Any Charter HFC engineers on the list? I've been hitting my head on the wall with first tier support that involves the Ubee DDW365 cable modem Charter deploys that reboots when IP space sitting behind the cable modem is port scanned on port 161 (snmp). This all started when my original cable modem (SMC) was swapped out with the Ubee and I noticed the Internet would randomly go out during the day for about a minute or two and tracked it down to the Ubee modem rebooting throughout the day (lights flashing on the modem indicating boot up). A tech came out and swapped it with another Ubee, and the same issue, random reboots. After researching this issue, I found a post from April 2016 ( http://www.dslreports.com/forum/r30695574-Remote-triggered-modem-reboot) by someone posting about port scanning through the Ubee cable modem and the port scan causing the Ubee to reboot when it hit port 161. Apparently this person wasn't able to get through to Charter tech support about the problem either and gave up. After reading this post, I was able to confirm my Ubee was susceptible to this bug and would reboot by simply telneting to IP space on port 161 behind the modem. I figured my random reboots were related to random people port scanning my IP space throughout the day. I called support to let them know and got them to bump it up to their manager, who then referred it to a "technical specialist" that ended up blocking port 161 on my cable modem. That fixed the problem with the random reboots and my connection is now stable! However support seems to think blocking the port on my modem is a long term fix :( They don't seem to understand that the long term fix should be escalating this up the chain so an appropriate engineer can work with Ubee to get the firmware fixed in the modem or the tens of thousands (or millions?) of other Charter customers with this modem currently suffering through unstable Internet. And what's to stop someone from continuously port scanning all of the Charter IP space and essentially DOSing those customers with this Ubee modem? I'd appreciate if someone from Charter would contact me off list please, I have zero confidence this is actually going to get fixed the right way for myself or at all for all the other Charter customers with the Ubee modem deployed. Thanks ...
On Aug 25, 2016, at 1:39 AM, Gabriel Kuri <gkuri@ieee.org> wrote:
I'd appreciate if someone from Charter would contact me off list please, I have zero confidence this is actually going to get fixed the right way for myself or at all for all the other Charter customers with the Ubee modem deployed.
Have hope, I suspect someone will respond. (Can you send me your IP address off-list, I’d like to check against the OpenSNMPProject dataset as well). I’ve seen something similar with the Netgear device that Comcast Business deploys. It followed device swaps but I think it’s related to internal traffic vs external and have not yet chased down what triggers it. - jared
Hi Gabriel, I¹m going to contact you off-list regarding this one. Ed On 8/25/16, 1:39 AM, "NANOG on behalf of Gabriel Kuri" <nanog-bounces+edwin.mallette=charter.com@nanog.org on behalf of gkuri@ieee.org> wrote:
Any Charter HFC engineers on the list? I've been hitting my head on the wall with first tier support that involves the Ubee DDW365 cable modem Charter deploys that reboots when IP space sitting behind the cable modem is port scanned on port 161 (snmp).
This all started when my original cable modem (SMC) was swapped out with the Ubee and I noticed the Internet would randomly go out during the day for about a minute or two and tracked it down to the Ubee modem rebooting throughout the day (lights flashing on the modem indicating boot up). A tech came out and swapped it with another Ubee, and the same issue, random reboots. After researching this issue, I found a post from April 2016 ( http://www.dslreports.com/forum/r30695574-Remote-triggered-modem-reboot) by someone posting about port scanning through the Ubee cable modem and the port scan causing the Ubee to reboot when it hit port 161. Apparently this person wasn't able to get through to Charter tech support about the problem either and gave up. After reading this post, I was able to confirm my Ubee was susceptible to this bug and would reboot by simply telneting to IP space on port 161 behind the modem. I figured my random reboots were related to random people port scanning my IP space throughout the day. I called support to let them know and got them to bump it up to their manager, who then referred it to a "technical specialist" that ended up blocking port 161 on my cable modem.
That fixed the problem with the random reboots and my connection is now stable! However support seems to think blocking the port on my modem is a long term fix :(
They don't seem to understand that the long term fix should be escalating this up the chain so an appropriate engineer can work with Ubee to get the firmware fixed in the modem or the tens of thousands (or millions?) of other Charter customers with this modem currently suffering through unstable Internet. And what's to stop someone from continuously port scanning all of the Charter IP space and essentially DOSing those customers with this Ubee modem?
I'd appreciate if someone from Charter would contact me off list please, I have zero confidence this is actually going to get fixed the right way for myself or at all for all the other Charter customers with the Ubee modem deployed.
Thanks ...
I was able to confirm my Ubee was susceptible to this bug and would reboot by simply telneting to IP space on port 161 behind the modem. I figured my random reboots were related to random people port scanning my IP space throughout the day. I called support to let them know and got them to bump it up to their manager, who then referred it to a "technical specialist" that ended up blocking port 161 on my cable modem. Not to be unhelpful, but SNMP is a UDP protocol, you can't "telnet" to
On 08/24/2016 10:39 PM, Gabriel Kuri wrote: port 161 and be talking to the snmp deamon on the device because it's not listening for that. If you do get a connection, there's really something wrong.... -- Mike Ireton WillitsOnline LLC
Mike, SNMPv3 uses TCP. Also, I never said I had a daemon listening on port 161, the cable modem would simply reboot if it saw a TCP SYN packet destined to port 161 to IP address space sitting behind my cable modem. FYI - Charter engineers responded to me indicating it's a known bug with this Ubee modem and Ubee is working on a new revision of firmware to fix the bug. On Fri, Aug 26, 2016 at 11:11 AM, Mike <mike-nanog@tiedyenetworks.com> wrote:
On 08/24/2016 10:39 PM, Gabriel Kuri wrote:
I was able to confirm my Ubee was susceptible to this bug and would reboot by simply telneting to IP space on port 161 behind the modem. I figured my random reboots were related to random people port scanning my IP space throughout the day. I called support to let them know and got them to bump it up to their manager, who then referred it to a "technical specialist" that ended up blocking port 161 on my cable modem.
Not to be unhelpful, but SNMP is a UDP protocol, you can't "telnet" to port 161 and be talking to the snmp deamon on the device because it's not listening for that. If you do get a connection, there's really something wrong....
-- Mike Ireton WillitsOnline LLC
On 08/26/2016 02:27 PM, Gabriel Kuri wrote:
SNMPv3 uses TCP.
FWIW, TCP is one of many possible transports for SNMPv3. UDP is by far the commonest in my experience, though.
FYI - Charter engineers responded to me indicating it's a known bug with this Ubee modem and Ubee is working on a new revision of firmware to fix the bug.
Ouch. I'll have to check whether the Ubee unit on my Comcast Business connection is similarly affected. SNMP-related bugs are a dime a dozen, but this one sounds really awful. -jeff
participants (5)
-
Gabriel Kuri -
Jared Mauch -
Jeff Gehlbach -
Mallette, Edwin J -
Mike