Login

shocky · 02-03-2015, 08:24 PM

hi guys been reading and searching since before xmas to find out iff there is a way to hide the diag version of haxorware?
iff there is could some kind person let me no because google is no help and searched here and other sites but nothing as came up, or am I just thinking that I need a original, say moto diag firmware and that wont be recognised?

**drewmerc** · (This post was last modified: 02-03-2015, 09:07 PM by drewmerc.)

some nifty hex editing but its the CM agent you'd be wanting to change, how much reversing do you want to do, but can the ctms see which cm agent is running is there an snmp query that can get this info, can they see the firmware size? could this be spoofed
so many questions and no good answers well not without going blind

Bruiser · 03-03-2015, 03:23 AM

I don't know if anyone cares whether you are running standard firmware or Haxorware.
I subbed a SB5101 on TWC for a year, they didn't bat an eye about it.
One guy who worked at a cable operator told me that is all very complicated for them to find out, so many nodes, so many customers, so much traffic, it's not really worth their while on the tech side to even try to find out.

Even something as elementary seeming as the same MAC on multiple nodes is too complicated for them.

Does anyone have evidence that any cable operator cares anymore? Or has the expertise to find out, or even finds it worth the effort at all?

AFAIK if you run diag firmware on a sub you will have no trouble, and I did it.

neo_ · (This post was last modified: 03-03-2015, 04:50 AM by neo_.)

(03-03-2015, 03:23 AM)Bruiser Wrote: I don't know if anyone cares whether you are running standard firmware or Haxorware.

I more or less agree with you. But, some ISPs may check some may not. It may also be node dependent. It never hurts to be as stealth as possible. It's better to be proactive rather then retroactive.

Bruiser · 03-03-2015, 05:38 AM

(03-03-2015, 04:42 AM)neo_ Wrote:
(03-03-2015, 03:23 AM)Bruiser Wrote: I don't know if anyone cares whether you are running standard firmware or Haxorware.

I more or less agree with you. But, some ISPs may check some may not. It may also be node dependent. It never hurts to be as stealth as possible. It's better to be proactive rather then retroactive.

Not sure that matters at all. You bought a used modem. Big deal. I am not paranoid.

neo_ · 03-03-2015, 06:17 AM

(03-03-2015, 05:38 AM)Bruiser Wrote: Not sure that matters at all. You bought a used modem. Big deal. I am not paranoid.

It has nothing with being paranoid. It has everything to do with the ISPs System Engineer catching irregularities & upping the security. With you being the direct causation to ruin everyone's fun.

But if you are too naive to have the sense in said realization your ignorance will prevail.

Bruiser · 03-03-2015, 05:48 PM

Like I said, the guy I talked to worked there, he said that was so complicated.
You really think they are going to use special system security because they saw a modem with Haxorware on it online?
Aw, c'mon! That's paranoia.

I think they up the security when their CMTS and database software vendor supports it.
Not until then, and nowadays they just push out the updates as they become available, like every other business.

southernyankey1970 · 04-03-2015, 05:59 AM

Don't go around thinking that your modded cm is "invisible"...

Do this, cruise on over to Cisco.com and peruse the Cable modem commands list in IOS and then tell me that being a little paranoid is crazy. Look at some of the real security features that are available from the headend...

neo_ · 04-03-2015, 11:08 AM

(03-03-2015, 05:48 PM)Bruiser Wrote: Like I said, the guy I talked to

This is where you lost all credibility.

bakageta · 04-03-2015, 09:56 PM

(03-03-2015, 06:17 AM)neo_ Wrote: It has nothing with being paranoid. It has everything to do with the ISPs System Engineer catching irregularities & upping the security. With you being the direct causation to ruin everyone's fun.

I have been this person at least 3 times, it's no fun. Don't be this person.

Nostalgia time. Some no-name ISP back 12+ years ago, back when we just abused firmware bugs (like tftp looking at the ethernet before the coax on a 4100). They offered 512kbit/128kbit, I played cautiously for several months, then being dumb and reckless I served up a 0/0 config and ran 10mbit up/down near-24/7 for a couple of months, all on my sub. They rolled out firmware updates almost immediately, I went back and forth with security and downgrading, a week later they'd push a firmware that fixed whatever bug I abused. I can't believe they never contacted me or pressed charges or something. I realized that I was personally causing a storm, and made my stealth much better.

A few years later, I got brazen again, and random engineer was very interested in me specifically. Abusing unsubbed modems and forced configs was the in thing, and some engineer narrowed it down to my node abusing it enough to stand out. They set my node and my node only to boot every unsubbed modem every 12 hours, and when that wasn't enough of a deterrent, every 10 minutes. Of my various tester friends around town, none of their nodes did the same.

It just takes one bored engineer to spot something and set out to fix it. However hard it is for you to test now, they can definitely make it much, MUCH harder.

Login
Username:
Password:	Lost Password?
	Remember me