- Posts: 783
- Thank you received: 0
Tracking Down Cable Modem Users
- skepticals
- Topic Author
- Offline
- Elite Member
-
Less
More
15 years 1 month ago #31268
by skepticals
Replied by skepticals on topic Re: Tracking Down Cable Modem Users
I did a little bit of research on my own I found various websites claiming Cisco's newer UBRs can detect rouge modems and what not; howerver, I do not see how they could track it to a person's home. Yes, your spoofed MAC address might get blocked at the UBR, but how does the ISP know who is doing it?
- Sinisterjoe
- Offline
- New Member
-
Less
More
- Posts: 1
- Thank you received: 0
15 years 3 weeks ago #31703
by Sinisterjoe
Replied by Sinisterjoe on topic Re: Tracking Down Cable Modem Users
It entirely depends on how carefully they audit their network.
Detecting hacked modems is fairly easy. There are a few different methods:
1) Verify the MAC address of online modems to the database in your provisioning platform.
2) SNMP modems looking for interesting firmware versions
3) Monitor QoS service flows and monitor bandwidth usage to spot people changing their speeds
At this point the MAC address just goes on a reject list and the modem will never come online. If you're able to change your MAC address through modified firmware you can get around this pretty easily. Cat & Mouse stuff. Once you identify the MAC address you can see which upstream port the modem is on. This is usually 100-150 devices and a fairly small geographic area. The physical cable plant is built in "legs" so a technician in the field could interrupt service to the whole area by disabling one leg at a time. The MAC in question goes offline when he pulls the plug on Leg C. This might be 50 or 60 homes. They continue this down the leg to each point where homes plug into the cable system called taps. Each tap may have up to a dozen or so customers on it. When they find the right tap they disconnect each home one at a time until the MAC in question goes offline. This whole process probably takes a couple hours or less.
So to answer your question, yes, it's entirely possible to track it down to a specific house but it requires interrupting service to an entire area so I wouldn't say it's commonly done unless the hacked modem is really being a nuance by saturating a downstream and negatively impacting other customers. Just knocking your modem offline a lot is usually good enough to stop people.
Detecting hacked modems is fairly easy. There are a few different methods:
1) Verify the MAC address of online modems to the database in your provisioning platform.
2) SNMP modems looking for interesting firmware versions
3) Monitor QoS service flows and monitor bandwidth usage to spot people changing their speeds
At this point the MAC address just goes on a reject list and the modem will never come online. If you're able to change your MAC address through modified firmware you can get around this pretty easily. Cat & Mouse stuff. Once you identify the MAC address you can see which upstream port the modem is on. This is usually 100-150 devices and a fairly small geographic area. The physical cable plant is built in "legs" so a technician in the field could interrupt service to the whole area by disabling one leg at a time. The MAC in question goes offline when he pulls the plug on Leg C. This might be 50 or 60 homes. They continue this down the leg to each point where homes plug into the cable system called taps. Each tap may have up to a dozen or so customers on it. When they find the right tap they disconnect each home one at a time until the MAC in question goes offline. This whole process probably takes a couple hours or less.
So to answer your question, yes, it's entirely possible to track it down to a specific house but it requires interrupting service to an entire area so I wouldn't say it's commonly done unless the hacked modem is really being a nuance by saturating a downstream and negatively impacting other customers. Just knocking your modem offline a lot is usually good enough to stop people.
15 years 3 weeks ago #31709
by ZiPPy
ZiPPy
Replied by ZiPPy on topic Re: Tracking Down Cable Modem Users
I would love to know how the ISP does it. When I was in college there were many articles about how to hack your modem for free Internet, and increase your speeds. It was always very tempting to try it, but I figured the ISP's had to have ways of tracking people. At that time, and at this time I just don't see it being worth it. If you get caught, you will get a life ban from the ISP. In some area's you only have a choice for one ISP, at least with high speeds. You could always go back to 56K dial up modems :lol:
ISP's have something up there sleeve to monitor these rogues and whatnot, I just don't think its worth playing that game to find out how they do it.
Cheers,
ZiPPy
ISP's have something up there sleeve to monitor these rogues and whatnot, I just don't think its worth playing that game to find out how they do it.
Cheers,
ZiPPy
ZiPPy
Time to create page: 0.118 seconds