EXPLANATION OF THE @HOME NETWORK AND CABLE MODEM @HOME IP STEALING By Angel of Death (Aug. 17, 1999) Revised Edition Due to Grammatical/Spelling Errors. ================================= TABLE OF CONTENTS ----------------- 1. Information about Security Bug 2. Explanation of Network and Theory 3. List of Cable Modem Providers 4. Author Information +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1. Information about Security Bug: ------------------------------- If you read the TOS/AUP (Terms of Service/Acceptable Use Policy) of your cable modem provider and they prohibit any type of servers running off your computer. @Home service is for residential, personal, private casual use only and does not allow servers of any kind from the home. (I.e. FTP Servers, WWW Servers, POP3 Servers, etc.) With this basic security hole, but not critical hole you can easily create a separate IP Address' on your computer without contacting your local cable modem provider or switch your IP around every week if you run a Server that is prohibited. I have only tried this hole with Rogers CableSystems @home network, and used only one IP address mask to obtain a customer ID. I was also told something that if your cable modem provider pings the IP you 'borrowed' and pings your original IP it will tell them that a user is fraudulently using another customer ID. I was told this by a tech at Primetime Computers (www.primetime-pc.com), and am not sure if he knew exactly what I was explaining. I have not tried the multiple IP address issuing but it should work, just with a little modification of the first theory. You are not authorized to modify the network in any way. The cable provider has the authority to involve your local police department and can and will press charges if they wish. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2. Explanation of Network and Theory: ---------------------------------- The @Home Network requires a cable modem and coaxial cable connection. This hardware is an external device that hooks up to your computer and looks like a really large external modem. Cable modems translate Radio Frequency (RF) signals to and from the cable plant into Internet Protocol (IP), TCP/IP is the communications protocol spoken by all computers connected to the Internet. The The @Home Network currently supports only Windows 95, 98, NT 4.0, and MacOS 7.6.1 with Open Transport v. 1.1 or greater TCP/IP stacks. You will notice in your NETWORK Settings, in Control Panel, the properties for the TCP/IP are all blank. With the @home Network, on Windows Boot-Up, your computer initializes contact with what's called the DHCP (Dynamic Host Configuration Protocol) to automatically assign IP addresses, to deliver TCP/IP stack configuration parameters such as the Subnet Mask and default router, and to provide other configuration information such as the addresses for printer, time and news servers if applicable. Now, if we just tell the DHCP to issue the TCP/IP Settings for an existing Customer ID assigned on the @home workgroup, it will configure the TCP/IP Stack and register the proper IP Address for that customer ID with no problems. Every customer on the network is given a customer ID in case the customer wants to cancel/modify/inquire about his/her account. The cable provider also uses this information to monitor bandwidth usage on your IP address and if necessary to cancel your account. A Customer ID is published in the hostname so they can be recognized very easily. All hostnames are given a location on the @Home Server, which tells the company the physical location of the service. The hostnames run through what's called a Domain Name Server, Gateway, and a Subnet Mask which would take another text file to explain. What we need to do now is to search and find a Customer ID to borrow or steal. I prefer borrow, incase of UN-published security features. You need to know your local IP address for this, so to get that do the following: Click START -> RUN Then type "WINIPCFG" without the quotes. A Dialog box should pop up with all the current network information that DHCP issued to your system by verifying your workgroup and customer ID. If windows says the program WINIPCFG doesn't exist, search your system for WINIPCFG.EXE or Upgrade your operating system version. Look at the part in the WINIPCFG Settings where it says "IP Address". You'll see a 4-section number separated by decimal points, I'll use the IP address 24.143.34.7 as an example. Now copy this number down somewhere, then close the WINIPCFG Program. Now, this is the important part... you need to scan your IP address mask. To explain this it's just scanning every number, up to 255 on the last section of the IP address, (e.g. 24.143.34.*) and if the IP address exists on the network resolve the hostname of that remote computer. I noticed that if you scan a separate IP address mask but under the same network, this security bug won't work, so it can only be a maximum of 244 customer ID's you can get, excluding yours. Scan the IP address mask, and it will show a bunch of hostnames that are in the same IP address mask. So there's a list of resolved hostnames... here's an example hostname on the @home network. Example IP Address: 24.143.34.255 Hostname for Example: cr123456-a.location.province.service.home.com We want to look at the first 10 characters of the hostname, that is the customer ID the cable modem issues, and this is ALL we need to 'borrow' the IP address. So write down the customer ID and go into the NETWORK Properties in CONTROL PANEL. You'll see a Tab called IDENTIFICATION, Click it. This Tab will show your Computer Name, Workgroup, and a Comment. The Computer Name will read your current customer ID and Workgroup. If you don't have your customer ID saved somewhere, I suggest you do that before proceeding. Change your customer ID to one of the Resolved Hostnames you found when scanning the network. In my case, as the example I used "cr123456-a" as one of the resolved hostnames. So, take the ID and replace yours with the one you resolved. Click OK, Restart Your System, System will Reboot, Windows will initialize DCHP looking at the new customer ID and issue the IP address the network has saved in the @home Network Configuration. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3. List of Cable Modem Providers: ------------------------------ Excite@Home AT&T Broadband and Internet Services Bresnan Communications Cablevision Systems Century Communications Charter Communications Cogeco Cable Comcast Cox Communications Garden State Cable Insight Communications InterMedia Partners Jones Intercable Midcontinent Cable Prime Cable Rogers Cablesystems Shaw Communications Suburban Videon CableSystems +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4. Author Information ------------------ This text file was written as an education reference of networks using the cable modem service as of August 19, 1999. It is not to be used in any illegal way or be modified and distributed without the authors permission. You can contact the author on ICQ or by e-mail: NAME: Angel of Death ICQ#: 11036396 E-MAIL: aod6430@phreaker.net (c)1999-2000 Angel of Death (c)1999-2000 Canadian Hackerz Inc.