Re: Cable Modem [really responsible engineering]
On Mon, 25 Jun 2001 18:27:50 -0700 Ted Lemon wrote:
I think we are in violent agreement. I don't like the IP->MAC->Customer mapping, it is forgeable, but it is the only one I know we have available. I agree with you that it is not the only possible mapping. If you can point me to a better existing mechanism, I would be greatful.
If you are a cable modem or DSL provider, you may be able to use the relay agent information option to get a unique ID from the cable modem. This should uniquely identify the customer, and has the virtue that you may have sold the customer the box, and thus may already know its ID. Cable modem and DSL systems that support this functionality can apparently be set up so that it's quite difficult to spoof the modem identification.
Ted; That works for the cable/dsl/wireless modem. As always, there are some unstated assumptions that come with the particular engineering sub-niche. The unstated assumption here is that the problem is not the modems, but the devices beyond the modem, the devices that the customer actually uses: PCs, routers, ip-aware toasters, web cams, etc. These are the devices that tend to cause the most problems. They have an enormous range of different manufacturers. Customers, those pesky folk, tend to add/modify/delete them constantly. Also, if the cable/dsl/wireless modem is a router, life becomes much simpler as one can just gather the necessary information via tracing. However, I am not sure requiring modems to be routers is a good thing... Let me stress in passing, it is very important that public (non-RFC 1918) IPv4 addresses not be wasted on cable/wireless/dsl modems. There is no reason for these modems to be reachable from the outside world (in an IPoE environment) and reachability is actually dangerous. If you waste public IP addresses on these devices, eventually ARIN will step on your head.
Now, in this case and also in the case of tracking the customer's MAC address, you are still really tracking access at a customer premise level, not at a user level, and so this couldn't be used as a reliable way of identifying an individual user, but it *could* be used as a way of figuring out who to contact to get more information.
Exactly. It isn't an optimal solution. However, Caller-Id and username/password have the same drawbacks. In fact, I once was an expert witness on the question of whether username/password was sufficient proof beyond a reasonable doubt. regards, fletcher
[ On Tuesday, June 26, 2001 at 10:43:03 (-0400), Fletcher E Kittredge wrote: ]
Subject: Re: Cable Modem [really responsible engineering]
Let me stress in passing, it is very important that public (non-RFC 1918) IPv4 addresses not be wasted on cable/wireless/dsl modems. There is no reason for these modems to be reachable from the outside world (in an IPoE environment) and reachability is actually dangerous. If you waste public IP addresses on these devices, eventually ARIN will step on your head.
Indeed. In fact most of the cable and DSL modems I've seen seem to be so poorly implemented that giving the world access to them is far worse than just shooting yourself in the foot. Some even unconditionally allow SNMP sets from the customer premises interface, which is bad enough. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <woods@robohack.ca> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
participants (2)
-
Fletcher E Kittredge
-
woods@weird.com