Re: Over 135 million modems vulnerable to denial-of-service flaw

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View

Quoted text here. Click to load it

That zdnet article is erroneous and inaccurate.

Resetting those cable modems does nothing but cause them to  
reboot and reload a config file.

BUT, an attacker has to be ON a PRIVATE RFC 1918 network,  
inaccessible from the Internet in ALL cases.

They would also have to connect to each modem in order to  
accomplish said feat.  It would take a very long time to scan  
the entire address space and find any modems in it.

Article grade, D--.


Re: Over 135 million modems vulnerable to denial-of-service flaw
Quoted text here. Click to load it

  According to your critique, Article grade, F-.


Re: Over 135 million modems vulnerable to denial-of-service flaw
On Mon, 11 Apr 2016 12:10:23 +0200 (CEST), Anonymous Remailer (austria) wrote:
Quoted text here. Click to load it


But if that config file contents were reset to factory defaults it
might not connect to the ISP provider.

Quoted text here. Click to load it

But you do not understand the exploit. As far as the modem is
concerned it saw the reset from the user on the LAN.

Quoted text here. Click to load it

They don't have to. The user gets it when looking at an infected web page.
As the article indicated it is a LAN side exploit.

Quoted text here. Click to load it

Just how many users do you think get into their modem and change the
LAN gateway address.

The address and web page is hard coded for that modem. See  
http://192.168.100.1/cmConfigData.htm?BUTTON_INPUT1=Reset+All+Defaults


Re: Over 135 million modems vulnerable to denial-of-service flaw
Quoted text here. Click to load it

A user can reset the modem and erase every setting in it a  
thousand times a day, matters naught.  It will resume correct  
operation every single time when it gets an IP address assigned  
to it and the bootp config file is delivered.  A user cannot  
reset the contents of the modem bootp config file provided by  
the provider DHCP server.  Every type of modem has a specfic  
bootp config file.

Quoted text here. Click to load it

What exploit?  It's not an "exploit".  It was intentionally  
designed that way.

Quoted text here. Click to load it

Yeah...?  And you're going to get all the existing SB6141 modem  
owners to access that webpage how?

Quoted text here. Click to load it

Therefore impossible to execute directly from the WAN side.

Quoted text here. Click to load it

None, because they can't change it.

Quoted text here. Click to load it

Irrelevant since the modem is bridging a public address and  
gateway to whatever is connected on the other side of it in the  
LAN anyway.


Site Timeline