Tracking Down Cable Modem Users

I was approach by a friend regarding an article about hacking cable modems. I researched it and I found that you can hack your cable modem (on certain ISPs) and simply change your DNS entry and you can access the Internet for free.

1) You will not have your MAC address associated to an account.
2) You can change your modem to work faster and get better speeds.

Is it possible for the ISP to trace this? Or is this lost at the conversion of Fiber to Coax? I thought that a node would provide coax connections to an entire neighborhood, is that correct? Is an ISP unable to trace the rouge modem back to a house?

I would guess they could find that the MAC is not associated to an account and use some type of MAC filtering, but that does not seem to be the case.

Thoughts?

Everything is traceable, the question is would they have the time and resources? Would it be worth the outlay given what they might recover? That depends on the number of people on their network doing it and the revenue they are losing

Yes, I understand that "Everything is traceable"; however, with the current infrastructure, is it possible?

If there is a node with fiber that then gets split up to 100 homes over coax. How would they trace a rouge MAC address?

The first indication would be bandwidth being taken that they could not explain. This discovery would probably be made because it caused problems for other users or noticeably higher costs for the company. There's always the chance discovery though.
Then, assuming the excess bandwidth was sufficient and persistent enough to make them want to invest time and resources into tracking down, they would have to go node-to-node along the network and find out which node the leecher was on. They could probably do this remotely via SNMP or something. Having traced the offender to a particular node they would then have to review the traffic being drawn on each drop circuit from that node and cross-reference the findings with their customer database. The one sucking bandwidth that is not assigned to a paying customer is the culprit. Then they'd have to gather evidence of dates, times used, amounts of data, sites visited, IP addresses etc so they could prove it was you. Then, finally, they could send the boys round. See what I mean when I say it all depends whether they think it's worth it?

Bishop,

Yes, I understand the time/money approach. I am trying to under stand Cable networks at a technical layer. I need to understand more for the ISCW CCNP test as well. I figured an example like this would help.

Do you know more about a typical cable company's network? For instance, the coax leaves a house then goes to a node that converts it to fiber? Where do the cables aggregate?

I understand the principles and the way these networks were implemented during the first wave of cable TV broadband some 20 years ago. They might be doing things a little better now, second time around. Is there anybody on the forums that works with this now? If so, please dive in and post.
I'll try to have a root round this weekend and dig out some of my old material