Login

Radiotubes · 24-11-2011, 03:03 AM

I was screwing around today with "nmap" port scanning tool. I was scanning port 162 on coax side IP addresses such as 10.11.22.1 ~> 10.11.22.254

Code:
bash-4.1#nmap 10.11.22.1-254 -p162 -sU --open

.
I got quite a few hits in the range:
.

Code:
Nmap scan report for 10.11.22.34

Host is up (0.65s latency).

PORT    STATE         SERVICE

162/udp open|filtered snmptrap

.
.
Next I ran snmpwalk on a few of the IP's to see if any of them responded. A couple of them did! The ones that didn't were usually Motorola or Scientific modems (I checked with a web browser)
.

Code:
bash-4.1 snmpwalk -v2c -c public 10.11.22.34:162 1.3.1

.
I also tried port 161 on a few of the Motorola modems....no luck. The modems that responded were Toshiba.
.

Code:
SNMPv2-SMI::mib-2.47.1.1.1.1.10.1 = STRING: "3.0.14"

SNMPv2-SMI::mib-2.47.1.1.1.1.11.1 = STRING: "2411533960"

SNMPv2-SMI::mib-2.47.1.1.1.1.12.1 = STRING: "Toshiba Corporation"

SNMPv2-SMI::mib-2.47.1.1.1.1.13.1 = STRING: "PCX2600"

.
So it appears that not all modems are immune (but most) to snmp in this area. BTW, the Toshiba modems haven't had a firmware update since 2005. Well, that was fun.

**drewmerc** · 24-11-2011, 01:18 PM

what happens when you use the private community string and not public (i have no idea what i'm talking about)

Bruiser · (This post was last modified: 24-11-2011, 07:31 PM by Bruiser.)

(24-11-2011, 01:18 PM)drewmerc Wrote: what happens when you use the private community string and not public (i have no idea what i'm talking about)

For TWC Socal you could try an SNMP Community String like Swou9riu for example.

It would be interesting to hear what happens if you do that.

Ah heck.
Here's some more I found. Just so they are all archived here.

BH01T1P4A0C4FL: central fl/tampa [cfl.rr.com, tampa.rr.com]
84ish3r3t0d4y: north east ohio [neo.rr.com]
0ri8Spoa: Desert Cities CA
s3uw4d: north/south carolina [nc.rr.com, sc.rr.com]
Sh13ld3d: texas [dtw.rr.com]
Sh13ld3d: texas [tx.rr.com]
f1gn3wt0n: [buffalo.res.rr.com]
Swou9riu: southern ca [socal.rr.com]
FUA6aW1o: west.biz.rr.com aka wi/ centeral
Kj60ZBif : west.biz.rr.com aka wi / centeral
RR_nycmny_nyc_m0d3m5 : nyc
RR_nycmny_hvc_m0d3m5 : Callicoon NY Upstate
m1k3r0ph0n3 : nyroc.rr.com
t0m4h4wk: Maine
bigmac : Maine
yZaK4E8l: almost all

Bruiser · 24-11-2011, 07:46 PM

OK, so I scanned some ranges with SNMPCfgAdmin, I got hundreds of responses.

So now I have a list of CFG files and IPs.

What can be done with this information? Is there a way to get the nonvol out of at least some of those CM units from the internet?

ADDlCTlON · (This post was last modified: 25-11-2011, 04:26 AM by ADDlCTlON.)

like i stated in a previous thread any certs you do get will be corrupt and wont the macs wont match the certs, twc has done something that prevents successfully scanning for certs. yea you will def get a few hits but the macs wont match the certs and the certs will be corrupt. here is what a scanned cert looks like and what happens when you try to open it.
[Image: 1212240c988f.jpg]

i got this from a friend out in LA area twc/rr

the only way to get certs is from legit modems, and getting your hands on them is easier then you think

Bruiser · 25-11-2011, 07:26 AM

How did you get that page?

Uh, does that only happen if you scan from a twc connection? I can use an outside connection. Wonder if that makes a difference.

What could TWC have done that would screw up a connection from you to the target node? Nothing, I think. They are just not that powerful.

ADDlCTlON · 25-11-2011, 07:58 AM

(25-11-2011, 07:26 AM)Bruiser Wrote: They are just not that powerful.

u have no clue what ur talking about, no disrespect.

Bruiser · (This post was last modified: 25-11-2011, 05:20 PM by Bruiser.)

(25-11-2011, 07:58 AM)ADDlCTlON Wrote:
(25-11-2011, 07:26 AM)Bruiser Wrote: They are just not that powerful.

u have no clue what ur talking about, no disrespect.

They use those certs and mac themselves with the same RFC based method we use, pretty much if they were screwed up they couldn't use them either.

I just don't buy mysterious powers that No-One Has but somehow TWC has them.

You gonna answer my question? What did you use to determine that, what produced that page you posted the screenshot of? Cause I'll try it here and see if I get the same results.

ADDlCTlON · 25-11-2011, 05:25 PM

you wont get any viable results. lol you dont get it. that random string of numbers is a serial(which is the modems serial and should be the modems hfc mac) and the macs dont match.

dont underestimate time warner. If you knew what you were talking about you would be not be asking for my help. lol

Radiotubes · (This post was last modified: 25-11-2011, 10:41 PM by Radiotubes.)

(24-11-2011, 01:18 PM)drewmerc Wrote: what happens when you use the private community string and not public (i have no idea what i'm talking about)

I have no idea either what I'm talking about or doing. I just like mashin' on them finger-buttons and seein' what comes up. One day I'll figure out what my private community string actually is and report back. Shame on the hijackers.

oh, "don't underestimate the power of the force"

Login
Username:
Password:	Lost Password?
	Remember me