Beruflich Dokumente
Kultur Dokumente
Agenda DOCSIS Provisioning Piracy Attacks and Solutions CPE Related Security
DOCSIS Provisioning
DOCSIS Provisioning
Standards Based
- DHCP, ToD, TFTP
Distributed Architecture
- DHCP Server has all the customer data - CMTS and CMs just policy enforcers - CMs are untrusted elements
DOCSIS Piracy
Mostly Based on Hacked Firmware of Cablemodems. Need to be mitigated by a battery of counter measures.
- Network Based - CMTS Based - Provisioning System Based
DOCSIS Piracy
DOCSIS Piracy
DHCP Offer Src: 10.0.0.1 Dst: 10.0.0.254 TFTP S: 10.0.0.2 TFTP F: silver.bin
HFC Network
172.16.0.1
Cablemodem
MAC: 00:00:DE:AD:BE:EF
10.0.0.254
CMTS
Provisioning System
10.0.0.2
10.0.0.254
172.16.0.1
CMTS
Src: 192.168.100.10 Dst: 192.168.100.1 FILE: hacked.bin
Provisioning System
HFC Network
HFC Network
10.0.0.254 172.16.0.1 200.0.0.1
Src: 200.0.0.10 Dst: 10.0.0.2 FILE: gold.bin
CMTS
Provisioning System
DHCP Offer Src: 10.0.0.1 Dst: 10.0.0.254 TFTP S: 10.0.0.2 TFTP F: silver.bin
HFC Network
172.16.0.1
Cablemodem
MAC: 00:00:DE:AD:BE:EF
10.0.0.254
CMTS
Provisioning System
10.0.0.2
10.0.0.254
172.16.0.1
CMTS
Src: 192.168.100.10 Dst: 192.168.100.1 FILE: gold.bin
Provisioning System
HFC Network
DHCP Offer Src: 10.0.0.1 Dst: 10.0.0.254 Yiaddr:172.16.0.10 TFTP S: 10.0.0.2 TFTP F: silver.bin
HFC Network
172.16.0.1
Cablemodem
MAC: 00:00:DE:AD:BE:EF
10.0.0.254
CMTS
CMTS TFTP Client Table CM 172.16.0.11 172.16.0.10 TFTP S 10.0.0.2 10.0.0.2 TFTP File gold.bin silver.bin
Provisioning System
10.0.0.1
HFC Network
10.0.0.254 172.16.0.1
Cablemodem
MAC: 00:00:DE:AD:BE:EF IP: 172.16.0.10
CMTS
CMTS TFTP Client Table CM 172.16.0.11 172.16.0.10 TFTP S 10.0.0.2 10.0.0.2 TFTP File gold.bin silver.bin
Provisioning System
10.0.0.1
HFC Network
10.0.0.254 172.16.0.1
Cablemodem
MAC: 00:00:DE:AD:BE:EF IP: 172.16.0.10
CMTS
CMTS TFTP Client Table CM 172.16.0.11 172.16.0.10 TFTP S 10.0.0.2 10.0.0.2 TFTP File Dynamic MIC gold.bin 0x12dce5f5430 silver.bin 0x524c45f5879
Provisioning System
HFC Network
10.0.0.254 172.16.0.1
Cablemodem
MAC: 00:00:DE:AD:BE:EF IP: 172.16.0.10
CMTS
CMTS TFTP Client Table CM TFTP S TFTP File Dynamic MIC gold.bin silver.bin 0x12dce5f5430 0x524c45f5879 10.0.0.2 00:00:DE:AD:00:00 00:00:DE:AD:BE:EF 10.0.0.2
Provisioning System
Customer Security
CMTS Packet Filters Source Verify (Source Address Verification) DHCP Option 82.1 and 82.2 relaying Protocol Throttling (DHCP and ARP) DHCP Server CPE Lease Logging
HFC Network
Cablemodem
10.0.0.254
172.16.0.1 200.0.0.1
CMTS
CPE MAC
Provisioning System
10.0.0.1
HFC Network
Cablemodem
10.0.0.254
172.16.0.1 200.0.0.1
CMTS
CPE MAC
Provisioning System
DHCP - Discover
HFC Network
Cablemodem
10.0.0.254
172.16.0.1 200.0.0.1
CMTS
Provisioning System
Questions?
Thanks!