PDA

View Full Version : Do ntl encrypt DOCSIS cable modem traffic?


Ron Jeremy
28-03-2004, 00:01
Do ntl encrypt DOCSIS cable modem traffic?
I am slightly concerned that people might be invading others privacy (including my own) by eavesdropping on downstream cable modem traffic.
See this article:
http://www.theregister.co.uk/content/archive/35377.html (http://www.theregister.co.uk/content/archive/35377.html)

Paul
28-03-2004, 00:17
A bit paranoid are we :eek:

What exactly are you downloading that you are so worried about I wonder :erm:

paulyoung666
28-03-2004, 00:39
hi and :welcome: to the site Ron Jeremy , what exactly are you worried about , the way i see it is if you aint got owt to hide then why be worried :) , enjoy your stay here , most of us dont bite :D :D :D :D :D :D

Macready
28-03-2004, 03:35
surely the implications there are for the uploading as well, i.e. any online purchases you may make or passwords to such sites you enter would be passed and accessible ?

Thats the type of implication I was considering after reading that, never minding the "downloading" issue. If they are able to access the network traffic like that in a "raw" state.

SMHarman
28-03-2004, 04:01
surely the implications there are for the uploading as well, i.e. any online purchases you may make or passwords to such sites you enter would be passed and accessible ?

Thats the type of implication I was considering after reading that, never minding the "downloading" issue. If they are able to access the network traffic like that in a "raw" state.

But if the data is going over a secure pipe to a secure server then it is not in its raw state, an encrypted link between your pC and the server is in place protecting passwords and credit card details. Same applies to a VPN tunnel.

Its plain ol FTP and HTTP that others could sniff

David25
28-03-2004, 11:05
the way i see it is if you aint got owt to hide then why be worried :)

I love this arguement ;)

I'll be over later (shalll we say 2am) to rummage through you sock drawer. I mean, you have nothing to worry about right?

But back on topic, If it isn't (and I get the feeling it is not) then it should be.

Macready
28-03-2004, 12:28
But if the data is going over a secure pipe to a secure server then it is not in its raw state, an encrypted link between your pC and the server is in place protecting passwords and credit card details. Same applies to a VPN tunnel.

Its plain ol FTP and HTTP that others could sniff

Aye,

So the implications really mean any password and details that you would enter in a plaintext format on an internet website would be sniffable as I read that.

SMHarman
28-03-2004, 13:51
Aye,

So the implications really mean any password and details that you would enter in a plaintext format on an internet website would be sniffable as I read that.

If you are entering password details into a website without a padlock on the browser window, then yes. So loggin into this site would be sniffable.

Logging onto Amazon would not the site is secure and the traffic between it and you is 128bit key encrypted (unbreakable in a sensible time frame).

TimmyB
28-03-2004, 14:17
The DOCSIS traffic between your cable modem and the UBR is encrypted. See http://www.cablemodem.com/downloads/Security_in_DOCSIS.pdf

Ron Jeremy
28-03-2004, 15:30
Privacy is a human right.
The right of being free from unsanctioned intrusion.

http://www.eff.org/Privacy/
http://www.liberty-human-rights.org.uk/issues/privacy-surveillance.shtml
http://www.aclu.org/Privacy/PrivacyMain.cfm
http://www.privacyrights.org/links.htm
http://www.privacyinternational.org/

Ron Jeremy
28-03-2004, 15:38
The DOCSIS traffic between your cable modem and the UBR is encrypted. See http://www.cablemodem.com/downloads/Security_in_DOCSIS.pdf
Maybe you did not fully read the article I linked to in my original post?


http://www.theregister.co.uk/content/archive/35377.html

Ron Jeremy
28-03-2004, 15:40
Aye,

So the implications really mean any password and details that you would enter in a plaintext format on an internet website would be sniffable as I read that.
Uploaded traffic is not vulnerable. Please see:
http://www.theregister.co.uk/content/archive/35377.html

Ron Jeremy
28-03-2004, 15:41
A bit paranoid are we :eek:

What exactly are you downloading that you are so worried about I wonder :erm:
So ignorant!

rdhw
28-03-2004, 15:49
The DOCSIS traffic between your cable modem and the UBR is encrypted. See http://www.cablemodem.com/downloads/Security_in_DOCSIS.pdfThat document is all theory and advice: in fact NTL do not have Baseline Privacy enabled. A hacked cable modem on NTL would in principle be able to listen to all the traffic on the downstream channel: it is not encrypted. However, cable modems do not have the hardware to be able to receive the upstream channels (they can only transmit on them), so data sent by users to remote sites cannot be so easily eavesdropped. So a hacked cable modem would only be able to listen in to one side of the conversation: the side that you receive.

Anyway, the internet is fundamentally insecure: why worry about the last few hundred yards on cable being unencrypted when the remaining thousands of miles are unencrypted, and capable of being two-way eavesdropped?

Sending information on the internet is like writing a postcard: the postman can read it.

TimmyB
28-03-2004, 15:51
Maybe you did not fully read the article I linked to in my original post?


My appologies, I hadn't read it - but have now. That is very interesting. It is something I thought about some time back when I heard of people hacking the surfboard firmware - I thought this might be a possibility. But when I reseached it and found DOCSIS does support encryption I assumed that would prevent any eavesdropping.

It is incredible that ISPs would not implement security features built into the hardware - but the lack of a straight answer from the US ISPs mentioned in that article does lead one to wonder.

My guess is few people would know the answer to this question, and ntl are unlikely to admit if they don't.

Any volunteers to try flahing their sufrboard to find out? (This is a joke - not encouraging anyone to do anything naughty)

EDIT : Just read Robins reply above - So why on earth don't ISP's use encryption? Although it may be only now that an exploit has become available - it has always been a theoretical risk surely?

BBKing
28-03-2004, 15:53
The cardinal rule is that bandit country starts at the edge of your network, i.e. where you stop controlling traffic, treat it as visible to all. This doesn't apply only to ntl, but generally, in fact I apply it to the internal network my team uses.

Downstream traffic is more vulnerable than upstream though, but both can be snooped with the right equipment, so use SSL, SSH, VPN, PGP if you have anything you wouldn't be happy to have seen.

Paul
28-03-2004, 16:36
So ignorant!

Not it isn't - but your reply certainly appears to be.

Who do you think is going to go to all this trouble of getting the right equipment, and hacks, just to monitor your internet traffic ?

Have you ever actually looked at the output from packet analysers - it is a lot of hard work following single tcp conversations that are buried in lots of other network traffic (and even then you can only try it with the ones that arn't already encrypted by things like SSL).

My opinion is that you are being extremly paranoid - you might not like that, or agree, but it most certainly is not being ignorant.

Nutty
28-03-2004, 18:56
I have no problems with ppl sniffing my unsecure packets.. The only really important stuff I dont want out, like CC numbers, and only used on secure sites.. You'd be an idiot to blankly email these numbers out, or put them onto an unsecure site.

What I find alot more dangerous, is if ppl start uncapping their modems, which would have a detrimental effect on ntl. It would even put their bandwidth costs up, and then be forced to relay these costs to customers.

paulyoung666
28-03-2004, 19:45
I love this arguement ;)

I'll be over later (shalll we say 2am) to rummage through you sock drawer. I mean, you have nothing to worry about right?

But back on topic, If it isn't (and I get the feeling it is not) then it should be.




pathetic , yes i would have a problem because it would be breaking and entering , apologies for the off topic post everyone :(