security concerns with cable splitters

[vlape at me.com (Vincent Lape)]

Nathan,

in a former life i was a head-end engineer for COX out in VA. Basically the way the system works is the cable modem 
will signal over the wire to the CMTS. The CMTS will give said modem an IP query the billing system for a MAC match on 
an account, then a node match. (this prevents people from taking their cablemodems to a neighbors house a couple miles 
away and using the service). the modem will then query for a configuration package. The config file is sent via tftp to 
the modem based on the level of service subscribed. keep in mind all this is done unencrypted. If you were able to get 
the RF side of a DOCSIS modem to become promiscuous you could see all traffic on the cablemodem network for that node. 
It is in no way secure and really there is nothing you can do about it besides using secure protocols. 

now there are a couple other things to look at. If the splitter on the cablemodem was a single leg GZH splitter only 
one leg of that splitter could carry the signal for a cablemodem to obtain block sync. Another measure you could take 
is to request a hi-pas filter on the video side of the splitter. the hi-pas filter is something we used to keep the 
people who were going to compUSA and hacking cablemodems off the system. This filter (or trap) blocks the frequency 
range over the wire that the cablemodems use to communicate. 

Hope this helps. 

Vinny





On Thursday, April 02, 2009, at 02:42PM, "Nathan Sweaney" <NSweaney at tulsacash.com> wrote:
> I just received a question that I can't answer.  A customer has a cable
> internet service with COX that has only been used for internet.  The
> modem and all other networking equipment is locked away so that no one
> has access to it.  They've decided that they'd also like to have a TV in
> a public area for visitors to watch.  COX says to just add a splitter in
> front of the modem & run a cable to where they want it.  The crazy thing
> is that the customer actually considerd the security implications and
> asked ahead of time.  
>
> So my question is, if an intruder had uninhibited access to the coax
> that was split off upstream from the cable modem, is there anything they
> can do with it?  I've been told by COX that it won't interfere with the
> connection and that adding a second modem to the connection wouldn't
> work because it wouldn't be setup on their end.  However my bigger
> concern is the potential to intercept traffic.  
>
> I know from past experiences that if you plug your coax into your VCR or
> satellite the wrong way you can actually deliver content to your
> neighbors (or at least cause a lot of interference), so that suggests
> that the connection doesn't just flow one-way.  So can the
> coax-splitters determine which way traffic is supposed to be flowing?  
>
> I understand that even if it's "possible" it may not be easy or likely,
> but this network is used for processing credit cards so I want to make
> sure I have a complete answer.
>
> Any information or resources on this would be appreciated.
>
> Thanks
>
> - Nathan Sweaney