+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7)
+--- Thread: SNMP disabled on Docsis 3 Modems? (/showthread.php?tid=2624)
SNMP disabled on Docsis 3 Modems? - modembricker - 29-06-2013
I was reading a blog on docsis.org that says snmp access is disabled on D3 modems, if this is true then that pretty much renders any Cert scanning program obsolete for D3 right? But how can that be if the CMTS needs to access D3 modems for troubleshooting purposes? Is it that the OID's are different?
http://docsis.org/node/1164
RE: SNMP disabled on Docsis 3 Modems? - slave - 29-06-2013
this not means is disabled
is enabled for valid credentials
so this is normall and d3 will repply on snmp
but if your isp puts in config ip access restrictions like mine it will repply only to those ip restricted in configs
also there some enterprises oids and if they are written to the config you can controll some snmp things using them directly like http login/pass etc
and also there must be a factory motorola password encrypted inside modem firmware
isp knows those strings and pool modem sw update using them
so those password do not have any restrictions looks like...
for example inside the config of modem:
if there is ip 0.0.0.0 + community string this means you and isp or anybody can walk this modem when it goes online
but if you have 10.0.0.0 and tftp ip + tod ip or others
this means you cannot walk this modem never ! and only those ips assigned in config have access to manipulation with that pass
when modem start it loads config file configuration to ram and repply only to its configuration i tested this myself
i put 2 modems on tap with edited configs they repply when i removed restricted ip from their configs
theres a many diffrent stories on boards like private isp pass etc and others thing but i believe all answers for us should be inside the modem firmware
i added a part of my config photo - look on it and try understand why snmp not working...
172.16.184.146 - tftp server ip
172.16.184.164 - TOD ip
10.0.0.0 - BAC ip broadband access center wheres the isp keept all cable modems database
and theres some other ip from locall pool
this is just a part of access restrictions !
second thing is that cmts operator maybe do not have valid credentials for d3 like its private pass for update images etc... ----> this could happen too
and thats why they can pool only d1 modems as well
but even if all of this shit will working nevermind bad times comming for many isp users like co-signed cvc image even if this security can be broken
this needs to take full dump of victim modem using jtag for future manipulation so certs scanning will give nothing for them...
i remember before 4 years ago my isp was implemented dynamic configs at this time nobody in america hear about that
but after few years realised that kind of security i think 80% of isp use it now... so i think the co signed cvc shit will comming with same way to all isp over the world soon
RE: SNMP disabled on Docsis 3 Modems? - modembricker - 29-06-2013
Thank You for that very informative reply Slave.