note : This text just about a research and educational puposes only, there is nothing illegal in here
I'm using cable modem with 128K for a long time, I'm using it with my laptop and desktop computer. I'm not using internet connection sharing I'm switched cables manually when I need to change cable modem between computers.
Anyway;
3 days ago I change my desktop computer's Win2003 Server to WinXP (by tweaknt - google it for more), Also I installed and played with some apps (Virtual CD, Ciscp VPN, style XP, Kerio Firewall). I shut down it and sleep.
Next morning I opened my computer I started to download a file and I SHOCKED ! with Flashget I was downloading 110KB/s ! This is my cable service provider max. bandwith.
I switched cable to my notebook and it's still downloading in 15Kb/s, Hmm...
I switched it my desktop again, it's fine still in 110KB/s
Also in this time I resetted cable modem several times (6-8) and it doesn't change my bandwith I still have 1MBit connection.
After reboot I see that my connection is 126K again, fu*k, wuuaaaa!
I tried to reproduce the situation but I couldn't connect with 1Mbit again.
Some facts about this issue;
- Bandwith was real because I downloaded several applications and large files from several resources
- It's not related Cable modem or Cable
- It's not a company fault or bug for a limited time
- It's must be directly related with Software and Configuration
- I can not reproduce situtaion
- I lost the magic after reboot
- I got a full registry export of system
Now any idea about this ? Also any well known uncap software that can reproduce this ?
Also I know that from my previous researches, my cable modem can not uncap by classical 2600 magazine uncap style, Because of new docsis thing
Thanks ;
BTW my modem is Askey
hxxp://www.askey.com/eportal/globalweb/browseCatDispatcher.jsp?catOid=-94&menuCatOid=-91
Full Version: The Cable Modem Uncap Mystery !
THe uncap software available usually works well with the Motorola cable modems, and a couple more which i forgot. the software isn't too hard to find, but first find out what type of cable modem you have. You can probably find it in any irc bot seach engine, like ircspy.com or packetnews.com, and even any p2p like overnet, edonkey and if you trust kazaa than that.
one last thing. uncapping is pretty dangerous with isps nowadays.. some may banm you from their network, and there are consequences of course. Just wanted to point that out.
one last thing. uncapping is pretty dangerous with isps nowadays.. some may banm you from their network, and there are consequences of course. Just wanted to point that out.
Any links, as I have searched 4 this..
| QUOTE |
| one last thing. uncapping is pretty dangerous with isps nowadays.. some may banm you from their network, and there are consequences of course. Just wanted to point that out. |
actualy, he is sooo right! I did some technical helpdesk for a major provider, if you uncap your cable-modem, they will know about it in just a few ours (and yes, they will cut you off (no second chance))
are you sure you didn't mix bit and byte up? since 1Mbit is128kbyte...
| QUOTE (bonarez @ Apr 30 2004, 09:15 AM) | ||
actualy, he is sooo right! I did some technical helpdesk for a major provider, if you uncap your cable-modem, they will know about it in just a few ours (and yes, they will cut you off (no second chance)) |
| QUOTE |
| one last thing. uncapping is pretty dangerous with isps nowadays.. some may banm you from their network, and there are consequences of course. Just wanted to point that out. |
I'm sure about this and as I told before it's a research I'm just curious about this.
| QUOTE |
| are you sure you didn't mix bit and byte up? since 1Mbit is128kbyte... |
Yes you're right
well if you really want to know:
here's a tut for the doscis compliant modems (don't know if they work with eurodocsis to)
http://www.netwide.net/users/CableGuy/Howt...CableModems.htm
and here's a motorola surfboard approach
http://www.opticwind.com/surfboard/
it all depends on your modem, not all tools will be compliant, but most of them work like the way described in both links..
here's a tut for the doscis compliant modems (don't know if they work with eurodocsis to)
http://www.netwide.net/users/CableGuy/Howt...CableModems.htm
and here's a motorola surfboard approach
http://www.opticwind.com/surfboard/
it all depends on your modem, not all tools will be compliant, but most of them work like the way described in both links..
has anyone had success uncapping an RCA modem?
| QUOTE (ssj4conejo @ Apr 29 2004, 01:23 PM) |
| THe uncap software available usually works well with the Motorola cable modems, and a couple more which i forgot. the software isn't too hard to find, but first find out what type of cable modem you have. You can probably find it in any irc bot seach engine, like ircspy.com or packetnews.com, and even any p2p like overnet, edonkey and if you trust kazaa than that. one last thing. uncapping is pretty dangerous with isps nowadays.. some may banm you from their network, and there are consequences of course. Just wanted to point that out. |
Yes, that is correct. Uncapping is very dangerous. Espcially with the implamentation of the DOCSIS standard now.. I believe 1.0, 1.1, and 2.0. I always thought it was nearly impossible to uncap a cable modem that was docsis compliant with your ISP. Though one of those links suggest otherwise. Please also remember that most of the time that cable modem is RENTED from your ISP. Any changes made to that modem in any kind of modification in some states can be in result as a criminal offense along with being caught uncapping. The Motorola Surfboard series specifically, the 4100's, and maybe the 4200's is uncappable mostly by Optonline networks. On top of the links provided are some of mine that explain the infrastructure.
http://computer.howstuffworks.com/cable-modem9.htm
http://www.cablelabs.com/news/newsletter/S.../leadstory.html
In the ever increase of "digital" cable. Smart boxes are put in place. Just as your box on top of a television set helps you get the channels basic cable does not provide (digital). Say for instance any movies you order is streamed to you. Any obstruction in the communication between the box outside and the box inside well be red flagged by the ISP/CATVP and then a tech comes out to inspect it.
Same case with cable modems now a days. Not only is the MAC address a big filter, but so is the config files in your modem now must sync with the ISP's config. No sync, no surf. If you truely think it's a configuration issue, I doubt uncapping is a suggestion. Try these places first.
http://speedguide.net
Also google QoS and you should probably come up with numerous sites. You might have QoS and several other protocols installed that are unecessary. Make sure your ICF (by default on) is off.
anyone hear about this for westell modems?
Any links, as I have searched 4 this..
Is there a way to uncap ADSL modem??
It's illegal rite?
and what's the diff between ADSL, DSL, Cable ........
speed?
It's illegal rite?
and what's the diff between ADSL, DSL, Cable ........
speed?
dosent your isp configure your connection speed, my freind just got utdate from 760kbps to 1mbps without any new modem (adsl), i think the isp can configure your connection speed somehow, is there any member at this forum who work at an ISP that knowes this?
if you're in UK on NTL or Telewest there is a very effective method...MAC cloning!
you need a friend with a cable modem who lives a few miles away (and will be on different subnet to u).
At his house you can use special software to sniff for other mac addresses on the cable LAN, so you could say sniff a few addresses... (make sure they are 1mbit accounts)
then back at your home (which isnt on the same cable LAN subnet) you reprogramme the 3 cable modem boxes you bought off ebay with the sniffed MAC addresses, split the cable and plug them in...
at this point you will have 3mbit cable modem bandwidth for free...it is also 100% untraceable PROVIDED!!!! ...THIS IS IMPORTANT... you NEVER USE YOUR EMAIL ACCOUNT FROM NTL / TELEWEST ON THESE STOLEN MAC ADDRESSES.
if anyone's interested i can post a detailed guide on how this is done.
finally, i have not tried this, but i know ppl who have in xs of 10 boxes on one cable... who dont even pay for a single modem subscription (which is safer as the cable firm dont even know your name).
you need a friend with a cable modem who lives a few miles away (and will be on different subnet to u).
At his house you can use special software to sniff for other mac addresses on the cable LAN, so you could say sniff a few addresses... (make sure they are 1mbit accounts)
then back at your home (which isnt on the same cable LAN subnet) you reprogramme the 3 cable modem boxes you bought off ebay with the sniffed MAC addresses, split the cable and plug them in...
at this point you will have 3mbit cable modem bandwidth for free...it is also 100% untraceable PROVIDED!!!! ...THIS IS IMPORTANT... you NEVER USE YOUR EMAIL ACCOUNT FROM NTL / TELEWEST ON THESE STOLEN MAC ADDRESSES.
if anyone's interested i can post a detailed guide on how this is done.
finally, i have not tried this, but i know ppl who have in xs of 10 boxes on one cable... who dont even pay for a single modem subscription (which is safer as the cable firm dont even know your name).
i dont no if it's true but one guys make with his motorolla modem some modifications ( dont no what ) but after he have 30 mbits ( 1 before )
dream or reality if it's right it's nice
dream or reality if it's right it's nice
ok by popular request im posting a detailed guide on how to do this. ive excluded a piece of software called SolarWinds since GSO strictly forbids warez...im sure you are able to buy / steal this on your own 
enjoy!
enjoy!
15 downloads and not a whisper of feedback lol...to the ppl who messaged me asking for this...was it useful!!
| QUOTE (tibbar @ Sep 27 2004, 06:18 PM) |
| 15 downloads and not a whisper of feedback lol...to the ppl who messaged me asking for this...was it useful!! |
Thank you tibbar, I just missed the thread I've just seen your attachment.
Great collection, keep it, I'm going to explore docs and apps
Hey Guys,
I'm a Router Engineer for a Lager ISP in the USA and I control about 30,000 Cable Modem accounts. To uncap is not a smart idea and will get you banned but to explain some of the Tech behind how it works. When you plug the modem into the cable plant it dose a ranging to the CMTS (CMTS= cable modem router) Once you cable modem finds the right channel to communicate on it then asked for a DHCP or Stoic address (This address in a WAN address and you do not see this kind of address it's for the communication between the modem and router). After you get the wan address you then poll the TFTP server for a Config file. The Config file will detect what DOCSIS lever you are and require 1.0 1.1 2.0. After the DOCSIS lever is figured out then you get a filter and QOS file. This is the CAP part. Now remember that all this is done passing though the router and is normally encrypted with BPI or DES encryption. Also the router will poll the modem with an SNMP message and your Config file will need to have the correct SNMP string to reply or the modems MAC will be black listed. Now not all systems work the same and this is just how my system works with our Cisco CMTS's. So basically to uncap a Modem on my system you would need to Spoof the TFTP server to get a custom Config file for the modem and then you would also have to understand how the Config file is setup and have the correct SNMP string. BTW you have only one shot to try this. If we catch uncapping it's an instant Disconcert and also against the LAW. It's called theft of service and we log all cable modem MAC that try this stuff. In the future ISP will share the MAC lists of know uncapped to prevent theft. So I warn you because if you try this because it would suck to be disconnected from the net. I hope this info helps and if you do decide to try this crap at least get a modem off of e-bay and open a bogus account with the ISP so not to lose your personal service.
Slimjim100
I'm a Router Engineer for a Lager ISP in the USA and I control about 30,000 Cable Modem accounts. To uncap is not a smart idea and will get you banned but to explain some of the Tech behind how it works. When you plug the modem into the cable plant it dose a ranging to the CMTS (CMTS= cable modem router) Once you cable modem finds the right channel to communicate on it then asked for a DHCP or Stoic address (This address in a WAN address and you do not see this kind of address it's for the communication between the modem and router). After you get the wan address you then poll the TFTP server for a Config file. The Config file will detect what DOCSIS lever you are and require 1.0 1.1 2.0. After the DOCSIS lever is figured out then you get a filter and QOS file. This is the CAP part. Now remember that all this is done passing though the router and is normally encrypted with BPI or DES encryption. Also the router will poll the modem with an SNMP message and your Config file will need to have the correct SNMP string to reply or the modems MAC will be black listed. Now not all systems work the same and this is just how my system works with our Cisco CMTS's. So basically to uncap a Modem on my system you would need to Spoof the TFTP server to get a custom Config file for the modem and then you would also have to understand how the Config file is setup and have the correct SNMP string. BTW you have only one shot to try this. If we catch uncapping it's an instant Disconcert and also against the LAW. It's called theft of service and we log all cable modem MAC that try this stuff. In the future ISP will share the MAC lists of know uncapped to prevent theft. So I warn you because if you try this because it would suck to be disconnected from the net. I hope this info helps and if you do decide to try this crap at least get a modem off of e-bay and open a bogus account with the ISP so not to lose your personal service.
Slimjim100
QUOTE(slimjim100 @ Oct 15 2004, 01:13 PM)
Hey Guys,
I'm a Router Engineer for a Lager ISP in the USA and I control about 30,000 Cable Modem accounts. To uncap is not a smart idea and will get you banned but to explain some of the Tech behind how it works. When you plug the modem into the cable plant it dose a ranging to the CMTS (CMTS= cable modem router) Once you cable modem finds the right channel to communicate on it then asked for a DHCP or Stoic address (This address in a WAN address and you do not see this kind of address it's for the communication between the modem and router). After you get the wan address you then poll the TFTP server for a Config file. The Config file will detect what DOCSIS lever you are and require 1.0 1.1 2.0. After the DOCSIS lever is figured out then you get a filter and QOS file. This is the CAP part. Now remember that all this is done passing though the router and is normally encrypted with BPI or DES encryption. Also the router will poll the modem with an SNMP message and your Config file will need to have the correct SNMP string to reply or the modems MAC will be black listed. Now not all systems work the same and this is just how my system works with our Cisco CMTS's. So basically to uncap a Modem on my system you would need to Spoof the TFTP server to get a custom Config file for the modem and then you would also have to understand how the Config file is setup and have the correct SNMP string. BTW you have only one shot to try this. If we catch uncapping it's an instant Disconcert and also against the LAW. It's called theft of service and we log all cable modem MAC that try this stuff. In the future ISP will share the MAC lists of know uncapped to prevent theft. So I warn you because if you try this because it would suck to be disconnected from the net. I hope this info helps and if you do decide to try this crap at least get a modem off of e-bay and open a bogus account with the ISP so not to lose your personal service.
Slimjim100
I'm a Router Engineer for a Lager ISP in the USA and I control about 30,000 Cable Modem accounts. To uncap is not a smart idea and will get you banned but to explain some of the Tech behind how it works. When you plug the modem into the cable plant it dose a ranging to the CMTS (CMTS= cable modem router) Once you cable modem finds the right channel to communicate on it then asked for a DHCP or Stoic address (This address in a WAN address and you do not see this kind of address it's for the communication between the modem and router). After you get the wan address you then poll the TFTP server for a Config file. The Config file will detect what DOCSIS lever you are and require 1.0 1.1 2.0. After the DOCSIS lever is figured out then you get a filter and QOS file. This is the CAP part. Now remember that all this is done passing though the router and is normally encrypted with BPI or DES encryption. Also the router will poll the modem with an SNMP message and your Config file will need to have the correct SNMP string to reply or the modems MAC will be black listed. Now not all systems work the same and this is just how my system works with our Cisco CMTS's. So basically to uncap a Modem on my system you would need to Spoof the TFTP server to get a custom Config file for the modem and then you would also have to understand how the Config file is setup and have the correct SNMP string. BTW you have only one shot to try this. If we catch uncapping it's an instant Disconcert and also against the LAW. It's called theft of service and we log all cable modem MAC that try this stuff. In the future ISP will share the MAC lists of know uncapped to prevent theft. So I warn you because if you try this because it would suck to be disconnected from the net. I hope this info helps and if you do decide to try this crap at least get a modem off of e-bay and open a bogus account with the ISP so not to lose your personal service.
Slimjim100
Good stuff !
Even if one of your customers did do everything correct the first time. How long would it take until the ISP (you guys) would see that there was a modem pulling major bandwidth ?
QUOTE(slimjim100 @ Oct 15 2004, 01:13 PM)
Hey Guys,
I'm a Router Engineer for a Lager ISP in the USA and I control about 30,000 Cable Modem accounts. To uncap is not a smart idea and will get you banned but to explain some of the Tech behind how it works. When you plug the modem into the cable plant it dose a ranging to the CMTS (CMTS= cable modem router) Once you cable modem finds the right channel to communicate on it then asked for a DHCP or Stoic address (This address in a WAN address and you do not see this kind of address it's for the communication between the modem and router). After you get the wan address you then poll the TFTP server for a Config file. The Config file will detect what DOCSIS lever you are and require 1.0 1.1 2.0. After the DOCSIS lever is figured out then you get a filter and QOS file. This is the CAP part. Now remember that all this is done passing though the router and is normally encrypted with BPI or DES encryption. Also the router will poll the modem with an SNMP message and your Config file will need to have the correct SNMP string to reply or the modems MAC will be black listed. Now not all systems work the same and this is just how my system works with our Cisco CMTS's. So basically to uncap a Modem on my system you would need to Spoof the TFTP server to get a custom Config file for the modem and then you would also have to understand how the Config file is setup and have the correct SNMP string. BTW you have only one shot to try this. If we catch uncapping it's an instant Disconcert and also against the LAW. It's called theft of service and we log all cable modem MAC that try this stuff. In the future ISP will share the MAC lists of know uncapped to prevent theft. So I warn you because if you try this because it would suck to be disconnected from the net. I hope this info helps and if you do decide to try this crap at least get a modem off of e-bay and open a bogus account with the ISP so not to lose your personal service.
Slimjim100
I'm a Router Engineer for a Lager ISP in the USA and I control about 30,000 Cable Modem accounts. To uncap is not a smart idea and will get you banned but to explain some of the Tech behind how it works. When you plug the modem into the cable plant it dose a ranging to the CMTS (CMTS= cable modem router) Once you cable modem finds the right channel to communicate on it then asked for a DHCP or Stoic address (This address in a WAN address and you do not see this kind of address it's for the communication between the modem and router). After you get the wan address you then poll the TFTP server for a Config file. The Config file will detect what DOCSIS lever you are and require 1.0 1.1 2.0. After the DOCSIS lever is figured out then you get a filter and QOS file. This is the CAP part. Now remember that all this is done passing though the router and is normally encrypted with BPI or DES encryption. Also the router will poll the modem with an SNMP message and your Config file will need to have the correct SNMP string to reply or the modems MAC will be black listed. Now not all systems work the same and this is just how my system works with our Cisco CMTS's. So basically to uncap a Modem on my system you would need to Spoof the TFTP server to get a custom Config file for the modem and then you would also have to understand how the Config file is setup and have the correct SNMP string. BTW you have only one shot to try this. If we catch uncapping it's an instant Disconcert and also against the LAW. It's called theft of service and we log all cable modem MAC that try this stuff. In the future ISP will share the MAC lists of know uncapped to prevent theft. So I warn you because if you try this because it would suck to be disconnected from the net. I hope this info helps and if you do decide to try this crap at least get a modem off of e-bay and open a bogus account with the ISP so not to lose your personal service.
Slimjim100
I uncapped my modem with the method this guy described... my isp caught it just like he said they would and I got a warning just like he said... long point short listen to the guy and don't try it if you want to keep your inet service
I have no intentions of trying it. I get good bandwidth and have known it to be risky business for quite sometime.
Im only asking how long it took until they caught on to you
Im only asking how long it took until they caught on to you
well i know several ppl who run 5 + cable modems from their flat all off a single cable line. this is using sniffed mac addresses from a nearby area that is running on a different subnet - see the zip i posted earlier on how this is done.
there is no way of tracking these ppl down, since they are not even customers of the isp. note that they are not uncapping, simply setting up multiple modems with sniffed mac addresses (gold accounts only so 1mbit per modem). it is possible to pool the bandwidth of several modems together giving you a nice fat pipe.
also note that since the mac addresses are sniffed, there is no way of tracing the location. e.g. if you scan a network and find a pc with ip address x.x.x.x you do not know it's physical location. the same logic applies to a cable network (which is simply a lan).
there is no way of tracking these ppl down, since they are not even customers of the isp. note that they are not uncapping, simply setting up multiple modems with sniffed mac addresses (gold accounts only so 1mbit per modem). it is possible to pool the bandwidth of several modems together giving you a nice fat pipe.
also note that since the mac addresses are sniffed, there is no way of tracing the location. e.g. if you scan a network and find a pc with ip address x.x.x.x you do not know it's physical location. the same logic applies to a cable network (which is simply a lan).
I'll tell ya .. I wouldnt be so temped if my ISP would offer me an option to give me more upstream
....so in reality its thier fault
....so in reality its thier fault
All made nice reading... like that .zip mate! might try the spoofing mac method a few days before we leave ntl
well, will need to get a few more modems first
well, will need to get a few more modems first
All sounds very interesting
what i like to know is if u have different mac addresses on say 3 modems using a splitter how do u get all that bandwidth down into one pc if there using seperate macs.
I just read all the post and I think what happened with your connection it's a bug in the control of bandwith that the techs didn't checked.
I have a wireless ISP in Mexico City (EGO) and when they started to offer the service I saw that each time I connect a new computer I have like 48-72 hrs of unlimited bandwidth so I start to make test and I found that the bandwith control wasn't controlling the modem speed, instead it was controlling each computer so what I did was changing the MAC address to each computer so they take a little time to block the bandwidth again. After one year they fix this error and now the speed is controlled by the modem, but know I see this is a common mistake so if you want to try this search for SMAC itīs a windows mac address changer it's very easy to use and maybe you don't need to Uncap your modem just change the MAC time to time.
I have a wireless ISP in Mexico City (EGO) and when they started to offer the service I saw that each time I connect a new computer I have like 48-72 hrs of unlimited bandwidth so I start to make test and I found that the bandwith control wasn't controlling the modem speed, instead it was controlling each computer so what I did was changing the MAC address to each computer so they take a little time to block the bandwidth again. After one year they fix this error and now the speed is controlled by the modem, but know I see this is a common mistake so if you want to try this search for SMAC itīs a windows mac address changer it's very easy to use and maybe you don't need to Uncap your modem just change the MAC time to time.
Sorta negative post.. I just flipped out when I saw governmentsecurity.orgs front page with so much of the cliched "How do you hack school?" and all the rest of it. I thought you guys kicked them all out?
WTF?
I thought this forum was for people in the "know" the RTFMs..
There sure are a ton of posers on governmentsecurity.org.
If you guys think some stupid little (SOFTWARE!) based mac spoofing is gonna throw the sophisticated traffic analysts off your trails. Damn guys.
I can't even believe you would try any of that from a windows box!!! What are you thinking? Don't you remember how Mitnick got caught up? And he had a slick set-up... BE paranoid about this stuff.
Its time to wake up and get real.. the first thing I would suggest to the curious few out there, is start fudging around with TUNNELS!
Get yourself several hop points around the world and practice communicating covertly between them.
My latest favorite is using [ ipv4 <-> ipv6 ] tunnels. There are a ton of free ipv6 "tunnel brokers" out on the net.. a lot of isps (I'm talking the more mom&pop variety) won't even NOTICE ipv6 protocols! Let alone the more exotic ones being developed daily!
If you have a craving for bandwidth.. scope out the situation, learn about tools you never hear about anymore like lft and rwhois (build yourself an rwhois server!). (http://oppleman.com/lft/) Learn the subtle art of firewalk and fragroute. Get the TTL's down. slowly and surely scope out what is between you and the ISP. A switch? Wham! Its over! A router? These days they are a lot tougher, but they are never 100$.
Each switch and router that you can control increases your ability to remain invisible exponentially. Forget stupid 5year old lame cisco "hacking guides".... research the device on your own.
Try downloading the manufacturers current boot/config file (image) from the manufacturers website, and then using UltraISO&easyboot with a little bit of hex editing to add a custom backdoor via a well placed ssi (server-side-include) file into the built in remote management consoles they all have.... its too easy to set up a tftp server and serve the devices modified boot images.
Now you can use that device as a shield. You can ride a trunk or a vlan or a mirrored port completely stealthily.. to the next device. These devices all have the same tcp/ip stack.. they all communicate with each other in subtle ways. Just like relatives. So it tends to go like dominoes.
Another cool thing you can do is hardwire several SPOOFED MAC addresses directly into the devices CAM table.. then you are free to use these spoofed MAC addresses without risk of exposure.. while you then masquerade as the device, to gain access to the next device. You need to make sure about how your ISP filters.., I like to hardwire in MACs that are just 1 letter off from a real one, thats if I don't just spoof a real one by shutting off the port they connect on. You can also turn off digress filtering and DDOS or spam the crap out of someone with the spoofed return addresses. Forget about irc bots..
Its also helpful to keep an eye on every MAC address (via tunnels or mirrored ports broadcasting MACS and traffic that you have tethereal or ntop keep track of, hunters pretty good.) because its like a early-warning system. And it proves invaluable to have that info after you have been hacked. It even helps to know the brand of NIC.. Which reminds me that that is a good way to get devices to talk to you.. and a good way to find out about them.. look up their brand of nic, and spoof your own as that same model of device. There are countless userland tcp/ip stacks (a lot of really cool ones are in development) that give you this ability to mimic. this is good because everyone gets hacked.. What sucks is that if you have windows, most of the time you never even know it! And with those types hackers, a moderately secured *nix flavor isn't much safer. (if you don't get hacked, then you obviously know whats up, or much more likely... you just don't know that everyone from big brother to countless organized criminals watch your every move with growing amusement.
Use passive info-gathering tools like xprobe2 and amap; and icmp fingerprinting techniques like sing and isic; (but mostly parsing of dumps off the wire) to determine WHAT platform/OS is being run. Unless they are using some funkified (TCSEC) Class B2 like XTS-300 STOP or Trusted Xenix.. You have got to KNOW.. thats its well within your reach to own the box. Even OpenBSD has issues.
I'm not gonna try to get into detail, but basically, you want to either be totally invisible and undetectable always, or you want a GIGANTIC part of the web to be able and disappear into.
And once you get access to switches and routers between you and ISP, you can really start doing some cool stuff to evade traffic analysis.. like GRE tunnels and distributed networking, encapsulated encryption, etc.
Don't even get me started about DNS.... at this point.. ur circumventing the ISPs straight to the really fast stuff. so there should be nothing negative at all directed against the ISPs.. In fact, I loved working at an ISP for several years *awesome, actually*.
Ultimately, your goal is to keep the information FREE and FLOWING, while everyone else loses their hunger and drive for knowledge.. being replaced by a consuming hunger for money. greed. power.
I like to keep in perspective that money was an invention. (although I'm so flat broke these days I dunno.)
Stop wasting time, go get yourself a freebsd distro (I don't use freebsd much but they have really good documentation and plenty of easy to understand source) and read the documentation all about ipv6. I'm talking about some major rfc reading! Phenomenal ideas going on in rfc's dealing with ipv6..
Don't worry though, its only the future of the internet... they've only been working on it for freaking ever... (for one reason.. SECURITY!) and you'll find ipv6 is gonna be even more fun... a bunch of hackers in a monumental worldwide effort created it.
manifesto?.. .
ya ya... ya.. BTW, this post is fictionally falsified and is in no way representative of the views of anyone without a law degree.. Disclaimer?..
WTF?
I thought this forum was for people in the "know" the RTFMs..
There sure are a ton of posers on governmentsecurity.org.
If you guys think some stupid little (SOFTWARE!) based mac spoofing is gonna throw the sophisticated traffic analysts off your trails. Damn guys.
I can't even believe you would try any of that from a windows box!!! What are you thinking? Don't you remember how Mitnick got caught up? And he had a slick set-up... BE paranoid about this stuff.
Its time to wake up and get real.. the first thing I would suggest to the curious few out there, is start fudging around with TUNNELS!
Get yourself several hop points around the world and practice communicating covertly between them.
My latest favorite is using [ ipv4 <-> ipv6 ] tunnels. There are a ton of free ipv6 "tunnel brokers" out on the net.. a lot of isps (I'm talking the more mom&pop variety) won't even NOTICE ipv6 protocols! Let alone the more exotic ones being developed daily!
If you have a craving for bandwidth.. scope out the situation, learn about tools you never hear about anymore like lft and rwhois (build yourself an rwhois server!). (http://oppleman.com/lft/) Learn the subtle art of firewalk and fragroute. Get the TTL's down. slowly and surely scope out what is between you and the ISP. A switch? Wham! Its over! A router? These days they are a lot tougher, but they are never 100$.
Each switch and router that you can control increases your ability to remain invisible exponentially. Forget stupid 5year old lame cisco "hacking guides".... research the device on your own.
Try downloading the manufacturers current boot/config file (image) from the manufacturers website, and then using UltraISO&easyboot with a little bit of hex editing to add a custom backdoor via a well placed ssi (server-side-include) file into the built in remote management consoles they all have.... its too easy to set up a tftp server and serve the devices modified boot images.
Now you can use that device as a shield. You can ride a trunk or a vlan or a mirrored port completely stealthily.. to the next device. These devices all have the same tcp/ip stack.. they all communicate with each other in subtle ways. Just like relatives. So it tends to go like dominoes.
Another cool thing you can do is hardwire several SPOOFED MAC addresses directly into the devices CAM table.. then you are free to use these spoofed MAC addresses without risk of exposure.. while you then masquerade as the device, to gain access to the next device. You need to make sure about how your ISP filters.., I like to hardwire in MACs that are just 1 letter off from a real one, thats if I don't just spoof a real one by shutting off the port they connect on. You can also turn off digress filtering and DDOS or spam the crap out of someone with the spoofed return addresses. Forget about irc bots..
Its also helpful to keep an eye on every MAC address (via tunnels or mirrored ports broadcasting MACS and traffic that you have tethereal or ntop keep track of, hunters pretty good.) because its like a early-warning system. And it proves invaluable to have that info after you have been hacked. It even helps to know the brand of NIC.. Which reminds me that that is a good way to get devices to talk to you.. and a good way to find out about them.. look up their brand of nic, and spoof your own as that same model of device. There are countless userland tcp/ip stacks (a lot of really cool ones are in development) that give you this ability to mimic. this is good because everyone gets hacked.. What sucks is that if you have windows, most of the time you never even know it! And with those types hackers, a moderately secured *nix flavor isn't much safer. (if you don't get hacked, then you obviously know whats up, or much more likely... you just don't know that everyone from big brother to countless organized criminals watch your every move with growing amusement.
Use passive info-gathering tools like xprobe2 and amap; and icmp fingerprinting techniques like sing and isic; (but mostly parsing of dumps off the wire) to determine WHAT platform/OS is being run. Unless they are using some funkified (TCSEC) Class B2 like XTS-300 STOP or Trusted Xenix.. You have got to KNOW.. thats its well within your reach to own the box. Even OpenBSD has issues.
I'm not gonna try to get into detail, but basically, you want to either be totally invisible and undetectable always, or you want a GIGANTIC part of the web to be able and disappear into.
And once you get access to switches and routers between you and ISP, you can really start doing some cool stuff to evade traffic analysis.. like GRE tunnels and distributed networking, encapsulated encryption, etc.
Don't even get me started about DNS.... at this point.. ur circumventing the ISPs straight to the really fast stuff. so there should be nothing negative at all directed against the ISPs.. In fact, I loved working at an ISP for several years *awesome, actually*.
Ultimately, your goal is to keep the information FREE and FLOWING, while everyone else loses their hunger and drive for knowledge.. being replaced by a consuming hunger for money. greed. power.
I like to keep in perspective that money was an invention. (although I'm so flat broke these days I dunno.)
Stop wasting time, go get yourself a freebsd distro (I don't use freebsd much but they have really good documentation and plenty of easy to understand source) and read the documentation all about ipv6. I'm talking about some major rfc reading! Phenomenal ideas going on in rfc's dealing with ipv6..
Don't worry though, its only the future of the internet... they've only been working on it for freaking ever... (for one reason.. SECURITY!) and you'll find ipv6 is gonna be even more fun... a bunch of hackers in a monumental worldwide effort created it.
manifesto?.. .
ya ya... ya.. BTW, this post is fictionally falsified and is in no way representative of the views of anyone without a law degree.. Disclaimer?..
QUOTE(pingywon @ Oct 15 2004, 04:46 PM)
I have no intentions of trying it. I get good bandwidth and have known it to be risky business for quite sometime.
Im only asking how long it took until they caught on to you
Im only asking how long it took until they caught on to you
My friend uncapped his modem before. At first he didn't get caught for a few weeks. Then they released some update for his modem, which reset it back to his normal bandwith.
Then he tried again, and it was only a few days before it was reset so he doesn't bother anymore.
BTW, i'm curious about hooking up more than one cable modem and combining the bandwith. I was talking to my friends about this, and they said that it would work, but for only a little bit. They said that the ISP would catch on after a week or so, then they would kick you off.
But my question is, how would they know without doing some researching? Because it is a valid MAC address, but just on a different subnet.
Thanks
if you use sniffed mac address they cannot catch you.
that mac address will be registered with another address, and they will chase the wrong person.
it's impossible to trace the connection to your house.
that mac address will be registered with another address, and they will chase the wrong person.
it's impossible to trace the connection to your house.
QUOTE(tibbar @ Mar 30 2005, 09:38 PM)
if you use sniffed mac address they cannot catch you.
that mac address will be registered with another address, and they will chase the wrong person.
it's impossible to trace the connection to your house.
that mac address will be registered with another address, and they will chase the wrong person.
it's impossible to trace the connection to your house.
I wouldn't do this unless the sniffed MAC address has no barriers between you and it. So this would work in, say, an apartment complex. It is way too easy to trace back connections.. Many ISPs use free software that constantly measures traffic and analyzes it. Think software like mrtg .. Simpler software, like a favorite of mine -- etherape, can help you see your exposure as far as connections are concerned.
Recommended book: [Data Communications and Networking -- by Forouzan]
Give the ISPs some credit.. they don't chase addresses... they trace network paths.
----------------------------------------------------
As far as combining multiple lines and using the resulting bandwidth.. It would be wise (and stealthier) to use a 2nd computer between the lines and your computer. Make a "bridge pc", or a router pc. There are many examples of this working (along with source and free programs, kernel modules) for the linux and *nix OS's -- you can use this with a wide variety of lines.. modem, usb, etc.. etc..
I guess you could also steal bandwidth from owned networks, and set up a tunnel (encapsulated or nto) remotely, and then feed those bandwidth tunnels into your "bridge" computer. At any rate, it would be a fun routing exercise.
I wouldn't do anything of this sort unless I lived in a non-extraditing country with no computer laws.
could you explain how the isp can trace the stolen mac address to a particular address?
i.e. if consider the case where someone who isnt even registered with the isp, simply wires themselves up to the cable box outside the block of flats, then buys a modem on ebay and uses a sniffed mac address.
i think it is physically impossible to trace the location of the rogue connection, short of unplugging each house one by one and waiting until the mac address disconnects.
think of a lan - can you determine which room a pc is in from the connection? of course not.
i.e. if consider the case where someone who isnt even registered with the isp, simply wires themselves up to the cable box outside the block of flats, then buys a modem on ebay and uses a sniffed mac address.
i think it is physically impossible to trace the location of the rogue connection, short of unplugging each house one by one and waiting until the mac address disconnects.
think of a lan - can you determine which room a pc is in from the connection? of course not.
QUOTE
could you explain how the isp can trace the stolen mac address to a particular address?
It would be simple to go from router to router, switch to switch, examining the CAM tables. Or you could have a simple program like arpspoof or hunter keeping track and alert you to surprises..
If you want to learn more about this.. go get ethereal (win and nix verisions) and you will be able to see for yourself what is being transmitted on the wire.
Every switch/router generally has remote access, and it would be easy to find out on what port of the switch/router a MAC is coming in on.
The only reason they would become aware that it was being spoofed is from traffic analysis of some fashion.. like mrtg, or snort, etc. Something would alert them to the fact that a diferent physical location(TTL, windowsize, packet length, and other parameters in the packets are tipoffs) is using a MAC address that belongs in a different location. Or they would know if the real MAC (and the spoof) came online.
You could trace it many ways, think lft, traceroute (the oldschool version), hping3, netcat, etc.. and that is just manually! There is no "rogue connection" here, its all landlines.. In the exchange of data between your spoofed MAC computer and the ISPs gateway/router/switch/etc, They already know how many seconds it took to reach them (TTL), they know if it stopped anywhere and where, all the info they need is encapsulated in a single packet. They can even tell the type of your TCPIP stack and guess your kernel version.
Of course, a medium/big ISP would probably never even try to notice this.. but hoping that it's impossible to be traced when doing this is asking for all kinds of problems.
DHCP networks would be easier than static to get away with, better yet. wireless networks.
yes but you still would only trace it to the last switch before you, which in practice means that the spoofed mac address is could be one in say 100 apartments.
It's irrelevent whether they manage to determine your OS running etc, they still need to figure out which of the 100 flats is stealing bandwidth.
I think that in practice a large ISP would never make the effort to track you down.
[edit]
So I guess the question might be whether they know the physical location of each cable going to each port of the switch - if so they might indeed narrow down the location some what...
It's irrelevent whether they manage to determine your OS running etc, they still need to figure out which of the 100 flats is stealing bandwidth.
I think that in practice a large ISP would never make the effort to track you down.
[edit]
QUOTE
Every switch/router generally has remote access, and it would be easy to find out on what port of the switch/router a MAC is coming in on.
So I guess the question might be whether they know the physical location of each cable going to each port of the switch - if so they might indeed narrow down the location some what...
Generally, each apartment has a service-line that connects to some type of switch mechanism. Each of these will have individual numbered ports that the apartment cables go into. Each of these will have CAM tables whether they are used for access-control or not. Remote management makes it easy to track you. Unless you do it first. I'm also assuming your in a layer2or3 switched environment.
If I was you I'd just get access to the switch or router (RS-232 or remotely) nearest you, then modify the settings to taste. Unless its a WAP or something, you can't be anonymous just by spoofing a MAC if your connected directly. Dhcp is only an illusion of anonymity.
I worked at a ISP doing commercial wiring, and it is a science.. its easy to track to the specific room with or without knowing the setup.
I don't know your purposes but you are right in saying the ISP probably won't care or notice.
If I was you I'd just get access to the switch or router (RS-232 or remotely) nearest you, then modify the settings to taste. Unless its a WAP or something, you can't be anonymous just by spoofing a MAC if your connected directly. Dhcp is only an illusion of anonymity.
I worked at a ISP doing commercial wiring, and it is a science.. its easy to track to the specific room with or without knowing the setup.
I don't know your purposes but you are right in saying the ISP probably won't care or notice.
very interesting stuff cduke250, thanks for the info.
i actually pay for my internet service but have spoofed mac addy's in the past to provide additional anonomity - since my ip address would not relate to my home address.
i was however under false sense of security thinking it nearly impossible to trace the connection to an exact physical location - thanks for setting me straight!
i actually pay for my internet service but have spoofed mac addy's in the past to provide additional anonomity - since my ip address would not relate to my home address.
i was however under false sense of security thinking it nearly impossible to trace the connection to an exact physical location - thanks for setting me straight!
This one of the best uncapping sites around. I have uncapped many a modem follow this sites tutorials and applications. 
http://www.tcniso.net/
http://www.tcniso.net/
tcniso is well known on the web there is also http://www.fibercoax.net/ both have software for mac spoofing, cduke250 is right u are not 100% anonymous that never happens not even with wireless not even with tunneling. there is always a way to find u.
but the point is to make that way complicated. Then with mac spoofing u are making that, to trace u first they will have to discover u, since u have changed ur mac they wont notice that for a while cause they will see ur mac and check that ur upstream and downstream are ok for ur mac. just to discover u with mac spoofing would take a while till somebody on the node than u complains about his conexion if u are stealing too much bandwith.
once they discovers u they will have to trace like u said before, and they will get to a box where there will be lots of probabilities.
If u are smart enough u will be switching macs and this will make the above process really hard to work.
with this im trying to make u notice that there is always a way to getu but there is always a way to escape.
i also want ot point out that motorola cablemodems till 4200 are uncappable in many ways. more than u can imagine.
5000 series come with docsis 1.1 so they are more difficult but something has already been discovered. check tcniso.net .
u should know people from tcniso are not the best a while ago they used money for their own and not for the project. the sigma firmware came with a message to the cmts that told that the modem was running sigma. in my opinion fibercoax is better. but well u will decide this on ur own.
com21 is uncapable on docsis 1.0 its more complex than surfboard but still works.
and well nothing else to say, just dont be stupid try to hide urself as much as u can.
but the point is to make that way complicated. Then with mac spoofing u are making that, to trace u first they will have to discover u, since u have changed ur mac they wont notice that for a while cause they will see ur mac and check that ur upstream and downstream are ok for ur mac. just to discover u with mac spoofing would take a while till somebody on the node than u complains about his conexion if u are stealing too much bandwith.
once they discovers u they will have to trace like u said before, and they will get to a box where there will be lots of probabilities.
If u are smart enough u will be switching macs and this will make the above process really hard to work.
with this im trying to make u notice that there is always a way to getu but there is always a way to escape.
i also want ot point out that motorola cablemodems till 4200 are uncappable in many ways. more than u can imagine.
5000 series come with docsis 1.1 so they are more difficult but something has already been discovered. check tcniso.net .
u should know people from tcniso are not the best a while ago they used money for their own and not for the project. the sigma firmware came with a message to the cmts that told that the modem was running sigma. in my opinion fibercoax is better. but well u will decide this on ur own.
com21 is uncapable on docsis 1.0 its more complex than surfboard but still works.
and well nothing else to say, just dont be stupid try to hide urself as much as u can.
i dont really see the purpose (spose im not paying for it, parents are) but i have a 12 gig limit and have reached 6mbs a sec downstream. I know this is true because the file i was downloading was 32mbs and it took 5 secs, roughly. Why would you need anything faster? I have a motorola 4200 and have seen articles on uncaping it. not worth the trouble. $50 AUS a month isnt bad.
-toe
-toe
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
