[*] docsis query

Ron Dallmeier ron at fiber.ca
Thu Jun 9 13:25:00 CDT 2005


I don¹t have a cable modem to try and it does not surprise me that SNMP is
turned off (particularly from the NIC side). The next obvious test would be
if you could find the private IP address of RF interface on these units and
see if you could get any response from SNMP to that address (you may need to
do try it from another person's house).

BTW - the cable modems also have access-list features which could be
configured to only accept SNMP from a specific source.

...Ron

On 6/9/05 1:10 PM, "DAN KEIZER" <ve4drk at shaw.ca> wrote:

> Ron, were you able to connect to the snmp port on the 5100?  I don't show it
> as being open, but I do show 2 ports being open, the http port and the H.323
> port.  Being able to query the modem would in itself be useful.
> 
> Dan.
> 
> ----- Original Message -----
> From: Ron Dallmeier <ron at fiber.ca>
> Date: Thursday, June 9, 2005 1:05 pm
> Subject: Re: [*] docsis query
> 
>> 
>> The following is my understanding of how the cable modems are
>> configured:
>> - cable modem turns on - it does a BOOTP request
>> - cable modem is supplied with a IP address, firmware version that
>> is should
>> be running and the tftp server
>> - cable modem gets the firmware only if required
>> - cable modem gets the config from the tftp server
>> 
>> The config file contains are the parameters including QOS settings or
>> rate-limiting, all the RF settings (which channel to move to), etc.
>> 
>> For those interested in hacking, the cable modem is usually
>> configured not
>> to accept BOOTP from the NIC side and therefore you would have to
>> answer the
>> BOOTP request on the RF side. You would also have to know several
>> thingsabout the head-end (CMTS) so that the config file matched
>> the settings. The
>> config file is binary and the format is not publicly available.
>> Lastly, you
>> would probably need your own CMTS to jump in at the BOOTP sequence and
>> moving your cable modem from your mini RF network to Shaw's would
>> have to be
>> done very fast. If the cable modem senses that the network has
>> dropped it
>> will reboot.
>> 
>> Another easier way would be if someone found out the SNMP write
>> password and
>> obtained the MIB table for the modem. You could tweak settings
>> that would
>> last until your modem was reset. At Videon (before Shaw) we did
>> not poll
>> cable-modems so ARP spoofing one would not result in capturing a SNMP
>> packet. We polled everything from the CMTS. A simple access-list
>> on the CMTS
>> could easily prevent SNMP traffic to Shaw's network components.
>> 
>> For more detail info on the DOCSIS standards go to
>> http://www.cablemodem.com/specifications/specifications20.html
>> 
>> ...Ron
>> 
>> On 6/9/05 12:24 AM, "DAN KEIZER" <ve4drk at shaw.ca> wrote:
>> 
>>> With the info that's been discussing recently regarding latency
>> and the like
>>> on mts/shaw's systems WRT voip, I did a little digging ... I
>> have shaw extreme
>>> internet (I like it .. alot) ... I have the docsis 2.0 motorola
>> modem (SB5100
>>> surfboard cablemodem).  It seems that this little modem has an
>> http and snmp
>>> server and it appears that shaw has disabled the customer-side
>> of the snmp
>>> server :-( I'd be interested in knowing if anyone has been able
>> to get any
>>> stats out of this system. The built-in httpd server
>> (192.168.100.1) provides
>>> very limiited information from the pages I've been able to hit.
>>> 
>>> There was a website (
>>> 
>> http://homepage.ntlworld.com/robin.d.h.walker/cmtips/latency.html ) i was
>>> perusing which discusses latency issues with the docsis ..
>> interesting .. i
>>> didn't realize that any extra transmissions from the client side
>> over the
>>> bandwidth limiting control just gets dumped and would have to be
>> re-tx'ed ..
>>> so it certainly makes good sense to throttle the router back ..
>> don't know
>>> about what the modem would do in this case or whether it is even
>> configurable> for bandwidth limiting on it's side.  anyone know
>> anything more about this
>>> modem/config options?
>>> 
>>> Learned something new ..
>>> 
>>> Dan.
>>> 
>>> 
>>> _______________________________________________
>>> Asterisk mailing list
>>> Asterisk at muug.mb.ca
>>> http://www.muug.mb.ca/mailman/listinfo/asterisk
>>> 
>> 
>> _______________________________________________
>> Asterisk mailing list
>> Asterisk at muug.mb.ca
>> http://www.muug.mb.ca/mailman/listinfo/asterisk
>> 
> 
> _______________________________________________
> Asterisk mailing list
> Asterisk at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/asterisk
> 




More information about the Asterisk mailing list