BandaAncha

  • 🔍 en 📰 artículos ⏎
  • 🔍 en 💬 foros ⏎
  • 🔍 en 👇 este 💬 foro ⏎
  • 🔍 en 👇 este 💬 tema ⏎
Regístrate Regístrate Identifícate Identifícate

R.I.P. Uncapping en Cádiz

Elektr0

3COM cuando pilla el archivo original de O*O
http://192.168.100.1/opconfig.html

Network Access Enabled
Maximum Downstream Data Rate 0.30 Mb/s
Maximum Upstream Data Rate 0.15 Mb/s
Maximum Upstream Channel Burst No Limit
Modem Capability Concatenation Disabled
Maximum Number Of CPEs 5
Configuration File cm_trescom_300_5_e.cm
Baseline Privacy Disabled
Registration Status Registration Complete

3COM cuando pilla el mismo archivo original de O*O mandado desde mi tftp server, osea uncapping.

http://192.168.100.1/opconfig.html

Network Access Enabled
Maximum Downstream Data Rate 0.30 Mb/s
Maximum Upstream Data Rate 0.15 Mb/s
Maximum Upstream Channel Burst No Limit
Modem Capability Concatenation Disabled
Maximum Number Of CPEs 5
Configuration File No Config File
Baseline Privacy Still unknown
Registration Status Not Synchronized

Zona Cádiz. La mierda nueva de CISCO (registration request) ya ha llegado!!!

Y lo peor de todo, que siendo España un pais tercermundista tanto en variedad de ISP's por ciudad, infraestructuras de redes de comunicacion y sobre todo, relacion calidad/precio de los servicios que ofertan, comparado con los yankies. Nos hayan metido esta mierda antes a nosotros que a los de USA y por lo tanto los foros de tcnISO no nos ayudan para nada.

Señores.... estamos a dos velas, la cosa ahora esta mas negra que nunca, poco a poco lo implantaran en las pocas ciudades en las que todavia es posible ese nuevo deporte nacional como es el UNCAPPING

Este tema está cerrado a nuevas respuestas. Abre un nuevo tema para retomar la conversación.
kmatxo

Pos eso, lo de ke lo implanten aki antes ke en ningun sitio es porke son unos rateros, kuando se den kuenta de ke no pueden luchar kontra el unkaping kizas nos dejen hacerlo libremente, siempre hay una manera.

Sin konexion no hay diversion :(

🗨️ 1
ulises

Asi por las buenas.Tienen derecho ha defenderse y ha poner todos los medios que tengan a su alcance para evitar que descapes el modem,como que veas canales de pago por la cara,sin que nadíe tenga derecho a criticar esta postura.

pianoman

Weno, yo ayer ya empecé por la pagina de cisco a recoger información sobre sus .cm's y sus archivos de configuración, etc, etc, etc...
Es mas, ahora en febrero empiezo un curso con ellos de 4 meses de duración. 8-)

🗨️ 1
Elektr0

(link roto)

Details

The two issues described in this document affect the proper operation of cable modem systems. One issue results from historical behavior of cable modems not manufactured by Cisco. The other issue results from a defect in Cisco IOS Software running on a cable modem termination system (CMTS) that allows a cable modem to operate with an invalid configuration.

When a cable modem in a customer premises environment (CPE) initializes, it obtains a configuration file from the service provider's network using the Trivial File Transfer Protocol (TFTP) via a coaxial cable connection to the service provider's network. Historically, cable modems from other, non-Cisco manufacturers allow the configuration information to be downloaded via the device's Ethernet interface. By running a TFTP server on a customer premises computer and setting that computer's IP address equal to the service provider's TFTP server, a different configuration file can be downloaded to such a cable modem from the customer premises network.

The industry-standard Data Over Cable Service Interface Specification (DOCSIS) for cable modem configuration information includes a Message Integrity Check (MIC) based on a Message Digest 5 (MD5) hash of the contents of the configuration. MD5 is a one-way (non-invertible) hash—meaning that the input cannot be recovered from the output—and the output is considered unique for a specific input. If the MIC is not correct, the cable modem registration process fails and it will not be allowed to come on line. Publicly available tools exist to create a DOCSIS-compliant configuration, including a valid MIC. The cable shared-secret command in Cisco IOS Software configures a password that is included in the MD5 hash that produces the MIC; without the password, it is computationally infeasible to produce the correct matching MIC, and the cable modem is prevented from registering with the service provider's network.

If the shared secret is configured identically on all of the systems within a service provider's network and TFTP spoofing is possible as shown above, then other valid configurations containing different parameters for the same service provider network can be interchanged and downloaded to a cable modem. The modem will be allowed to come on line because the shared secret is the same. In addition, while the MD5 hash is non-invertible, the shared secret to compute it can be recovered from the CMTS router configuration. It can be protected by using the "service password-encryption" command in Cisco IOS Software, but the command uses "mode 7" encryption, which is considered adequate only for basic protection from casual viewing.

A defect in Cisco IOS Software for the uBR7200 and uBR7100 series Universal Broadband Routers causes the MD5 test to be skipped if an MIC is not provided in the DOCSIS configuration file. A DOCSIS configuration can be modified with a hex editor to truncate the file just before the MIC and adjust other fields to produce an invalid configuration file that will be accepted by the cable modem and the CMTS. When the cable modem attempts to register, a vulnerable CMTS fails to challenge the missing MIC and allows the cable modem to come on line. Using this vulnerability, the range of possible configurations is no longer restricted to a small alternative set for the same service provider; a completely custom configuration can be generated in which all of the options can be specified. This defect is documented as CSCdx72740, and details are available to registered users of the Cisco website.

The Cisco IOS Software configuration command cable tftp-enforce prohibits a cable modem from registering and coming on line if there is no matching TFTP traffic through the CMTS preceding the registration attempt. This feature has been introduced via CSCdx57688 and can be viewed by registered users of the Cisco website. This new command is available on the uBR10012 router as well as the uBR7200 and uBR7100 series.

Both the cable tftp-enforce command feature and the fix for the MD5 authentication bypass are necessary to properly mitigate these vulnerabilities, and Cisco is making fixed software available as shown below.

Some non-Cisco cable modems may be running older versions of software that save a local copy of the configuration information and use that cached copy at registration time instead of obtaining the actual file from a TFTP server. In addition to the possibility that the cable modem is not using the proper configuration information, the cable modem's user may be mistakenly accused of attempting theft of service.

Impact

These vulnerabilities can be exploited to commit theft of service. For example, an attacker could obtain a basic level of service from a service provider and then exploit these vulnerabilities to reconfigure the CPE cable modem to provide greater upstream and downstream data rates. Thus the attacker obtains premium service at a basic cost.

Removing limits on bandwidth could result in a denial of service or degradation of performance for other users of the same cable network segment.

Workarounds

There is no workaround for the MD5 bypass vulnerability. Customers are strongly encouraged to use the cable tftp-enforce command, deploy a shared-secret scheme and change the secret routinely, and monitor CMTS routers for evidence of tampering with bandwidth restrictions.

If the service provider has only one service profile, then the cable qos permission enforce command can be used to prevent cable modems from coming on line with a configuration containing any other service profile. This command is effective in all releases where it is supported.

The no cable qos permission modem command prevents a configuration with a new service profile from being created. This would restrict service theft to service profiles from known, pre-existing configuration files on the service provider's TFTP server, assuming the file names could be guessed and the server could be reached.

..........

Alex

En USA las conexiones mas cutres andan a 1 mb, la gente cuando uncapa lo pone a dos, vamos, dobla su velociad. (o lo pone a la velocidad que le sale de la...)

Aqui en España hay gente con 128kb a 1 mb o a 4mb. Eso se nota mas, bastante mas. Ya no es solo doblar tu velocidad, es cuadruplicarla...

🗨️ 1
NetVicious

i poke no se pue subi + pk si no los niñatos se pondrian mas aun