Cover Story
Besides its speed, people are drawn to broadband Internet by ubiquitous advertising campaigns and the standard fare of media coverage. You would think that, at the very least, the consumer media would report correctly on the technical merits and flaws of the various broadband access methods. After all, they've had a few years to separate fact from fiction. However, three myths regarding cable modem services have stood the test of time and are reinforced regularly by the popular press.
The first myth: "Cable is a shared technology, so more subscribers equals a slower service," is probably the least serious of the three. In fact, the word "myth" may be too strong a word, given some of data segment overloading I've seen in the past. My own problem with this oft-quoted statement is that I find it to be very misleading and know it to be a source of significant confusion for many.
This misconception would have everyone believe that, no matter what, the speed of a cable service will degrade during times when more subscribers are online. It does not take into account how much upstream spectrum is available, how it's modulated, or how many users are ultimately sharing it. It doesn't even take into account who the MSO is, which is the key to what kind of service is ultimately delivered. Some operators are very diligent when it comes to splitting data segments to accommodate new subscribers and some are not. A few providers feel that an 80 to 90 millisecond round trip latency from a subscriber to their respective RDC (regional data center), is acceptable. Others wouldn't even dream of it. Just to put things into perspective, a dialup modem yields around 100 to 110 milliseconds of round trip latency to their provider's data center.
All I know is that there are many people out there who experience no notable internal slowdowns during prime time hours. Other components of the infrastructure, notably the backbone, public and private backbone interconnects, segment-to-RDC fiber feeds, segment gateways, and RDC servers are generally much more likely to give way before any segment overloading sets in.
With respect to the whole issue on the shared nature of broadband cable services, one fact often overlooked is that DSL can be shared locally, just like cable. It depends entirely on the implementation. For instance, line cards placed at the central office that don't contain dedicated switch ports function just like glorified data segments where all of the bandwidth on those line cards is shared between each of the connected subscribers. I've heard claims from CLECs and ILECs that their DSL services are always dedicated and never shared. While I don't doubt that this is true in many cases, it has proved untrue in others.
The second myth: "Dynamic IP addresses provide superior security and privacy for subscribers, as opposed to static addresses," has to be the most outrageous. It is also the newest, born maybe 18 months ago. The fact is that dynamic IP addresses provide very little -- if anything at all -- in the way of added subscriber privacy or security. What's worse is that dynamic IP addresses have actually become a selling point for some broadband services.
Dynamic addresses, as the name suggests, change every time a subscriber reboots their computer. The "always-on" nature of broadband services -- the media warns -- makes one more susceptible to a malicious hacking attack than a dialup modem would. While this statement carries a hint of truth, the sheer amount of fear mongering accompanying such statements is downright ludicrous.
Only computers that run clearly unsecured services, or contain Trojan horse servers can possibly be compromised by the vast majority of malicious hackers out there. And if a computer contains a Trojan horse server, it is only a matter of when it becomes compromised. The type of addressing scheme used is completely irrelevant, since not just one, but entire blocks of IPs are being scanned in the first place.
Other than Trojan horse servers, the most vulnerable point on a Windows-based machine is through its file sharing ports. That's why it is so important that the MSO set up their cable modems to block these ports by default. Most subscribers won't have file sharing enabled in the first place, but due to the severity of this vulnerability, these ports must be blocked unless the subscriber explicitly requests otherwise.
It's important to keep in mind that the majority of malicious hackers are under 20 years old, inexperienced, and use third party scanning software to facilitate their attempted intrusions. They usually aren't looking for credit card numbers, bank balances, or any damning personal information. They are simply interested in causing some mischief. The problem is, regardless of how inexperienced most of them are, if a machine is clearly vulnerable, it has a very good chance of being compromised. No dynamic IP address will help the victim.
The final myth: "Due to the shared nature of cable, a neighborhood hacker can access one's e-mail, web browsing destinations and file transfer data," is, in my mind, a total fabrication spread by people who don't understand either coaxial or bridged Ethernet architectures. That's not to say that this can't be done; my assertion is that it is nearly impossible for any one individual to accomplish such a feat. Corporations and governments who possess the necessary resources can do it, but individuals will have a very hard time.
In order for this compromise to be successful, either the cable modem itself would have to be hacked into and have its settings altered, or a similar device would have to be built with its own, customized parameters.
Hacking into a cable modem nowadays is extremely difficult, if not impossible. Very specific information is needed in order to do this and if it can't be determined, there is no chance of spoofing any of it in order to gain access the device. Plus, if one tried to gain access to a cable modem on their own (i.e. without the presence of a cable modem termination system, reverse path node, headend cable modem, etc.), that equipment would have to be emulated by the individual in order for them to get anywhere. Not an easy task when that equipment costs tens of thousands of dollars.
Constructing a cable modem with customizable parameters is even more difficult. It would have to be compatible with the MSO's modulation schemes, physical layer signaling mechanism, medium access scheme and tune in to the proper channels, not to mention support the same framing formats.
In short, a single person who would be able to compromise the traffic of everyone else on their segment would be a highly skilled hacker, have years of electrical engineering experience and possess a great knowledge about datacom, specifically regarding cable infrastructure. They would also have enough money to burn so that they could experiment with a number of the devices they wanted to compromise and/or build one for their self.
This is a far cry from a story in the May 2000 issue of PC World, which stated, "The cable system's shared-wire design means that packets of data traveling from your PC are available to your neighbors' PCs on their way to the open Internet. As a result, a computer-savvy neighbor has access to your e-mail address, to URLs of the sites you're visiting, and maybe even to data you're sending or receiving. You can get around the problem by encrypting your data, or you can ignore it and simply trust your neighbors not to pry into your data packets as they float by. Meanwhile, many cable companies are working to plug this security hole, but so far implementation is inconsistent."
The above quotation is wrong. However, this is not the only time I've read something like this. The most disturbing thing of all is that the media are infinitely more concerned about this non-issue, than how easily normal voice communications can be tapped by people with very limited knowledge and experience in the field of telecommunications. By the way, DSL is about as difficult to compromise as cable is.
MSOs would do best to dispel these cable myths, or suffer the long term consequences. Such misconceptions are often taken to be the truth, so a definite public relations problem exists. Although the internet over cable has been rife with problems at times, there is no excuse anymore for the repetitive proliferation of these blatant technical inaccuracies.
C
Christopher Weisdorf is the president and technical director of the Rogers @Home Users Association (RHUA) www.rbua.org.