Re: KSR[T] Advisories #012: Hybrid Network's Cable Modems

[sinster () BALLTECH NET (Jon Paul, Nollmann)]

Sorry, but I missed the first post.

I tried out all three clients, and they all work against Hybrid radio
networking modems.  These are used by a number of radio network
providers, who provide long-haul (20km+) high speed (1Mbps) radio
service.  The specific one I'm using is the CCM-231 (if you read the
case) or the CCM-311 (if you use the "version" HSMP command).  NOS
version 70471.

At this point, I'd assume that the exploit applies to all of Hybrid's
product line.

My provider spoke with Hybrid this morning, and apparently Hybrid has
a patch for the problem that fixes it in some unspecified way.  According
to my provider, Hybrid merely said that "only people you allow will be
able to configure the modems" but that they made clear that remote
configuration was still enabled.  Maybe they'll use a password (easily
sniffable).  I think it's more likely at this point that Hybrid will
merely check the source address (!) of the packets, and compare those
addresses with a table configured by the provider.

I'd like to believe that Hybrid will fix this in a sane way, but since
they're remaining hush-hush about the fix, I think the chances of that
are very slim.

--
Jon Paul Nollmann ne' Darren Senn                      sinster () balltech net
Unsolicited commercial email will be archived at $1/byte/day.
Dis.Org's propensity for casual violence is little different from that of
any street gang.                                             Carolyn Meinel


--
Jon Paul Nollmann ne' Darren Senn                      sinster () balltech net
Unsolicited commercial email will be archived at $1/byte/day.
"Tis better to remain silent and be thought a fool, than to speak up and
remove all doubt."                                        Benjamin Franklin