Re: Is cable network really a shared medium?(more [7:38718]
Some clarifications for this post: * Just about every DOCSIS cable modem on the market operates as an ethernet bridge. If one has residential HSD service from a cable company and you "lease" the modem, then you have a bridging modem. * While DOCSIS modems are bridging devices, they will not bridge all observed ethernet frames. Instead, the modem will bridge only frames with MAC DA values which are known to exist on the modem's ethernet interface. The modem *may* also bridge certain broadcast and multicast traffic. * BPI (baseline privacy) is a mechanism where a security association is created dynamically between the cable modem and the CMTS. Each time the CMTS sends a frame to a modem, it encrypts the frame using the security information agreed to with that modem. This means that there's a unique security association between the CMTS and each modem running BPI. In order to prevent a modem from decrypting each frame to determine if it's one of interest to the modem (ie one that it wants to bridge), the DOCSIS spec indicates that certain frame fields are to be sent in clear text. These fields include the ethernet's SA and DA MAC fields and the DOCSIS "SID" value. The modem can then filter frames until it sees one with an interesting DA value, decrypt the PDU, and then forward the un-encrypted PDU (ethernet frame) out the ethernet interface. The modem need not decrypt every packet to determine which are of interest. Fraasch James wrote: > > You guys are both right. Cable modem plants are a broadcast network. All > packets are sent down the line and you have the ability to see everyone's > traffic 'IF' you could sniff the cable line and not sniff the ethernet cable > going to your PC. Most cable modems are simply mini-routers so if packets > are not destined for you then they are dropped. However, if you could > console into your modem (depending on brand) you could change the thing to a > bridge. So if your modem was set up as a bridge then you could see all the > traffic. > > And baseline privacy it's great in theory yes. But think about this: When > subcribers first get their equipment installed there is no software added to > their PC that allows them to de-encrypt the data traveling around the > network. So where does the de-encryption happen? The modem and CMTS are > what de-encyrpt the data. And in order for your modem to know if a packet > is destined for you on this broadcast network it needs to de-encrypt the > packet and then drop it. > > So you are on a broadcast network where all cable modems can de-encrypt all > data. If the modem was configured as a bridge and simply forwarded all data > to the ethernet port, then you could sniff til the cows come home. > > Understand that I am a HUGE fan of cable modem services. There are just > some small holes that need to be filled. Security is one issue and quality > of service at the cable modem level is another- although this can be > addressed a little bit by playing with the bandwidth settings in the > cmconfig files that are downloaded when the thing boots up. > > James > > www.itpapers.com has about 85 papers on Cable Modems. Registration is > required and free- except for the occasional email. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38890&t=38718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium?(more [7:38718]
My bad. True, you would see broadcasts but not all traffic. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38846&t=38718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium?(more [7:38718]
At 11:50 AM 3/19/02, Fraasch James wrote: >You guys are both right. Cable modem plants are a broadcast network. All >packets are sent down the line and you have the ability to see everyone's >traffic 'IF' you could sniff the cable line and not sniff the ethernet cable >going to your PC. Most cable modems are simply mini-routers so if packets >are not destined for you then they are dropped. However, if you could >console into your modem (depending on brand) you could change the thing to a >bridge. So if your modem was set up as a bridge then you could see all the >traffic. Just changing the cable modem to bridging mode wouldn't mean you could see everyone else's traffic, would it? It doesn't cause the cable modem to act like a hub. You could see broadcasts, but not everyone else's traffic, don't you think? Priscilla >And baseline privacy it's great in theory yes. But think about this: When >subcribers first get their equipment installed there is no software added to >their PC that allows them to de-encrypt the data traveling around the >network. So where does the de-encryption happen? The modem and CMTS are >what de-encyrpt the data. And in order for your modem to know if a packet >is destined for you on this broadcast network it needs to de-encrypt the >packet and then drop it. > >So you are on a broadcast network where all cable modems can de-encrypt all >data. If the modem was configured as a bridge and simply forwarded all data >to the ethernet port, then you could sniff til the cows come home. > >Understand that I am a HUGE fan of cable modem services. There are just >some small holes that need to be filled. Security is one issue and quality >of service at the cable modem level is another- although this can be >addressed a little bit by playing with the bandwidth settings in the >cmconfig files that are downloaded when the thing boots up. > >James > >www.itpapers.com has about 85 papers on Cable Modems. Registration is >required and free- except for the occasional email. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38842&t=38718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium?(more [7:38718]
You guys are both right. Cable modem plants are a broadcast network. All packets are sent down the line and you have the ability to see everyone's traffic 'IF' you could sniff the cable line and not sniff the ethernet cable going to your PC. Most cable modems are simply mini-routers so if packets are not destined for you then they are dropped. However, if you could console into your modem (depending on brand) you could change the thing to a bridge. So if your modem was set up as a bridge then you could see all the traffic. And baseline privacy it's great in theory yes. But think about this: When subcribers first get their equipment installed there is no software added to their PC that allows them to de-encrypt the data traveling around the network. So where does the de-encryption happen? The modem and CMTS are what de-encyrpt the data. And in order for your modem to know if a packet is destined for you on this broadcast network it needs to de-encrypt the packet and then drop it. So you are on a broadcast network where all cable modems can de-encrypt all data. If the modem was configured as a bridge and simply forwarded all data to the ethernet port, then you could sniff til the cows come home. Understand that I am a HUGE fan of cable modem services. There are just some small holes that need to be filled. Security is one issue and quality of service at the cable modem level is another- although this can be addressed a little bit by playing with the bandwidth settings in the cmconfig files that are downloaded when the thing boots up. James www.itpapers.com has about 85 papers on Cable Modems. Registration is required and free- except for the occasional email. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38820&t=38718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
