> Daemeon Reiydelle wrote:
> >
> > This problem is endemic and inherent to ALL cable companies because each
> > segment (more or less a few block radius) is a common subnet.
>
> What about the claim in the article that all one need do is disable
> sharing, or, at least use good passwords on shares. Is this enough?
Not really. How good a password do you think your typical cable modem home PC
user is going to choose?
At least one cable provider (MediaOne) solved part of this problem at their
head-end equipment. The browse port (137/UDP I believe) is filtered. Network
Neighborhood is empty, but if you know the IP address of a friend, you can
still connect to his computer and share files. Or take a stab at guessing his
passwords, if any.
In general, it seems to me that MediaOne (bought by @Home recently, IIRC) does
a better job at closing the obvious holes than other cable providers. For
instance, they use static ARP tables in their head-end equipment. If you
change ether cards, you have to call them to tell them the new MAC address, or
you don't get assigned an IP address. I'm sure they do this more to prevent
theft of service than to protect their customers, but still, it shows a level
of cluefullness that I haven't seen from other cable providers.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
