|
SNMP disabled on Docsis 3 Modems?
|
29-06-2013, 04:15 PM
(This post was last modified: 29-06-2013, 04:15 PM by modembricker.)
I was reading a blog on docsis.org that says snmp access is disabled on D3 modems, if this is true then that pretty much renders any Cert scanning program obsolete for D3 right? But how can that be if the CMTS needs to access D3 modems for troubleshooting purposes? Is it that the OID's are different?
http://docsis.org/node/1164 
this not means is disabled
is enabled for valid credentials so this is normall and d3 will repply on snmp but if your isp puts in config ip access restrictions like mine it will repply only to those ip restricted in configs also there some enterprises oids and if they are written to the config you can controll some snmp things using them directly like http login/pass etc and also there must be a factory motorola password encrypted inside modem firmware isp knows those strings and pool modem sw update using them so those password do not have any restrictions looks like... for example inside the config of modem: if there is ip 0.0.0.0 + community string this means you and isp or anybody can walk this modem when it goes online but if you have 10.0.0.0 and tftp ip + tod ip or others this means you cannot walk this modem never ! and only those ips assigned in config have access to manipulation with that pass when modem start it loads config file configuration to ram and repply only to its configuration i tested this myself i put 2 modems on tap with edited configs they repply when i removed restricted ip from their configs theres a many diffrent stories on boards like private isp pass etc and others thing but i believe all answers for us should be inside the modem firmware i added a part of my config photo - look on it and try understand why snmp not working... 172.16.184.146 - tftp server ip 172.16.184.164 - TOD ip 10.0.0.0 - BAC ip broadband access center wheres the isp keept all cable modems database and theres some other ip from locall pool this is just a part of access restrictions ! second thing is that cmts operator maybe do not have valid credentials for d3 like its private pass for update images etc... ----> this could happen too and thats why they can pool only d1 modems as well but even if all of this shit will working nevermind bad times comming for many isp users like co-signed cvc image even if this security can be broken this needs to take full dump of victim modem using jtag for future manipulation so certs scanning will give nothing for them... i remember before 4 years ago my isp was implemented dynamic configs at this time nobody in america hear about that but after few years realised that kind of security i think 80% of isp use it now... so i think the co signed cvc shit will comming with same way to all isp over the world soon 
29-06-2013, 05:55 PM
Thank You for that very informative reply Slave.
|
|
« Next Oldest | Next Newest »
|
