Do ntl encrypt DOCSIS cable modem traffic?
27-03-2004, 23:01
|
#1
|
Inactive
Join Date: Mar 2004
Posts: 33
|
Do ntl encrypt DOCSIS cable modem traffic?
Do ntl encrypt DOCSIS cable modem traffic?
I am slightly concerned that people might be invading others privacy (including my own) by eavesdropping on downstream cable modem traffic.
See this article:
http://www.theregister.co.uk/content/archive/35377.html
|
|
|
27-03-2004, 23:17
|
#2
|
Dr Pepper Addict
Cable Forum Team
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,732
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
A bit paranoid are we
What exactly are you downloading that you are so worried about I wonder
__________________
Baby, I was born this way.
|
|
|
27-03-2004, 23:39
|
#3
|
Permanently Banned
Join Date: Jun 2003
Location: norton , teesside
Age: 55
Posts: 10,571
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
|
|
|
28-03-2004, 02:35
|
#4
|
Inactive
Join Date: Aug 2003
Location: Swansea, Wales
Age: 43
Posts: 77
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
surely the implications there are for the uploading as well, i.e. any online purchases you may make or passwords to such sites you enter would be passed and accessible ?
Thats the type of implication I was considering after reading that, never minding the "downloading" issue. If they are able to access the network traffic like that in a "raw" state.
|
|
|
28-03-2004, 03:01
|
#5
|
Inactive
Join Date: Jun 2003
Services: Cablevision
Posts: 8,305
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
Quote:
Originally Posted by Macready
surely the implications there are for the uploading as well, i.e. any online purchases you may make or passwords to such sites you enter would be passed and accessible ?
Thats the type of implication I was considering after reading that, never minding the "downloading" issue. If they are able to access the network traffic like that in a "raw" state.
|
But if the data is going over a secure pipe to a secure server then it is not in its raw state, an encrypted link between your pC and the server is in place protecting passwords and credit card details. Same applies to a VPN tunnel.
Its plain ol FTP and HTTP that others could sniff
|
|
|
28-03-2004, 10:05
|
#6
|
Inactive
Join Date: Dec 2003
Location: Swansea
Age: 48
Posts: 111
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
Quote:
Originally Posted by paulyoung666
the way i see it is if you aint got owt to hide then why be worried
|
I love this arguement
I'll be over later (shalll we say 2am) to rummage through you sock drawer. I mean, you have nothing to worry about right?
But back on topic, If it isn't (and I get the feeling it is not) then it should be.
|
|
|
28-03-2004, 11:28
|
#7
|
Inactive
Join Date: Aug 2003
Location: Swansea, Wales
Age: 43
Posts: 77
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
Quote:
Originally Posted by SMHarman
But if the data is going over a secure pipe to a secure server then it is not in its raw state, an encrypted link between your pC and the server is in place protecting passwords and credit card details. Same applies to a VPN tunnel.
Its plain ol FTP and HTTP that others could sniff
|
Aye,
So the implications really mean any password and details that you would enter in a plaintext format on an internet website would be sniffable as I read that.
|
|
|
28-03-2004, 12:51
|
#8
|
Inactive
Join Date: Jun 2003
Services: Cablevision
Posts: 8,305
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
Quote:
Originally Posted by Macready
Aye,
So the implications really mean any password and details that you would enter in a plaintext format on an internet website would be sniffable as I read that.
|
If you are entering password details into a website without a padlock on the browser window, then yes. So loggin into this site would be sniffable.
Logging onto Amazon would not the site is secure and the traffic between it and you is 128bit key encrypted (unbreakable in a sensible time frame).
|
|
|
28-03-2004, 14:30
|
#10
|
Inactive
Join Date: Mar 2004
Posts: 33
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
|
|
|
28-03-2004, 14:40
|
#12
|
Inactive
Join Date: Mar 2004
Posts: 33
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
Quote:
Originally Posted by Macready
Aye,
So the implications really mean any password and details that you would enter in a plaintext format on an internet website would be sniffable as I read that.
|
Uploaded traffic is not vulnerable. Please see:
http://www.theregister.co.uk/content/archive/35377.html
|
|
|
28-03-2004, 14:41
|
#13
|
Inactive
Join Date: Mar 2004
Posts: 33
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
Quote:
Originally Posted by pem
A bit paranoid are we
What exactly are you downloading that you are so worried about I wonder
|
So ignorant!
|
|
|
28-03-2004, 14:49
|
#14
|
Inactive
Join Date: Oct 2003
Location: Cambridge
Posts: 567
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
Quote:
Originally Posted by TimmyB
|
That document is all theory and advice: in fact NTL do not have Baseline Privacy enabled. A hacked cable modem on NTL would in principle be able to listen to all the traffic on the downstream channel: it is not encrypted. However, cable modems do not have the hardware to be able to receive the upstream channels (they can only transmit on them), so data sent by users to remote sites cannot be so easily eavesdropped. So a hacked cable modem would only be able to listen in to one side of the conversation: the side that you receive.
Anyway, the internet is fundamentally insecure: why worry about the last few hundred yards on cable being unencrypted when the remaining thousands of miles are unencrypted, and capable of being two-way eavesdropped?
Sending information on the internet is like writing a postcard: the postman can read it.
|
|
|
28-03-2004, 14:51
|
#15
|
Inactive
Join Date: Jun 2003
Posts: 19
|
Re: Do ntl encrypt DOCSIS cable modem traffic?
Quote:
Originally Posted by Ron Jeremy
Maybe you did not fully read the article I linked to in my original post?
|
My appologies, I hadn't read it - but have now. That is very interesting. It is something I thought about some time back when I heard of people hacking the surfboard firmware - I thought this might be a possibility. But when I reseached it and found DOCSIS does support encryption I assumed that would prevent any eavesdropping.
It is incredible that ISPs would not implement security features built into the hardware - but the lack of a straight answer from the US ISPs mentioned in that article does lead one to wonder.
My guess is few people would know the answer to this question, and ntl are unlikely to admit if they don't.
Any volunteers to try flahing their sufrboard to find out? (This is a joke - not encouraging anyone to do anything naughty)
EDIT : Just read Robins reply above - So why on earth don't ISP's use encryption? Although it may be only now that an exploit has become available - it has always been a theoretical risk surely?
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 08:08.
|