kindly reminded you not to be stupid.

      Second:
      Your suggestion for gradual QoS and limits polices is nothing new. It has been done in the past (it was casual pricing strategy/practice in 1994-1998). I have recently discussed it with some of my collegues (disclaimer none of us works for a CableCo or DSL provider at the moment) but the overall opinion was that there is no economical drive for such a policy manager. The only way such drive will appear will be to introduce differential prime time/prime bandwidth pricing. In other words abolish flat rates. Otherwise there is no economical reason for developing such software.

      Overall: if you want to manage your downloads smartly do not ask for dumb pricing.
    • A local fellow is currently coding up code for allowing uncapped DSL through an ISP, but with pro-rata rate limiting (eg. if you've downloaded 20Gb this month, and joe has downloaded 10Gb, and the isp's bandwidth is maxed out, then joe's traffic will get twice the priority thaty ours does). Sounds like a good idea to me

  • by skilef ( 525335 )
    ..here in Holland. A fellow UPC-customer wrote a program called FuckUPC; uploadmax was uncapped and went from 16KBps to 300KBps! UPC applied a patch and doesn't seem to work anymore. So maybe the fun is over before you know it. If a lot of people are going to use it, providers will find out in the end. As far as I can see, the program is basically the same as FuckUPC(?):

    -ARP your own IP adress with MAC of cablemodem
    -ARP private IP (10.10.10.1) with MAC of cablemodem
    -Set your gateway as 10.10.10.1
    -Redefine routing table (netmask 255.255.255.0)

    Seems pretty straightforward..
  • ...is that the cable companies will just switch on the encryption and authentication options in DOCSIS, turn off all the non-DOCSIS service on their network, and make it impossible to spoof the config file and still connect to the head-end. End of problem. Of course that'll mean if you have a non-DOCSIS modem you'll have to turn it in for a DOCSIS one if you want your connection to keep working. They'll also probably clamp down on servers and bandwidth hogs while they're at it. Guys, lemme give you a hint: long-term it's Just Not Worth It to play that sort of game.

    • While I agree with you that long term it's not
      a worthwhile game to play, I should point
      out that the Baseline Privacy Initialization
      ( I believe this is what you are refering to by
      encryption ) occurs after the tftp step in
      the DOCSIS initialization.


      Now if they were to actually start using the
      MIC ( message integrity check ) to protect the
      CMTS from being spoofed with false COS data from
      the Cable modem, then they could stop this pretty
      quick. But I have NEVER seen anyone actually use
      the MIC.

  • I've posted this before, but I'll post it again. I, and many other customers of ATTBI I am sure, feel the great disservice is the fact that ATTBI has the gull to increase the rates while also decreasing the service speeds. From memory, here is what the service essentially has been (innacuracies may occur, but the basic premise is true):

    February 2000- 3.5 Mb/s down, 1.5 Mb/s up- Price= $49.95/month
    January 2001- 3.5 Mb/s down, 128 Kb/s up- Price = $49.95/month
    January 2002- 1.5 Mb/s down, 128 Kb/s up- Price= $59.95/month

    I can understand how some people would be upset enough to risk losing their account in order to get faster speeds, but I am not one of them. Sure, I have the option to switch to another broadband company, but when AT&T has a monopoly on high speed connections in my area, I'm must endure what they force upon me or otherwise have a very limited connection speed.

    • Comcast and Cox, while not actively raising their rates, are certainly providing lousy connectivity. Sure, their respective customer services are responsive, but when the response is always, "We're working to fix that," it gets a little tedious. There have been days that service has been essentially unavailable. If I can't get the bandwidth one day, it's gone, and I generally don't even have a rebate to show for it. This tends to make me want to do something like uncapping my modem to make up for it the next day.

      I'm not saying it's the company's fault that I'd do something along these lines. They're just not providing much of a carrot for me not to do so. Reliable service is the carrot, cutting off my service is the stick, in this case. It'd be nice if more companies would use the carrot before the stick, but that would mean, I don't know, that they appreciate their customers or something weird like that.

      Cox, at any rate, monitors their cox.community news groups closely, and will respond in that forum about issues and try to resolve them. I do feel like I am getting a response, so I'm giving them the benefit of the doubt. For now.

      Comcast's published news server rarely works at all, so I can't say the same for them. If there was a broadband option where I'm using Comcast, I'd have taken it long ago.

    • Re:Changes in speed (Score:4, Informative)

      by Sc00ter ( 99550 ) on Friday May 10, 2002 @07:43AM (#3495958) Homepage
      What?! I worked for MediaOne (and this is what became ATTBI) in 2000. They never had speeds that fast.. they had (and I still have as a ATTBI customer) 1.5Mb/s down and 384Kb/s up.

  • Why make anything adjustable from the consumer end that can affect profitibility???!!! Its a broken secuity model (which may lead to a broken business).
  • by Eric Smith ( 4379 ) on Friday May 10, 2002 @04:00AM (#3495490) Homepage Journal
    The article suggests that service providers detect this by querying the modem at the customer end using SNMP. If that's true, a better[*] hack would be to modify the firmware to uncap the bandwidth regardless of what the MIB variables say. In other words, let it report back via SNMP exactly what the service provider sets the cap to, but have the modem disregard that variable.

    People have done much more amazing hacks than that on DVD players, such as the Apex AD600A, despite the use of a non-standard microprocessor. Hacking the firmware of a cable modem should be quite simple by comparison.

    That's the sort of reverse-engineering I used to do quite often, but now I get little opportunity due to the DMCA. It doesn't seem like service provider or cable modem vendor can use the DMCA to ban reverse-engineering of the cable modem, since the features in question aren't involved in copy protection. But the trend seems to be to sue first and try to justify it later.

    Eric

    [*] Better in the sense of being less detectable. I'm not suggesting that doing this is legal or ethical.

    • Ultimately, the provider can always monitor how much bandwidth you are using by looking at its own routers - you can't spoof this. Search for 'Cisco NetFlow' for one example of how to do this.

      By making it more expensive for them to detect cable modem uncapping, you are probably just going to encourage them to disconnect uncappers rather than just warning them.
      • That's good to know Cato. But you know, that brings to mind a question I've been asking myself off and on for a few months now:
        if they can easily monitor something like bandwidth usage on a per-customer basis, why the heck can't they also scan for other violations/problems like code red?

        I live in the midwestern U.S. (Ohio) and have Time Warner's Road Runner service. To this day I'm still seeing a large number of code red attempts on my router logs - greatly reduced from when it first hit of course, but still quite a few. When I spoke to RR's customer service back when CR first hit (and brought the entire RR network to it's knees) I asked them why they didn't just monitor for the bug and either cutoff or contact anyone with an infected machine. They told me they didn't have that capability.

        Now granted, this was just a customer service flunkie, but I still remember thinking, "What the heck?! You guys can't track this sort of thing on your own network?" Apparently he may have been correct, given the number of CR attempts I'm still seeing.

        Any idea what the real story is?
        • That one's simple; of course they can check who's got Code Red. The problem is that it will be the regularly-paying low-bandwidth-use Average Joe and his or her kids who basically couldnt fix it even if they knew they had it. It will also be a significant percentage of their customers.

          Either they'll have to cut off 20-50% of their customers or they'd have provide technical assistance to that number of people... neither option of which will be palatable to anyone wanting to actually not go bankrupt immediately.

          If it annoys you, set up a webserver to answer the code red infection attempts by shutting down or wiping the offending machine. Or pop up a warning for the poor suckers on their display with a pointer to where they can find a cleanup patch, if you're a nice person. It's not very complicated and I think you can find example cgi scripts by searching on google a bit.
        • if they can easily monitor something like bandwidth usage on a per-customer basis, why the heck can't they also scan for other violations/problems like code red?


          just cause i am counting cans doesnt mean i can read the labels :)

    • Comment removed based on user account deletion
  • by Rogerborg ( 306625 ) on Friday May 10, 2002 @04:38AM (#3495563) Homepage

    Unless you want to see how easy it is to produce convicing and very elaborate documentation of a fundamentally flawed exploit.

    For those who won't bother reading the link (most of you), the exploit is this:

    • DOCSIS Cable modems TFTP a file from the ISP to tell them what speed they are capped at (true)
    • You can produce a docsis file (using the docsis project at sourceforge [sourceforge.net]) that tells your cable modem to run at whatever speed you like (true).
    • You can set the NIC IP on your PC to match the ISP's TFTP server, and set up your own TFTP server to serve your own docsis file (true).
    • If you reset the cable modem, it will look on the PC side for the TFTP server, and user your docsis file (bzzzzt, false).

    It looks really pretty until this last point, where it enters the realms of fantasy. The people who wrote the docsis spec [cablemodem.com] aren't idiots. Cable modems will not look on the ethernet side for a TFTP server. TFTP'ing is done just after the cable side network discovery (so you have to have the cable side plugged in when you reset) and the modem knows which side is cable and which is ethernet. No, pinging the modem's ethernet IP from the PC doesn't help. It's just not that stupid; it knows that it has two interfaces, and it knows which one is which.

    So go ahead and try this. You won't damage your modem, because it will simply ignore your TFTP server. What will happen is that you'll spend a couple of hours following the steps, getting all excited, then getting increasingly frustrated as you just can't get that last step to work. Rest assured, you're not doing anything wrong, other than following the instructions of a delusional wannabe hacker with a tiny amount of network knowledge and a real problem dealing with reality.

    • by sl956 ( 200477 ) on Friday May 10, 2002 @05:38AM (#3495650)
      The people who wrote the docsis spec [cablemodem.com] aren't idiots. Cable modems will not look on the ethernet side for a TFTP server.
      The people who wrote the docsis spec aren't idiots, but the people who implemented it in some cable-modems are : some motorola cable-modems are looking on both sides (cable and ethernet) for a TFTP server. Yes it's stupid... but they do.
      I tried it 6 month ago (when my provider switched to DOCSIS), with great success.
      Nethertheless I don't do it anymore : capped cable is better than no cable at all...
    • by Loiosh-de-Taltos ( 247549 ) on Friday May 10, 2002 @06:17AM (#3495716)
      The SURFboard modems check both sides. The Nortel CM200's and RCA 105's up to the 235's (with USB, yay) also hit the ethernet if they cannot reach a CMTS across the cable.

      Interestingly, The CM100 (BayNetworks by Nortel) does not make that mistake.
        • The SURFboard modems check both sides

        And in the absense of any references, I'll just flatly assert that my Surfboard 3100 doesn't even bring up the ethernet side interface until it's brought up the cable side, been told what docsis to get and where to get it from, and pulled it in on the cable side. Exception, if the cable side fails, the ethernet side is then brought up purely for the purposes of serving DHCP to a LAN, but in this case, the cable side is down and it won't forward packets.

        Don't get me wrong, I'm a network engineer, and I fully accept that engineers do make idiotic mistakes like bringing up and checking both interfaces. But I'm saying that in this case, I've never seen it happen, nor have I seen any credible documentation (other than hacker optimism and unfounded assertions) that there are any DOCSIS modems out there that actually do this.

        Got references?

  • by weave ( 48069 ) on Friday May 10, 2002 @04:44AM (#3495572) Journal
    I understand the rationale for caps but I wish it was implemented with a bit more imagination and skill. Cable modem bandwidth usage has peak and off-peak hours. At 6am on a Sunday morning it's practically dead while Tuesday at 7pm it's heavy. So why can't they uncap or raise the cap during off peak hours so someone that wants to download three ISOs of redhat 7.3 could program their box to grab it early Sunday morning? All that bandwidth they are saving during off peak hours is wasted. It's not like they can apply it back during peak usage.

    This would also encourage off peak usage. It'd be far better to squeeze out that 2 gig download quickly when it has no real impact on others versus taking hours due to a cap during peak.

    I'm guessing you just can't reprovision the cable boxes that quickly and dynamically everywhere, but damn, it makes sense and I still don't understand why caps aren't implemented using some QOS type service at the head-end anyway...

    • Just like ISP (and cable and phone and hosting service) "setup fees", things like this will never get implemented because. Sure, it costs the broadband provider NOTHING to uncap the bandwidth during dead periods, but so few people will actually benefit from it (or complain enough to implement it) that it's not worth their time.

      I still picture the little old lady who uses a terminal to enter in all my information at the cable company, then presses an 'Enable Service' button, getting paid $175,000/yr for her services (clearly she makes a lot of money if I can be charged a setup fee that's $20-40!). (PS: Yah, not all places charge setup fees anymore, but those that do have just as little justification for it as companies in the past have.)
      • That "setup fee" probably also covers the cost of buying or developing the program (and the hardware) that presents the enable button to that data entry person, and allows for the "quick" activation of the accounts. It will go to general overhead as well as a salary.

        Owning a very small ISP, I agree with your first paragraph, the larger the comapany the more complacent they seem to be/get. I have to make the extra effort for each customer. It only takes one screwup and you lose a cusomer. The larger companies figure that the ROI for setting up something that takes care of a limited number of customers is not worth it, but they are wrong. You never know who is going to help or hurt your buisness in the future. Treat each customer right and one of them may bring in more buisness to you (and be loyal), treat one wrong and they may single handedly giving you are bad reputation by bad mouthing you to anyone who will listen.

        Somewhere along the line the corperate bean counters get in the way and forgot that the customer is the one paying the bills.

    • by weave ( 48069 ) on Friday May 10, 2002 @07:20AM (#3495876) Journal
      I've gotten some e-mail basically saying this would be useless because most users aren't savvy enough to know how to shift their usage around, but by the cable companies own admission, the bulk of bandwidth is used by a small portion of subscribers. I put it to you that these same subscribers are the ones who would know how to shift their usage around via programattic means.

      Given half a chance, I don't believe most of us geeks are unreasonable. And if variable bandwidth caps were instituted that were raised or lowered based on demand, just like the compression level on a CDMA cell signal is manipulated based on cellular tower usage and capacity, you'd start to see a lot of tools written that would make shifting of bandwidth around available for average users too...

    • I can think of two arguments against this. I'm not sure of the merits of either.

      1) The won't remove the caps for non-peak hours because it will be exploited by DSL and other broadband competitors. You've already seen the ads where they talk about people getting up during the middle of the night just to get a decent connection. It would only be worse for the cable companies if they themselves made it easier to get online late at night. Another example is the cell phone company, I think it's voicestream?, who lords thier "no peak hours" policy over other cell companies. Establishing peak and non-peak times is admitting the fact that they can't handle the desired bandwidth. By having one cap, they can claim that the cap is perfectly fine for any _reasonable_ user.

      2) The other thing I could see is that if you uncap the service between 2 and 5 AM say, then your system suddenly becomes overloaded during those hours. You haven't fixed the problem, you just shifted it. I'm not nearly as confident in this argument, but maybe it has some merit.
  • Creepy stuff (Score:2, Interesting)

    Anyone else find this rather creepy ? Submitted the previous comment without a subject. Whoops. Found at the bottom of http://www.iscentral.org/~tcniso/main/oneStep.htm On a final note, the server install is approximately 23 megabytes (what the heck ?), and we have put some extra security features in. Since we know you should be online when you try to run the software, every time the software is started up, it will use a unique software key to download a special authorization pack from the website. The software must have this pack in memory before it can properly run. The unique key is generated from your hardware MAC Address and must have that same address to be able to function. All keys will have to be created by a special generator. This will also allow us to only let others use this software when we want them to, incase we need to shut it down or to upgrade. Server should upgrade easy. I have put a lot of time into this software and am very glad its finally a reality.
  • by sh0rtie ( 455432 ) on Friday May 10, 2002 @05:04AM (#3495604)

    Ok after sniffing around IRC (including the said hackers channel) and various boards this secret "underground" program the securityfocus guy quotes doesn't exist , its vapourware.

    what does exist is a kludge of tftp servers,query utils and glorified DOCSIS [sourceforge.net] editors that with 20minutes and a *lot* of messing about you can change your config settings and then only until the ISP check your modem (automated) via SNMP , deny this and your cut off, accept it and it will detect your hacked config and cut you off...permanently
    so you are screwed either way.

    not to mention that most of the cable modem companies are using MD5 hashes [cisco.com] to validate the config files integrity (MIC (Message Integrity Check)), other than a severe hardware hack your not going to crack much with this verification.

    i came accross tco-iso's website quite a while ago and after a few visits over the months it seemed to of ground to a halt when they realised that MD5 was involved, they even mentioned the possibility of brute forcing the hash which raised a smile from a few of us.

    They point to their IRC channel for files but the *only* files that exist are just mirrors of the files their site links to, no "onestep" or 30mb files and certainly nothing special in the files (other than someone knows how to use a hexeditor on PD software)

    some people dont understand how uncapping really works but i think speedguide's [speedguide.net] article seems to sum it up nicely.
  • Pretty cool hack but really stupid to use. If anyone thinks that the cable company isnt watching for out-of-bandwidth or anything that looks strange then they are as the title states.... pretty stupid.

    The cable company drives around your city and neighborhood with sniffers looking for illegal cable tv hookups, something that costs them ZERO dollars... the cable signal is already there, they dont lose money with someone stealing it. Stealing bandwidth, that they do see as a dollar amount..

    If they will spend millions to snif out morons that steal the cable signal or HBO, you are sure that they are spending as much effort, time, and resources sniffing out for this stuff... hell they already watch for cloned cable boxes and cable modem boxes (Yes Johnny, you can get cable modem service for free, just buy this modified cable modem!)

    It's just like real hacking, if you do it from your home then you are really really stupid....
  • Well, this is what you get if you are greedy. Instead of quietly opening the valve a bit more,
    say, by a half (a fifty percent increase in performance is not bad by any standard, yes?),
    they push for the skies. Skimming off the top goes unnoticed (or even tolerated) far longer
    than just taking it all.
  • by barberio ( 42711 ) on Friday May 10, 2002 @06:59AM (#3495804) Homepage
    Broadband internet useage is turning out to be a real life demonstration of the tragedy of the commons for some.

    For those who have not studied Sociology, I'll summarise.

    In a village, there is a common patch of land. General consences decreed that the land was free for any to graze their animals on. After a while, many people decided to graze as many animals as they physicaly could on the patch of land. Eventualy the commons becomes a muddy barran field due to over grazing. (Note, actualy, in large scale, this can, and has, turned grassland in to wasteland and even desert.)

    The point is, many people have been saying 'Its the Internet, you paid for a connection, you have the right to use it to the full!' for so long. (ref, countless slashdot articles) Now people belive that bandwidth restrictions are artificial, that the cable companies are just trying to get as much money as they can. (Actualy, the Cable companies rent bandwidth in turn from companies which did speculative investment in laying high bandwidth cables. So if they need to increase bandwidth, they have to pay more.) This results in people asuming they have a right, and even a moral obligation, to take as much bandwidth as they can and 'share stuff'.

    As another example, it would be wrong to take up two seats on an airliner when you only bought one ticket.

    This scam is the equivelent of forgeing an airline ticket. Crude, and likely to end you up in hot water.
    • As another example, it would be wrong to take up two seats on an airliner when you only bought one ticket.

      Is it still wrong to take 2 seats if the airline reduced the seat width from 18" to 9" to save money while still charging the same price? I am afraid I would have one asscheek in each seat.

      Cable and cable modems are not the commons. They are monoplies run by companies trying to extract maximum profit for minimum work. I do not want to say that bandwith theft is correct, but there are two sides to the coin, and I have a hard time feeling sorry for the 'poor' cable company.

      At one point I asked Time Warner to provide free internet service to a community center located in a neighborhood where the median income is $2000 below the poverty line (2000 census). They declined, not because it would be a precident (they provide it to facilities in other communities) but because they were so used to screwing our community they did not feel the need. So much for the commons.

      SD
      • Which part of 'Bandwidth is a limited resource' and 'The companies have to pay more to get more bandwidth' did you fail to understand?

        Sure the companies may suck, and may do bad things like that. But claiming that theft is of bandwidth is deminished in this way is going to backfire and potray those of us looking for 'internet fredom' as swindlers. As I said, the 'Hack the Planet' mentality is doing much more damage than good.
        • Which part of "the companies will screw the customers anyway they can" did you miss?

          Bandwith is limited by infrastructure and bandwidth fees and the company's goal is to spend as little on each as possible. As these are monopolies, unless someone (the government, a class action suit, hackers etc.) force people to take a look at what is happening, things just get worse. I would be very curious what percent of the cable fees actualy go to bandwith vs. profit.

          Theft of bandwith is not right, I agree, but abusive monopolies like cable companies are not right either.

          Monopolies do not equals Commons

          SD
          • As these are monopolies...

            You keep using that word. I do not think it means what you think it means.
            • As per Merriam Webster Online:
              Main Entry: monopoly
              Pronunciation: m&-'nä-p(&-)lE
              Function: noun
              Inflected Form(s): plural -lies
              Etymology: Latin monopolium, from Greek monopOlion, from mon- + pOlein to sell
              Date: 1534
              1 : exclusive ownership through legal privilege, command of supply, or concerted action
              2 : exclusive possession or control
              3 : a commodity controlled by one party
              4 : one that has a monopoly


              Let me know who else can provision a cable modem in a single cable provider community and I will retract my statment. Most communities have a local monoply for cable services. Aggregate these communities together and you have monopolies.

              Unfortunatly, the FCC say that communities can not regulate broadband in the same manner they regulate cable. I will go a step further to state that most cable companies provide internet as an unregulated monoply in their respective communities.

              My mother lives in a community with a large cable company and a city owned cable provider. The cable company is much more customer oriented and price competitive as they do not have a monopoly.
    • As another example, it would be wrong to take up two seats on an airliner when you only bought one ticket

      Did you ever got bothered by anyone when you took the free seat next to you along with the one you were currently on? I don't think so. It's there, it's available, why not using it if you feel the need to? It's not exactly the same with bandwidth because there's a direct associated cost which is not the case with the free seat (it's likely it will travel with you whatsoever ).
      Anyway, I think people just need to be explained things to accept the restrictions. Capping actually helps them having a better service overall, by protecting them from their abusing neighbours. I won't say that I don't find the up speed at 128kbps to be a bit slow, but I used to have 28.8k up so, why complaining in the first place? More is better?
  • by Gordonjcp ( 186804 ) on Friday May 10, 2002 @07:00AM (#3495813) Homepage
    OK, how's this for an idea?

    The config file is uploadable through the ethernet port, and seems to be able to specify the upstream and downstream frequencies, along with the maximum bandwidth rates etc. What would happen if you joined two cable modems with an F-to-F connector cable, and send config files to them so that the receive frequency of one was set to the transmit frequency of the other? And, how far from each other could they be? I know that the sub-headend that supplies my cable modem is only about 1/4 of a mile away, but I'm sure they work over a greater distance.

    Any thoughts?
  • Someone, please write a tool that sends and executes a cable modem uncapper on every Nimda and Code Red infected machine that probes my servers from a cable modem IP address!

    It will cut down on unwanted traffic as the cable company gestapo hunts down those ignorant dickheads who are still running unpatched machines, and sends them back to AOL, where they belong if they can't properly maintain a computer.

    ~Philly
    • Reprogram the Code Red carriers cable modems for, say, 1Kbps upstream bandwidth, so they can't bother the rest of us quite so easily. The cable co will still noticed the hacked modem if they're paying attention at all. Heck, cut their downstream bandwidth down to 64Kbps while you're at it, leaves more for those of us who know what we're doing.
  • by ZoneGray ( 168419 ) on Friday May 10, 2002 @07:10AM (#3495841) Homepage
    See, they're going about this all wrong. What they really should do is develop a way to uncap your neighbors' cable modems. Then, they'll get tossed off the network and you can have it all to yourself.
  • It seems like the overwhelming majority of folks here think that uncapping your cable modem is a Bad Idea, either because you're stealing the service, breaking the law, taking bandwidth away from people who are paying for it, or will lose your high speed access if you do.

    But how many of you used Napster, and now use Gnutella, Kazaa, Audiogalaxy and the like, and think it's your god-given right to do so?

    The shoe seems to be on the other foot when *you* run the risk of losing something. Consider, though, that other than the much closer-to-home personal risk involved in this one, that *both* acts are basically theft.

    (As an aside, I wonder, though, how long until the "studies" show that uncapping your cable modem leads to the purchase of higher-bandwidth levels of service.)

    • If I use Napster or Kazaa or any other file-trading software to download digital versions of music I already own on CDs it's not theft. It's no different than making an audio tape from a CD to play in my car. This is the legally established doctrine of "fair use" and the more people, like you, who continue to describe it as "theft" the sooner we'll be paying each time we listen to a piece of digital music. Not for each piece of music mind you, but each time we listen to it.

      Erosion of fair use rights is a seriously dangerous thing. Try to at least modify your remarks to take this into account.
  • Brilliant's spyware network, Altnet, should incorporate this hack. If the hack will work on your particular modem, then Altnet would be able to make use of more bandwidth.

    Or, maybe they shouldn't.
  • by Restil ( 31903 ) on Friday May 10, 2002 @10:02AM (#3496796) Homepage
    Someone violates his TOS by uncapping his modem for the purpose of abusing his connection, gets caught in short order, and is banned from every abusing that internet provider again. I fail to see the problem here. The REASON these modems are capped in the first place are because of these very abusers. Granted, AT&T as well as other cable providers probably don't want to lose a bunch of customers, but the heavy warez/movie trading crowd they would happily do without as they tend to overuse their bandwidth allocation regardless, as well as creating potential legal liabilities.

    This gives them an easy out. If they're able to detect an uncapped cable modem in a matter of hours after its been uncapped, then this is a great way to relieve yourself of a bunch of unwanted customers. And they don't even have to monitor bandwidth content. Just have to check the speed going over the physical maximum.

    This should also be a wakeup call for parents who "share" their internet connection with their kids. Better let your children be aware that if ever they do something this foolish there will be serious hell to pay. PAY ATTENTION to what your children are doing. You don't know?? Then don't let them have internet access. When they turn 18, let them get their own account, and they can use or abuse it as they see fit.

    Or if you REALLY need that extra bandwidth, pay for an account that provides for it. MOST companies, even cable providers have accounts that provide greater upstream bandwidth, but they don't cost $49, and they're rarely parts of a promotional deal.

    -Restil
  • Every month or so I try to email my ISP to complain about upload capping with a letter similar to the following:

    Dear Sir or Madam:

    When i subscribed to your service I was promised "Unlimited" access, however you have limited my upstream connection. When I try to video teleconference with my grandchildren in the hospital, the image quality is extremely poor, and the audio is hard to understand. It is absolutly no improvement from when I had dial-up. I was also promised that I would be able to send video emails, but they take so long to upload, and while they are uploading, it chokes my ability to surf the web. Moreso, when I am trying to upload pictures and video of my family to my website, the connection frequently stalls or disconnects halfway through the upload and I have to start all over. I find this to be very frustrating and stressful, and since my recent heart attack, my doctor has ordered me to avoid stress. Because of this I will be forced to end my service with you.


    It never seems to work, but maybe it will get them to stop promissing unlimited access and blazing speed.

    (btw, I'm not really old)
  • My uncap history (Score:3, Insightful)

    by rosewood ( 99925 ) <.rosewood. .at. .chat.ru.> on Friday May 10, 2002 @12:18PM (#3497799) Homepage Journal
    Last weekend I tried this guy's surfboard hack and I ran into one big problem

    The Docsis files are md5 signed and if I dont sign them, then I am SOL. I followed the steps, spoofed the tftp, wathced the modem grab the config - but yet my upload was still no better then 256kbits/second

    As for the whole legality - All I am going to do is make my cable modem "up to 100x faster then 56k modem" because right now I am @ 3mbit/s and 256k/s. A 56k modem has a limit of 33.6 kbit/s for upload SO 100x faster is 3360 kbit/s second ... THATS A FUCKLOAD MORE THEN WHAT I HAVE. As for my download - well, 100x faster then 56k - well, we know its not REALLY 56 and I forget what it is but I never got better then 40kbit/s so lets go with that as the cealing - 100x faster is 4000 kbit/s. - I am CAPPED @ 3000/256 but yet if I were to hit their MAX of 100x faster I would have to be capped @ 4000/3360. I know 100x means if all the planets are alligned but its absolutely 100% impossible to get 100x more then a 56k. That is false advertising. I see no reason why I can not take my modem to what they advertise.

    Discuss.

"Everyone's head is a cheap movie show." -- Jeff G. Bone

Working...