[ale] An unnecessary outage

Matt Rutherford matthew.g.rutherford at gmail.com
Wed Apr 13 13:50:27 EDT 2011


Michael,

Lurker cable person here. First, what's hardware version of the SMC? You
might check if there are known-fix options for it. Do you have access to the
GUI on it via it's local gateway IP? I've worked with some of the 'business
class' SMC modems that cable companies use and there are some weird issues
with some versions. That said, I've been on the support end of the line
plenty of times with residential cable modems where a problem on the
internal network (typically the routers) will actually offline a modem
entirely or cause serious problems with the network. So there is no 100%
guarantee that the modem won't be impacted on the DOCSIS/RF side of things
by a device in the home. Same goes for anything throwing enough static
sharing the same power strip, though happens less often overall.

Do you know what happened to the Linksys? I'm just curious if this was an
issue where the Linksys and the modem were fighting for control of default
gateway route, or something more hardware-level. Most modems providing NAT
or bridge/routing mode still advertise a local address (for residential
cable modems typically 192.168.100.1) that you can use to reach their GUI
and check diagnostics. If the Linksys got reset to defaults or conflicting
settings, I can see that causing problems. Hardware level stuff can be much
more random-seeming.

Replacing the SMC with your own equipment it depends on how your provider
has their IP routing set up. I've mostly seen RIPv2 based routing for
'business class' or static IP service from cable ISPs. This requires your
modem to have the static IP configurations in place and the (non customer
visble/secret) RIP key in place to make these IP's route to the modem at the
premises. This means that cloning the MAC address alone of the device won't
set up the modem to route your /28. Additionally, most residential class/off
the shelf modem/router combo's won't actually accept a static IP
configuration due to the firmware imaging. I'll cut short a lot of detailed
info but in a nutshell the firmware on modems (customer owned or corporate
provided) is provided by the cable company and if a non-authorized image is
detected the modem won't be authorized for service. For standard cable
modems, the services are based on MAC address, but the checks for an
authenticated/signed firmware image will prevent services thanks to happy
cable modem hackers - especially in Docsis3. This is typically in the small
print of the contract/user agreement/policies - even if it's your equipment,
the cable company can force firmware updates and deny service to
non-authorized images.

I do not think you will see the DOCSIS side broadcasts from wireshark since
these go out from a separate interface which performs DOCSIS encapsulation
between the modem's RF out chip and the CMTS upstream, where the traffic is
re-encapsulated to head out on the backbone.

Lastly, the mixed luck news: I've not seen a single cable operator that will
route a static IP block to a modem they don't own because of the secret key
for whatever routing scheme they use. Making that available to end-user
controlled modems would be a major security flaw. However many operators do
have more than one type or provider of the modems they use in the market.
You may be able to call the cable operator and request a modem from a
different manufacturer, but that depends heavily on the market you're in and
what hardware availability is like.

With regard to internal cable modems, their unavailability comes from a
couple directions: Control of hardware, control of software. There's some
interesting books out there about cable modem hacking and the history of
cable modems, but from my understanding it boils down to the controllers of
the DOCSIS spec (CableLabs) having a vested interest in keeping end-users
from fiddling with and bypassing security and authentication measures,
including the digital certificates internal to the modems. I'm highly
doubtful a computer-internal cable modem would ever get licensed for DOCSIS
or pass DOCSIS certification.

In summary, your best bet is to contact your cable provider and ask about
alternate modem availability to see if another modem doesn't have the same
kind of problem. It's possible they could also re-configure the SMC to a
different setup to prevent possible failure of this type in the future if
there was a known-issue from a tech bulletin/etc.


Matt


On Wed, Apr 13, 2011 at 11:01 AM, Michael B. Trausch <mike at trausch.us>wrote:

> So I just had a nearly 24 hour outage on my cable services.  The root
> cause?  Defective hardware: a condition existed on my home network that
> triggered the mandatory SMC network appliance (cable modem/router
> combination) to fail fantastically.  Something caused my Linksys
> wireless access point to go wonky.  This caused the SMC cable
> modem/router combination to just stop working.
>
> This tells me three things.
>
> #1, something is very wrong with the design of the SMC box.  It does not
> isolate trouble to a single port as it should.  Anything that does not
> comply with the Ethernet standard, or anything that is not functioning
> properly according to the Ethernet standard, should _not_ cause the box
> to lock up, drop its DOCSIS connections, and do nothing.
>
> #2, the internal switch on the device must be bridging the four external
> Ethernet ports together with an Ethernet port (virtual or otherwise)
> internal to the device that represents the DOCSIS side of the modem.
> This is probably why the failure of _ONE_ device on my network caused
> the whole thing to go "tango uniform".  I'd be willing to bet that the
> switch treats the USB port on the device as another Ethernet port, too,
> but that's neither here nor there.
>
> #3, the multiport bridge on the inside of the device, or the software
> that drives it, or some combination of both, are very poorly designed
> and/or buggy.  If I wanted troubles to propagate through my network I'd
> use a bloody stupid hub!
>
> I want this thing off my network.  I want it off my network five years ago.
>
> Does someone here know a great deal about the cable network?  I want to
> replace this.
>
> But in order to do so I need to understand a little more about how it
> works and how it gets my /28 to me.  Is it possible to do something like
> use wireshark with a dongle of some sort that attaches to the coax, and
> can look at the traffic on the coax?  Is it possible to buy a DOCSIS 3
> cable modem and clone the MAC address of another modem on the DOCSIS
> interface so that the cable company thinks that I'm still using the
> modem they gave me and won't just refuse to talk to my new cable modem
> (because AFAICT, "authentication" on the cable network consists of
> having the right MAC address).
>
> And why again is it that nobody seems to make DOCSIS 3 internal cable
> modems?  Why do I have to have yet another AC→DC converter brick just to
> power a stupid external one?  I really can't see an internal cable modem
> requiring more power than, say, a video card or maybe a couple of
> standard Ethernet cards.
>
>        --- Mike
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110413/543a8f01/attachment-0001.html 


More information about the Ale mailing list