The other "hacked modem" thread this morning started me thinking and I have a genuine question:

Can anyone tell me if those using hacked modems will be subject to traffic management or is that a service applied only to those of us who pay for services?

It should apply all the cloners are doing is using someone elses mac address, so the poor s*d who is genuinely paying gets traffic shaped for no fault of there own. I cannot type what i really think of them.....

Thanks for that Doofy, it explains it to some degree.

Can we assume then, in the circumstances that you've outlined, that VM will use the data collected through traffic management to correlate cloned mac address details and take the appropriate action against offenders and afford restitution to the innocent parties?

I think they will be. it's been asked in the virgin groups but no official answer yet.

are the chipped modems also going to be effected cuz i reckon its their fault this is happening and virgin oughta investigate their own employees thats whos selling the blummin things

Im guessing it will go by the modems HFC IP and not its MAC address so your totally fine. Hmmm which makes me think that a cloned modem will be laughing cos all they have to do is change the mac to another one and they be back to 0gb!

Thanks for that Doofy, it explains it to some degree.

Can we assume then, in the circumstances that you've outlined, that VM will use the data collected through traffic management to correlate cloned mac address details and take the appropriate action against offenders and afford restitution to the innocent parties?
One would hope so but as far as i am aware some areas are better clued up and are willing to do something about theft of service, unfortunately in my area that is not the case. I had a hell of a time sorting our local rip off merchant but it isnt the case in all areas some are pretty on top of it all.

...virgin oughta investigate their own employees thats whos selling the blummin things...

People get them from accross the water... [link edited]
The only way they would be blocked is if the clash in MACs worked not just in the same UBR but outside as well...

That's why they ask their mate 10 miles away for the MACs his sniffed as he could not use his own...

I'd really appreciate it if you didn't post addresses in my thread as I'm trying to have a serious discussion here.

Please edit your last post. Thanks.

EDIT:

Cheers for doing that, thanks.

People get them from accross the water... *****

I think it's best if you edit your post :)

Everyone has their own views but I say if it doesn't harm anyone then it don't matter... For example if you pay for the service and just want to do some testing with other modems then test... just as long as it doesn't affect anyone else like don't clone a MAC if it is going to keep disconnecting the other guys net!

Any other views welcome!

People get them from accross the water... [link edited]
The only way they would be blocked is if the clash in MACs worked not just in the same UBR but outside as well...

That's why they ask their mate 10 miles away for the MACs his sniffed as he could not use his own...

So, in all probability, the cloned modems who don't pay for the service will only suffer the same restrictions as the paying customer and further action, dependant on the circumstances you've outlined above, being taken against cloned modems is unlikely?

Everyone has their own views but I say if it doesn't harm anyone then it don't matter...

Any other views welcome!

Here's a view, your opinion that Theft Of Service affects no one is BS. If someone uses massive ammounts of bandwidth when that person is not paying for the service then others will be affected by price increases or degraded service. Anything that affects the profit line of a provider will cause issues all across the board.
So do you also take the line that shoplifting from supermarkets is fine?

Here's a view, your opinion that Theft Of Service affects no one is BS. If someone uses massive ammounts of bandwidth when that person is not paying for the service then others will be affected by price increases or degraded service. Anything that affects the profit line of a provider will cause issues all across the board.
So do you also take the line that shoplifting from supermarkets is fine?

Fair point but can I ask you have you ever made a copy of your mates music CD and said it's not that bad...

****ing the music industry up but pretty much everyone does it!

Could it be the case that a fair percentile of this "Top 5%" of abusers are actually cloned modem owners?

Guys, can I remind you that cloning MAC addresses (as with any alteration of Virgin Media's equipment) is against the terms and conditions of service. It can also be illegal, if used for theft of service, and I'd like to remind you that when you signed up for this site, you all agreed not to


Post, transmit, upload, email or otherwise make available any content that is illegal, abusive, harassing, defamatory, confidential, harmful, threatening, vulgar, libelous, invasive of another’s privacy, or ethnically, racially or otherwise objectionable.

I've had to close one thread because of this. I do *not* want to have to close another.

Stuart,

I think the relevant reference / link has been removed by the original poster but you're free to edit further as you see fit.

I did not start this thread to discuss methods of hacking I am merely trying to get a handle on VM's stance from a legal / consumer perspective with regard to their recently introduced Traffic Management system and how the actions of those acting illegally affect us who act legally.

I'd appreciate it if other posters would be mindful of this when posting.

Thanks

Mr A

This is purely my own opinion...
The people who clone the mac adresses of other modems are thieves pure and simple why would you want to do this but to get a service that is not going to be paid for.
Or if you just so happen to buy one it is with the intent to steal services why else would you pay x amount for a bit of hardware to sit in the corner not plugged in to anything (somehow i dont think so).
And like another poster i do not want to say what i really think as i would more than likly get a suspension or ban which almost happened on the original .com site when a simalar subject arose

Simple answer to this is to track them down and prosecute to the full extent of the law (not sure which law would cover this though)

Fair point but can I ask you have you ever made a copy of your mates music CD and said it's not that bad...

****ing the music industry up but pretty much everyone does it!

There's a huge difference between copying a CD and going through all the necessary stages to steal cable tv or internet. The law recognises that and that's why small scale copyright breaches result in having to pay damages to the copyright holder(in most cases) and illegally obtaining internet or TV will get you a large fine or worse, prison time along with criminal record. IANAL but I'm pretty sure the former is a civil offence and the latter a criminal offence.

Stuart,

I think the relevant reference / link has been removed by the original poster but you're free to edit further as you see fit.

I did not start this thread to discuss methods of hacking I am merely trying to get a handle on VM's stance from a legal / consumer perspective with regard to their recently introduced Traffic Management system and how the actions of those acting illegally affect us who act legally.

I'd appreciate it if other posters would be mindful of this when posting.

Thanks

Mr A

Fair enough.. I realise you didn't want discuss the specifics of hacked modems, but I just thought it prudent to put a warning in just in case others did.

This is purely my own opinion...
The people who clone the mac adresses of other modems are thieves pure and simple why would you want to do this but to get a service that is not going to be paid for.
Or if you just so happen to buy one it is with the intent to steal services why else would you pay x amount for a bit of hardware to sit in the corner not plugged in to anything (somehow i dont think so).
And like another poster i do not want to say what i really think as i would more than likly get a suspension or ban which almost happened on the original .com site when a simalar subject arose

Simple answer to this is to track them down and prosecute to the full extent of the law (not sure which law would cover this though)

No one denies or doubts that what they do is illegal. The issues I am trying to get at here are

a) What percentile, if any, of the top 5% of abusers are hacked modem users?

b) Are VM capable of identifying those who are using said modems?

c) Is it the case that VM place more importance on bandwidth distribution / allocation than they do on theft of service?

Given that hacked modems are apparently commonplace (and an issue that VM are aware of) in the event that the answer to a) does involve a percentile of hacked or cloned modems then one would have to wonder why their ineffectiveness in addressing the matter has led to legal customers being shaped to offset the activities of illegally obtained service users.

EDIT:

No problem Stuart

In my opinion they simply do not have the manpower to deal with this problem that is how it was explained to me on a call back from a senior manager. When they do get caught nothing is done in my case all that was done was the offender was disconnected at the cab and told by NTL, (yup he had the nerve to ring and complain i Kid you not) That if he wanted reconnecting a deposit of £100.00 would be payable, never mind the 5 or 6 cloned modems he had running 24/7, never mind he killed everyones connection in the local area, just pay us 100 quid and all is forgotten

Man, why the hell don't vm sue?

Man, why the hell don't vm sue?
Costs too much money i suppose i think they have made so many people redundant that they no longer have the manpower to combat this problem. Certainly in this area there are more people not paying for there service than there are paying... Crazy situation that needs seriously addressing IMO

Couldn't they develop some new firmware that would be sent straight to the modems that would then require a one off input of a password to gain net access through the modem and this would be available from your account that you pay for. You would phone up, they would check your account and address and give you out your password that would unlock your access to the net.
All other modems would cease to work as people would not be able to enter their password for the new firmware.

I guess the problem would be that each firware would have to have a different password or else once one is out then it is of no use and everyone would use it.

It's a complex situation but one that has to be addressed as I do not like the idea that I am paying for my services when others get it for free.
They should pay for it like everyone else has to spend their hard earned money on it.

Couldn't they develop some new firmware that would be sent straight to the modems that would then require a one off input of a password to gain net access through the modem and this would be available from your account that you pay for. You would phone up, they would check your account and address and give you out your password that would unlock your access to the net.
All other modems would cease to work as people would not be able to enter their password for the new firmware.

I guess the problem would be that each firware would have to have a different password or else once one is out then it is of no use and everyone would use it.

It's a complex situation but one that has to be addressed as I do not like the idea that I am paying for my services when others get it for free.
They should pay for it like everyone else has to spend their hard earned money on it.

Many thanks Halcyon. Would anyone like to comment on this suggestion?

The problem is greater than VM would care to admit possibly one reason why the price is so high on VM. But i wholeheartedly agree with you it winds me up no end that i willingly pay for a service while others get away scott free. And trust me it is a lot more difficult to get someone to take it seriously than it should be....

The problem is greater than VM would care to admit possibly one reason why the price is so high on VM. But i wholeheartedly agree with you it winds me up no end that i willingly pay for a service while others get away scott free. And trust me it is a lot more difficult to get someone to take it seriously than it should be....

It seems, given your earlier example, that VM are happy to penalize paying customers for their own shortcomings in failing to address theft of their services. I think we're now at a point where this needs to be made clear to them by their paying customer base.

Obviously theft and use of service has contributed to the scenario we now find ourselves in.

I signed up to "unlimited" 10mb (prior to the introduction of "up to") and I pay my bill, in advance, monthly.

I would like to know, from someone at VM, why, if I were to pay late, they would seek to penalize me. Why, if I don't pay by DD, that they would seek to penalize me and why, because they are too inept or uninterested, I should suffer a restriction of services limitation due to thousands on their networks using cloned modems.

Before anyone seeks to try to justify these obvious shortcomings on the part of VM please try to comprehend the essence of the statement above. If you pay for your services they will exploit you, steal them and they ignore you.

To those who subscribe to the school of thought "take your custom elsewhere if you're not happy" I would ask why should I, or anyone else, be expected to accept anything short of a decent level of service in exchange for my money?

It's that "I'm off elsewhere" attitude that has allowed this ridiculous situation to arise.

It's high time that VM were taken to task on these matters.

Actually some bloody good points there it is about time that something seriously was done to combat this problem, I get less of a service than someone who steals it, surely that cannot be right. IMO the fraud department (in some areas) need taking to task and made to realise that this can no longer be tolerated and actually do something about it, I had every excuse possible as to why nothing was done ended up getting the engineer a couple of beers for sorting my problem out (nice chap as well)

Paul again edits out a person post to suit himself and make it appear false and totally opposite of what it originally stated.

The person wrote this:

" Everyone has their own views but I say if it doesn't harm anyone then it don't matter... For example if you pay for the service and just want to do some testing with other modems then test... just as long as it doesn't affect anyone else like don't clone a MAC if it is going to keep disconnecting the other guys net!

Any other views welcome! "

Now I read into that, if you want to connect another modem to test which is not VM's and you aint cloning whats the harm as you are still paying for your modem in your rental < fine by me same as other countries let users buy own modems and it still ties into the same account (I know this is not the case here).

Paul edits the OP's post and quote this :

" Originally Posted by unlomcom
Everyone has their own views but I say if it doesn't harm anyone then it don't matter...

Any other views welcome! "

Now the above makes it looks like the OP is saying cloning anothers MAC from a modem is alright and stealing is alright.


Its a bit like me saying " I want to kill 1 hour by playing pool with George" then someone editing it to " I want to kill George" seems to be a sure way to get someone in trouble.

Well, all we have to go on is some posters saying it is common. I don't have a clue how common common is. So as far as I'm concerned the notion that theft of service has been a contributing factor in traffic shaping is purely hypothetical. Perhaps it has, perhaps it hasn't. We just don't know do we?

Well, all we have to go on is some posters saying it is common. I don't have a clue how common common is. So as far as I'm concerned the notion that theft of service has been a contributing factor in traffic shaping is purely hypothetical. Perhaps it has, perhaps it hasn't. We just don't know do we?

With all due respect.

You'd need to be of a particularly naive mindset to suggest that theft of service "perhaps" has no effect on the matter.

Rudimentary mathematics would confirm that the number of alternatives to cable boxes alone available on ebay has a devestating effect on generated revenue.

Quite how anyone could consider the carboot variety of modem as not being a contributory factor in traffic management is a bit too much of a stretch for most people.

While trying to sort my prob out i spent a great deal of time looking into this as wellas talking to various managers at NTL and beleive me it is a massive problem. I am not saying that they have contributed to the traffic shaping but i would be interested in knowing what percentage of the 5% of heavy downloaders were actually legit. Besides the obvious theft of service it has a an impact on the local connection if they don't know about them how can they account for them....

At the end of the day VM have to look in-house at their own engineers or sub-contractors. They have to be the people installing these illegal modems. I think better and tighter procedures need to be introduced.

With all due respect.

You'd need to be of a particularly naive mindset to suggest that theft of service "perhaps" has no effect on the matter.

Yes, but the issue is the scale. There will always be abuse of services. The question is how much of an impact it has, and how much the cost of combatting the problem is or would be.


Rudimentary mathematics would confirm that the number of alternatives to cable boxes alone available on ebay has a devestating effect on generated revenue.

Perhaps, I've never looked into it really. All I am saying is that we are kind of guessing here, and there may not be much of a case for 'taking VM to task' over this'.

At the end of the day VM have to look in-house at their own engineers or sub-contractors. They have to be the people installing these illegal modems. I think better and tighter procedures need to be introduced.
Cannot blame the engineers for this Most of them i have met are doing a damned hard job and have to put up with at times some abuse that i would not put up with. Anyhoo it doesnt need an engineer to hook up

---------- Post added at 13:42 ---------- Previous post was at 13:40 ----------

Yes, but the issue is the scale. There will always be abuse of services. The question is how much of an impact it has, and how much the cost of combatting the problem is or would be.



Perhaps, I've never looked into it really. All I am saying is that we are kind of guessing here, and there may not be much of a case for 'taking VM to task' over this'.
And that is 100% spot on it simply costs too much money to prove it they really cannot go knocking on someones door and point out accuse them (although there are other ways) so they rely on people to report them, it is then that it falls down in some areas...

Yes, but the issue is the scale. There will always be abuse of services. The question is how much of an impact it has, and how much the cost of combatting the problem is or would be.

Hence my earlier question regarding percentiles.


Perhaps, I've never looked into it really. All I am saying is that we are kind of guessing here, and there may not be much of a case for 'taking VM to task' over this'.

OK, in the last 2 minutes I've been to ebay and spotted one seller alone selling boxes whose only sole purpose is to circumvent cable TV security protocols. He / she has been a member since June 05 and has sold thousands of these units (currently, in one listing only, selling eight lots of eight).

Now, given that I was able to factually (no guessing involved) research this in a matter of seconds / minutes are you seriously suggesting that VM are in any way interested in preventing theft of service?

Cannot blame the engineers for this Most of them i have met are doing a damned hard job and have to put up with at times some abuse that i would not put up with. Anyhoo it doesnt need an engineer to hook upTake off your rose tinted glasses.;)

Hence my earlier question regarding percentiles.

Yep, valid question. To which we don't know the answer.


OK, in the last 2 minutes I've been to ebay and spotted one seller alone selling boxes whose only sole purpose is to circumvent cable TV security protocols. He / she has been a member since June 05 and has sold thousands of these units (currently, in one listing only, selling eight lots of eight).

Now, given that I was able to factually (no guessing involved) research this in a matter of seconds / minutes are you seriously suggesting that VM are in any way interested in preventing theft of service?

From my (limited) understanding these boxes tend to fail and need regular software updates? Would this happen if VM are not interested in preventing theft of service?

Mind you, I am not saying they are doing enough. Just that it's difficult to judge.

Just thought I would add a little infomation it is most likely not the engineers providing the cable modems and setup anyone can do it and it is not that difficult. Modems can be bought anywhere the Motarola SB5100 is the most used as you can get modified firmware for it which can do many fancy things. Like BLOCK official firmware updates...

The only way that I can possibly see this getting sorted is for VM to not allow any dupe MACs accross the WHOLE of their network!

Take off your rose tinted glasses.;)
I recieved a modem for a "self install" when i upgraded, CS sent it to me via parcelforce, in a "Look at me!" VirginMedia Box.
I wonder how many of the modems sent out don't reach their intended destination?

To report people using VM sevices illegally call 08000967800 > Option 1. :tu:

I agree with most people in this thread that VM really need to do a lot more to combat the people that use the services illegally...

There's a huge difference between copying a CD and going through all the necessary stages to steal cable tv or internet. The law recognises that and that's why small scale copyright breaches result in having to pay damages to the copyright holder(in most cases) and illegally obtaining internet or TV will get you a large fine or worse, prison time along with criminal record. IANAL but I'm pretty sure the former is a civil offence and the latter a criminal offence.

Not really copying a CD and getting free Cable only takes a fews steps for both... it is just the knowledge of copying a CD is more out in the open... I think most people on this forum would take free cable if they knew how to or if it was given to them...

Not really copying a CD and getting free Cable only takes a fews steps for both... it is just the knowledge of copying a CD is more out in the open... I think most people on this forum would take free cable if they knew how to or if it was given to them...
Well i for one wouldnt and i do know how i pay for what i need or use i'm funny like that......

Its hard to know if someone is stealing service really.

To me, it would make sense to simply block all duplicate MAC addresses.
Those that are blocked would call up, they could try the dup MAC and then they would probably be able to trace it to the house that it is at, Physically remove the cable from the property, Black list the property, and then send them a bill.

Some people will pay the bill, and really, they could do this an area at a time, even 1 man in a van checking every house in each area (maybe 50 people nation wide.

Yes it would take a long time to get them all out, but once they are out, blocking dupe MAC's would stop them getting back in.

A lot not all but a lot of people on cloned modems subscribe to the lower broadband and use there own mac on a cloned modem to up it to 10 meg, so VM look on it at least they are getting something back, albeit not the correct amount but a bit....

A lot not all but a lot of people on cloned modems subscribe to the lower broadband and use there own mac on a cloned modem to up it to 10 meg, so VM look on it at least they are getting something back, albeit not the correct amount but a bit....

See now that I somewhat agree with!

A lot not all but a lot of people on cloned modems subscribe to the lower broadband and use there own mac on a cloned modem to up it to 10 meg, so VM look on it at least they are getting something back, albeit not the correct amount but a bit....


I know a few people who have done such a thing.

And they are in an area where traffic management is in, now soon as he hits his limit on his modem from VM, he get's shaped, but his cloned mac/modem does not.

...now soon as he hits his limit on his modem from VM, he get's shaped, but his cloned mac/modem does not.

So, all this hyperbole from VM is a nonsense as they can't police the mac addresses?

The problem can be solved only

*if they recall all modems
*use certificates (like secure websites) to make bootloader secure
*flash them

An expensive business and I am not convinced that it will work.

Unfortunately the problem will become more widespread now, as the illegal firmware is now freeware and it works on NTL's Ambits. The sniffer program is also free and no new hardware is needed...

Traffic management will push those guys to flash their modems

At least they can ask Ambit to produce certified modems from now on....

---------- Post added at 19:58 ---------- Previous post was at 19:13 ----------

So, all this hyperbole from VM is a nonsense as they can't police the mac addresses?

That's correct.

Even if the modems are certifiable, Virgin still has to allow the cloned ones as it cannot tell a cloned from the real thing. The UBRs can tell of duplicates, provided that the modem runs yyyyy but the cloners bypass this by downloading to the "lower" version of yyyyy which does not have this feature...

I'd really appreciate it if you didn't post addresses in my thread as I'm trying to have a serious discussion here.

Please edit your last post. Thanks.

EDIT:

Cheers for doing that, thanks.

I will only post the one time in this thread. The hacked modems are affected by the STM just the same as the real ones.

Thats it.

The problem can be solved only

*if they recall all modems
*use certificates (like secure websites) to make bootloader secure
*flash them

An expensive business and I am not convinced that it will work.

Unfortunately the problem will become more widespread now, as the illegal firmware is now freeware and it works on NTL's Ambits. The sniffer program is also free and no new hardware is needed...

Traffic management will push those guys to flash their modems

At least they can ask Ambit to produce certified modems from now on....

---------- Post added at 19:58 ---------- Previous post was at 19:13 ----------



That's correct.

Even if the modems are certifiable, Virgin still has to allow the cloned ones as it cannot tell a cloned from the real thing. The UBRs can tell of duplicates, provided that the modem runs yyyyy but the cloners bypass this by downloading to the "lower" version of yyyyy which does not have this feature...


Hit the nail right on the head there.

And i can see alot more people opting for cloned modems with this stupid shaping going on, at the end of the day your paying top £ to use your connection when you want and need it.

I will only post the one time in this thread. The hacked modems are affected by the STM just the same as the real ones.

Thats it.

True. But you change MAC and you start all over. Sigma ;)

I will only post the one time in this thread. The hacked modems are affected by the STM just the same as the real ones.

Thats it.

Thanks Bill. What steps are VM taking to ensure that innocent parties are not being affected?

Assuming, under the terms of the DPA, they are logging the offenders they use STM on then obviously they can correlate the multiple instances of a MAC address?

Why don't they simply kill all instances of the MAC address and wait for the legitimate customer to phone up to complain - explain the process to them and get them back on line?

It's not rocket science - as someone once said.

Thanks Bill. What steps are VM taking to ensure that innocent parties are not being affected?

Assuming, under the terms of the DPA, they are logging the offenders they use STM on then obviously they can correlate the multiple instances of a MAC address?

Why don't they simply kill all instances of the MAC address and wait for the legitimate customer to phone up to complain - explain the process to them and get them back on line?

It's not rocket science - as someone once said.
they will be able to identify the owner of the original mac address so should be contacting them to arrange a swap out,i had one of these on a fault,the sub was told there were 10 other CPE's on the same mac address!!!

Thanks Bill. What steps are VM taking to ensure that innocent parties are not being affected?

Assuming, under the terms of the DPA, they are logging the offenders they use STM on then obviously they can correlate the multiple instances of a MAC address?

Why don't they simply kill all instances of the MAC address and wait for the legitimate customer to phone up to complain - explain the process to them and get them back on line?

It's not rocket science - as someone once said.

Pm on its way :)

As for these modems it makes my blood boil and god help anyone i catch with one. They will not have service after i have finished with there account. :)

Pm on its way :)

As for these modems it makes my blood boil and god help anyone i catch with one. They will not have service after i have finished with there account. :)

It's science mate, nothing to get upset about. RSA was never broken, Virgin will be breached day in day out. NTL is just not bright technologically, in fact they are positively "thick". "Virgin" is a marketing trick, nothing changed.

Thanks for that Bill.

Thanks for that Bill.

Any time :tu:

As a fairly light user but someone who also enjoys top tier service, traffic management doesn't bother me, but this modem hacking worries me. Is there any measures i can take to make sure my bandwidth is used solely by my modem?

I ask this because for the few weeks i have been with Virgin i have had a nice stable service but this evening has been noticeably slower and it is only now (after 00.00) that my speed seems normal.



(P.S. first post after weeks of lurking lol)

I've not experienced this myself. However 'A LOT' of people in Belfast have these bent Cable connections which appear to be set up by employees or former employees of NTL. It should be an absolute priority to stop this theaft.

My friend is on 10meg in Belfast. He gets about 1.2meg during the night. I'm on 10meg in London (former telewest) and I get my 10meg. So is NTL Belfast absolute shizte or is it all these thevin gits?

As a fairly light user but someone who also enjoys top tier service, traffic management doesn't bother me, but this modem hacking worries me. Is there any measures i can take to make sure my bandwidth is used solely by my modem?

I ask this because for the few weeks i have been with Virgin i have had a nice stable service but this evening has been noticeably slower and it is only now (after 00.00) that my speed seems normal.



(P.S. first post after weeks of lurking lol)
:welcome:

before the main point, given that VM are in the process of updateing/upgrading users accounts/services, its to be expected that there will be slowdowns and short service brakes as its put in place so id assume that for your slowdowns before any thoughts of modem cloneing etc enters the picture for now....

traffic management doesn't bother me

its to early to really say that though, it seems clear this 5% of users figure VM are banding about (presumably to keep the shareholders/markets/bankers happy) is potentially far less than this TM throttling* could effect at least in the short term, thereg
did a post today http://www.theregister.co.uk/2007/05/08/vigin_nationwide_throttling/ and came up with 'will be affected - about 150,000 broadband users across the country' for the 5% alone.... see the comments there so far.

as a user ,other than your usual dont give out your details etc theres nothing to do really, its VM that have a power to track these things, if they didnt have a good enough database in place before id assume they do now even if the new traffic management is the cheapest on the market (probably, as they wouldnt want to effect their ongoing boardroom bonuses/payouts etc).

it should be reasonabley easy now to corrolate all the UK UBR's (how many do they currently have btw?) MAC addresses and other data into a central database as part of the individual traffic tracking sytem and flag up duplicate MACs etc, from there it should/could be an easy few seconds to notify an employee to begin any procedures they might put in place, many options infact....

how it will be of use to the likes of MrA and any other valid VM users under the DPA (Data Protection Act) wishing to use this data in their actions to get what they pay for is open to question and weather it may help put a figure on the OP matter iv not really considered it, thoughts?.

*
1:to strangle (http://en.wiktionary.org/wiki/strangle) or choke (http://en.wiktionary.org/wiki/choke) someone
2: (by extension) to suppress (http://en.wiktionary.org/wiki/suppress) or place limits (http://en.wiktionary.org/wiki/limit) on someone or something

The problem can be solved only

*if they recall all modems
*use certificates (like secure websites) to make bootloader secure
*flash them

An expensive business and I am not convinced that it will work.


Maybe I'm being a bit naive here. Lets say there are - i dunno - 1000 dhcp servers. Why not invest a little bit of time getting all dhcp servers to report leases (IP + MAC) to a central db. (Or maybe a central app , scrapes the dhcp logs ?)

Any duplicates can be flagged up ..
[ The dhcp lease appears to be 4 days, so I dont envisage masses of data even with VMs current customer base ]

Unfortunately I cant think of any cost effective ways to then target the hacked modem. Not without knowing more about the network config and customer database.
Maybe the've looked at this and based on existing network infrastructure it's not cost effective to deal with.

I'm not a networks dude (does it show :) ), but maybe you can reconfigure the router to not route to the offending IP (once identified), or if identification is not possible, dont route to either IP and wait for customer to complain (admittedly not very good for customer relations, cost due to bad PR may outstrip any savings. )

I think there are much fewer DHCPs than that, since nottingham serves a massive area.
I would suspect in the order of 10? One (with a backup hopefully) at every major hubsite.

To be honest I don't think the problem is all that big percentage wise, but if you have millions of users even 1% can easily run into the 10's of thousands of illegal users.

Some of you are suggesting that it would be easy to block all duplicate mac addresses and wait for the rightful owner to contact you and replace his / her modem. However if this would be the case with 1% of the users and you work on the assumption they have 8 million users this would mean 80.000 people of which you need to replace the modem. Not to mention 80.000 people trying to call the call centers above the normal calls they already receive.

To handle these calls you would need to temporarily extend your call centers which is relatively costly not to mention the inconvenience this brings to 80.000 users to no fault of their own.

The cost of the modem + handling and shipping would probably come to about 20 quid per user and dealing with their request on the phone would cost 5 quid on average and thats presuming everyone would be happy to replace their own modem. If you work on the assumption that 2/3rd would be willing / able to do so and sending an engineer out would cost an additional 30 quid placing 80.000 cable modems would come to:
(80.000 * 20) + ((80.000 / 3) * 30) + ((80.000 * 5) = 2.8 million quid.

Seeing as this solution only solves the current problem and doesn't stop people from actually cloning new modems this would be a bi-yearly recurring cost. Any idea how much extra bandwidth you can buy for 1.4 million quid a year? Plenty to "absorb" the heavy use of the cloned modems.

Actually solving the problem would require replacing all cable modems and probably the majority of the equipment to ensure that cloning becomes harder (as it will never become impossible), which is a lot more expensive so you would want to combine that with a general network upgrade anyways so I guess we'll be seeing something like that when the network makes the move to DOCSIS 3.0 and 50 - 100mbit speeds as at that point the majority of the hardware will need replacing anyways.

Suppose you get these 3 pairs

IP x1 Mac y
Ip x2 Mac y
IP x3 Mac y

Who do you plug off? One might be the real customer and the others are definitely clones. And do not forget clones change macs frequently.

Also Cisco IOS Release 12.3(21)BC can catch all duplicate modems on the same Cisco CMTS chassis. But the cloners are

*using macs from different areas or
*they disable DOCSIS BPI+ so the IOS cannot detect it.

You can buy a cable modem that allows you to clone the mac address but it is illegal to plug it into the Virgin network. There is freeware firmware that flashes the Ambit 200 and 250, adding lot of illegal "features".

The solution for Virgin is not easy. One cannot tell the clones from the real ones and there are 3 million of them.

I think Virgin has to draw the line at one point and say let's secure our modems and stbs. They can pay a fee to these guys

http://www.verisign.co.uk/pki/cable-modem-services/cable-modem-authentication/index.html

or hire a security guy to do the certification for them. Banks operate with that security level and it costs next to nothing.

This will not solve the problem as you have 3 million modems plugged in , that you cannot tell whether they are clones or not.

How can they tell who downloaded what? Suppose that there are two modems with the same mac on the same Cisco CMTS chassis (why not?) They cap both. Perhaps, the real customer has no reason to complain. The cloners change mac and they get a new cap to worry about

Does VM have 8 million BB users? :confused:

it should be reasonabley easy now to corrolate all the UK UBR's (how many do they currently have btw?) MAC addresses and other data into a central database as part of the individual traffic tracking sytem and flag up duplicate MACs etc, from there it should/could be an easy few seconds to notify an employee to begin any procedures they might put in place, many options infact....

It's desperately easy to find all the dupes in a matter of minutes (if anyone in VM wants to know how, PM me). The next step is the tricky one, although I have clever ways and means which I'm not going to divulge. It's interesting to see all the ways people are suggesting, mainly because most of them exist in one form or another (there is a DHCP database, there are ways and means of examining UBRs), etc.

Actually, the best solution is to bring in username/password registration over PPPoE for the faster speeds...

btw, there are between 10 and 1000 DHCP servers ;)

What steps are VM taking to ensure that innocent parties are not being affected?


Steps are being taken, but if VM told us what these steps were they would have to kill us! :D

Some of you are suggesting that it would be easy to block all duplicate mac addresses and wait for the rightful owner to contact you and replace his / her modem. However if this would be the case with 1% of the users and you work on the assumption they have 8 million users this would mean 80.000 people of which you need to replace the modem. Not to mention 80.000 people trying to call the call centers above the normal calls they already receive.

I guess it involves:

1. Identify the size of the problem. This looks fairly easy.
2. Identify different methods of prevention and ROI for each.

Any method that inconveniences the legitimate customer is wrong.
Swapouts are not necessary. Simply getting the dhcp servers to share information so that only one MAC is live at a time will fix the problem IMO.
Of course there is now a race condition between original and imposter, but if you
know the UBR or other relevant customer info , and can match that to their expected dhcp servers, that can be eliminated.

This is a one off change to infrastructure that will not need to be repeated, however it will cost some sum of money. And it cant just be hacked together. It has to go through specification, testing, etc. Also there are internal budgets to consider, what with the new traffic management software etc :)

PPPOE authentication is probably the correct way, but will be expensive to communicate to existing customer base.

However I could be talking out my bottom. I dont see it as a difficult problem to solve without affecting the customer, but it does require budget and ROI justification. However if it's not nipped in the bud, it WILL get worse as hacked modems become more popular.

Lordy

---------- Post added at 16:22 ---------- Previous post was at 16:16 ----------

Suppose you get these 3 pairs

IP x1 Mac y
Ip x2 Mac y
IP x3 Mac y

Who do you plug off?

The one that got it's lease from a dhcp server that is far from the customers registered UBR.. Better still do it before the lease is granted. (The lease is renewed every four days).

Lordy

The next step is the tricky one, although I have clever ways and means which I'm not going to divulge.

I prefer public key cryptosystems like the verisign/RSA one. I do not like cat and mouse in security situations. The mouse can cleverer than you...