Comcast Plans Cable Boxes with Integrated Wi-Fi and Snooping 427
Kaa writes "Short version: Comcast's cable modem/802.11g base station that is made by Linksys has capabilities to 'phone home' to Comcast and tell them how many devices are connected to your WiFi base station, how much bandwidth they are using, etc. It also has the capability to 'disable LAN segments' which, I assume, means they can kick your devices off your home network if they choose to do so. Something tells me this particular device won't make it into my house..."
Smoothwall (Score:5, Informative)
Put a smoothwall box [smoothwall.org] or another router between your home network and the new cable modem (as I'm sure many of us already do). Although the wireless access would be nice to use, 802.11b/g access points are pretty cheap these days.
Easy fix. (Score:4, Informative)
More Devices = More MONEY (Score:3, Informative)
Beyond the pale..... (Score:5, Informative)
* Enable viewing of LAN IP Device information obtained via the CableHome DHCP Portal (CDP)
* Enable viewing of the results of LAN IP Device performance monitoring done by the CableHome Test Portal (CTP)
* Provide the capability to disable LAN segments
I hope that at some point, we, as users, can vote with our wallets and stop this nonsense. The more we give into this kind of seller-bullying, the more we can expect.
Happy Trails!
Erick
This can't be mandatory. (Score:3, Informative)
So long you buy your own DOCSIS-compatible modem, you can attach whatever hardware to your network you want.
easy solution -- $19 wifi router, no rebates (Score:4, Informative)
cheapest i've seen considering there's no rebates involved...
2.4GHz 11Mbps Wireless Router with 4 Port Switch, 802.11b
Manufacturer: FMI
Mfg Part #: WE711APR
Product Number: 295106
Original Price: $89.99 (79% Off)
Regular Price: $69.88
Internet Special: $18.99
COMCAST: I don't know.... (Score:5, Informative)
Well, last week I got a letter from COMCAST telling me that they have determined I have more than on machine connected to my cable modem and that if I don't respond by June-something they will terminate any other IP addresses beyond one. Although, for and extra $9.99 a month, I can have up to 4 extra (5 total) IP address.
I think those sons-of-bitches are pulling a scam and have bait-and-switched me. I was very up-front with the rep when I signed up and told him I needed to have 5 computers connected and would that be a problem... "No, of course not," I was told, "You can connect up to 5 computers, we just don't support and LAN/ethernet-hub problems you might have."
FUCKING LIARS
Re:Continue BOYCOTT (Score:5, Informative)
Re:Smoothwall (Score:2, Informative)
Re:COMCAST: I don't know.... (Score:3, Informative)
Re:Smoothwall (Score:4, Informative)
Re:COMCAST: I don't know.... (Score:1, Informative)
You can have a router with NAT and how many ever computers you want. That does not mean that you can have an individual IP for all of them.
You always had the option of purchasing additional dynamic IPs from them.
Re:COMCAST: I don't know.... (Score:2, Informative)
Re:COMCAST: I don't know.... (Score:2, Informative)
Re:Smoothwall (Score:3, Informative)
Using obscure ports doesn't really matter anymore... All I need is a recent version of nmap [insecure.org], and I can find out what services you're running and what ports they are on
I've got one now. (Score:5, Informative)
I currently have the Wireless Gateway that they are discussing and while I don't know about the stuff they claim it can do, I do know a little about it's use.
192.168.0.0/24 == NAT range used.
192.168.0.1 == Router admin interface
192.168.100.1 == Router tech summary interface
Both those interfaces == HTTP. Both interfaces use the same password by default.
User: comcast
Pass: 1234
That's the default. They also recommend at install time that you don't change that.
I think that's fishy as hell so that was the first thing I changed. Luckily the tech here on site was competant enough to ask me what WEP key I wanted to use and let me pick whatever phrase I wanted. That showed intelligence.
On the whole, I have no complaints with them. If they fuck with my service, maybe I'll have problems. But Charter (local competition) isn't much better.
Re:This is a product for the lusers... (Score:2, Informative)
Re:I'm out. (Score:3, Informative)
Comment removed (Score:4, Informative)
Re:FCC (Score:2, Informative)
Re:Easy fix. (Score:1, Informative)
Well, can't they fingerprint the packets? I mean, isn't there a way the number of unique machines can be determined?
Suppose you have 15 computers chewing the limit of bandwidth, not crushingly, but maybe 80%. Then, one person is shopping mstewart, another pron, and another Home Depot, another on globaldefense.org, and so on. How likely is it that just one person can type in all the URLs (talkn' 'bout by hand), respond to the information/requests, and keep surfing?
Can't the MAC addresses be queried at some level? thought that some bad NICs could be tricked. If it is not possible at all, the apologies. But, I am wary. Ever since the CIA and Telcos have been in bed, it's likely that even cell phones TURNED OFF can be tracked. Just embed a cell-polling chip or interrogator chip in the battery pack. Of course, I've not rigged and radio direction finding gear near my cell to test this, but I think eventually it will be in all phones "as an augmentation to 9/11 rescue assistance for the disabled motorist or stranded pedestrian...". Yep...
Ever wonder if the day will come that paper money's metal strip will act as a collective antenna? I mean, why use exploding dye packs when some cell domes or cones in a financial district or atop high-value transactions-oriented buildings can home in on huge wads of cash moving at one time in a tracked direction. The trigger would be the failure on the part of a human to deactivate the frequency checked for the pallet, bundle, or stack.
Ever wonder if a modem is embedded in Kinko's copiers? Imagine all the criminals (from copyright abusers to bonafide nefarios) who think an "offline" copier is safer than a networked printer... I imagine the day will arrive soon (if not already here) where your convenient money-card will tie in with the store surveillance camera, which are both tied to the card reader on the copier. Photograph anything and it's scanned. Copy and bulk-print things, and they are scanned. Now, the copyright industry as well as the various domestic surveillance units, from LAPD to CIA and those of which we'll never know the names, will have a bead on every person who uses technology.
Maybe a way to combat it is to surf nonsense, deliver nonsense, and swap cards with others. Maybe Father John or Sister Imelda will, for a cash donation, swap cards so I can break the purchase trail....
Just some ideas been runnin' thru my mind the past 2 years...
David Syes
Citizen of Earth, resident of whatever nation.
Re:COMCAST: I don't know.... (Score:5, Informative)
You are using multiple IP addresses. This means you're using a hub, not a router. Multiple IPs are commonly extra priced.
You want to use multiple devices with NAT. Buy a proper router and plug it in, then plug your devices into there. They'll all use the same IP, and Comcast will be happy.
The only mistake on their part is not stating that multiple computers must share one IP.
From someone inside (Score:5, Informative)
The cablehome pro standard shown in the article show what it can do, but not what Comcast is actually doing. What is currently implemented does not intrude in the ways suggested. Comcast employees can view basic information like current DHCP leases, # of WLAN clients and router config (parental settings, etc) The cablehome standard implementation is currently very limited, only in certain areas at this time.
I also want to say that I disagree with many Comcast policies, but we don't care what is connected to the gateway unit. The gateway is set in the firmware to only give 5 DHCP leases. If one wants more devices they need to set it staticly, but non-Comcast installed devices are not supported anyway.
Also keep in mind who this product is marketed to - the average family lacking the technical ability to configure their own wireless network.
Re:easy solution -- $19 wifi router, no rebates (Score:3, Informative)
Also, the FMI/CompUSA branded model has shit support. And any change to the firmware settings requires a restart. ANY change.
Re:Smoothwall (Score:5, Informative)
It does break all internet standards, though. That's always a great thing (*rolls eyes and looks at M$*)
Re:Smoothwall (Score:5, Informative)
If you use SMTP, yes, so too will this. Unless you let the CableHome system access the SMTP of your devices, you have nothing to worry about.
It uses DHCP, well, so does my current Cable-Modem. In fact, all DOCSIS cable-modems can offer DHCP. No surprise there.
Ping - yep, looks like it will block pings into your network (or answer for you). Nothing every DSL modem doesn't already do.
TFTP, slightly more worrisome, but a good standard to allow remote updating of devices that they own (and need to manage).
This is about selling more network devices into your home that the average user won't know how to set up with an old Linux box and a pack of bubble-gum. They will get to sell more stuff, and make more money. Many users will get the benefit of neat network appliances in there home .. that they merely have to pay a separate subscription fee for.
The network segment shut-down is there to cut-off devices that they own but you are trying to use anyway, but don't want to pay the subscription service for.
Yes, there is room for abuse, but it's not nearly as bad cutting off all other WiFi. It wouldn't be technically capable of telling a WiFi router apart from an in-home network switch or a NATting Linux box. I suppose the built-in WiFi would block your own WiFi's signal, but that doesn't point to a conspiracy.
Communites need to own the infrastructure... (Score:3, Informative)
This is even more of a reason to support community owned infrastructures such as UTOPIA in Utah, and the iProvo network in Provo. Utah can and is wrong on so many social issues, but this one they actually got right. So much so that Comcast and Qwest are lobbying HEAVLY to prevent such a network from going into place. They (Comcast and Qwest) have succeeded in scaring away Salt Lake City from the initative, an I suspect many more. >br>
I may dispise with a fiery passion the local Univiersity that makes Provo its home, but iProvo has already been given approval and should be city wide in 2 years. A very BIG incentive for me to stay here in Utah and live in Provo.
Re:Smoothwall (Score:3, Informative)
From the inside. (Score:5, Informative)
I can say with authority that these devices suck. They have custom firmware with the vast majority of the normal Linksys functionality stripped out. The end user isn't even supposed to be able to access the web interface. (The login is comcast/1234 if anybody needs it...) About the only good thing is that they come with WEP enabled with no key by default, so if the install technician (who usually knows only slightly more than the end user) forgets to go in and set a WEP key, no wireless clients can connect. I'm not even sure it's possible to disable WEP on them... I know it's not through the normal technician 'install' interface, but there is an avanced WEP screen I haven't played with too much.
Comcast wants to charge something to the effect of $20 for the network + $10 per additional computer monthly, depending on your region. They want the install technicians to call in the MAC of each connected device, which are stored in the space in Comcast's system where additional outlet information usually goes. I am not sure whether this actually does anything. One of Comcast's lead technicians explained to me that the first time they went out (3 of them) to try to get one of these devices installed, they spent 6 hours working on it, only to discover that the problem was they hadn't called in the MAC addresses. Contrast that with my own experience, having installed 4 of these (showing the contractor's techs how to do it), all of which have worked just fine wireless without calling in the MACs. I don't know if that's a permanent solution though, in each case the customer took my recommendation that they get a normal cable modem and buy their own router to save money, so we removed all 4 of the ones I installed within a day or two. (Obviously I won't be telling you exactly who I am, someone at Comcast might be reading this...)
Anyways, if they've got some grand scheme to restrict access to approved and payed-for devices, it looks to me like it's not working yet...
Re:COMCAST: I don't know.... (Score:2, Informative)
Not the TechTV stuff again (Score:3, Informative)
All the blind "OMFG THEY'RE KILLING TECHTV!!!111" nonsense has been the inspiration of my new sig.
Re:Lord - please stop the FUD (Score:3, Informative)
By DOCSIS standard, the cable company has to be able to interact directly with your cable modem, and know (to a certain extent) what it's doing. So if the cable modem is your router, your argument can't work. However, assuming your router is on your side of the cable modem, well it's still technically wrong.
First, if you are running your own Network Address Translation service - then this modem won't be able to see past it anyway. Anything the cable company would sell on said HomeConnect services would have to be on their side of your intenal router. By definition these devices would not be able to directly interact with your PCs (only to your router). Second, if you are not running your own Network Address Translation service then you are asking the cable company for IP addresses. That means that every time you turn a system on, they have to give you an IP.
My cable service allows me 5 IP addresses, they have the right to cut me off after I've hooked up 5 computers with their IP addresses.
Finally, assuming you are running a switch and not a hub (external to the device they control) anything you move from one device inside your home to another would not be seen by the cable modem anyway.
The HomeConnect standards document does not have anything in it about how to profile network traffic. It does describe how to request SNMP connections to devices, identify those devices that answer (this is a configuration chioce you can set for your own devices), and manage those devices that allow management.
I really don't see this as being a conspiracy product. Like I said, there is potential for abuse. This is the same potential for abuse by the phone company to monitor all phone calls you make, identify where they are to, and bill you if they are outside of your area.
I'm sorry, I don't see the issue here. If you can show me one, I'll be happy to listen, but please don't thump on the conspiracy theories without even explaining the technical side, HOW. My job is IT, I can take the technical details if you can conjure them.
Re:Smoothwall (Score:2, Informative)
Your mistake is assuming that the ports are being scanned sequentially. nmap scans all 65000 (or so) ports concurrently (it doesn't have to wait for a port to respond before initiating the connection to the next one), and the 30 second delay mentioned in the message you responded to is probably long enough for nmap to register all the ports that are going to respond.
Bitbucketing port replies won't do diddlysquat (and will actually probably make it easier for the attacker, since the attacker will get back replies for only those ports which are open & active.)