SlideShare a Scribd company logo

Expo Canitec 2010, Taller Arris

Expo Canitec
Expo Canitec

Previniendo la piratería en las redes DOCSIS

Technology
1 of 38
Download to read offline
Avoiding Piracy in DOCSIS Networks April 29th, 2010 Patricio S. Latini Director, Sales Engineering Caribbean and Latin America
Agenda ▪ DOCSIS Provisioning ▪ Piracy Attacks and Solutions ▪ CPE Related Security
DOCSIS Provisioning
DOCSIS Provisioning ▪ Standards Based - DHCP, ToD, TFTP ▪ Distributed Architecture - DHCP Server has all the customer data - CMTS and CMs just policy enforcers - CMs are untrusted elements
DOCSIS Piracy ▪ Mostly Based on Hacked Firmware of Cablemodems. ▪ Need to be mitigated by a battery of counter measures. - Network Based - CMTS Based - Provisioning System Based
DOCSIS Piracy
DOCSIS Piracy
DOCSIS Piracy Speed Uncapping ▪ Removing the Speed Caps (Limits) by either changing them for higher ones or completely removing them. ▪ Done by changing the legit configuration file used by the Cable Modem with a different one. ▪ Can use a file on a Local PC or in the TFTP servers in the Network.
DOCSIS Piracy Speed Uncapping ▪ Case I – No Shared Secret implemented Worst case, the hacker can create a Config file with any speed limit (or no limit), put it in his PC and instruct the hacked modem to ignore the parameters received by DHCP and download a file from the Local PC.
DOCSIS Provisioning DHCP Process CMTS is a DHCP Relay DHCP Server DHCP Server DHCP Offer DHCP Offer Agent Src: 10.0.0.1 Src: C4:C4:C4:C4:C4:C4 10.0.0.1 Dst: 10.0.0.254 Dst: 00:00:DE:AD:BE:EF TFTP S: 10.0.0.2 TFTP F: silver.bin Cablemodem TFTP Server TFTP Server HFC MAC: 00:00:DE:AD:BE:EF Network 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 Provisioning System
DOCSIS Provisioning Hacked TFTP Process Hacked Cablemodem MAC: 00:00:DE:AD:BE:EF IP: 172.16.0.10 DHCP Server DHCP Server Src: 192.168.100.1 Dst: 192.168.100.10 10.0.0.1 FILE: hacked.bin TFTP Server TFTP Server HFC TFTP - Request TFTP - Response Network 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 Src: 192.168.100.10 Provisioning Dst: 192.168.100.1 FILE: hacked.bin System
DOCSIS Piracy Speed Uncapping ▪ Case II – Shared Secret implemented No Network Security In this case, the hacker cannot create a custom config file because it will fail Shared Secret verification. However it can get valid files with higher speeds from the MSO TFTP Server and put them in their own PC.
DOCSIS Provisioning Hacked TFTP Process Cablemodem MAC: 00:00:DE:AD:BE:EF IP: 172.16.0.10 Src: 10.0.0.2 DHCP Server DHCP Server Dst: 200.0.0.10 FILE: gold.bin 10.0.0.1 TFTP Server TFTP Server HFC Network 10.0.0.2 TF TF PT- P -e R 10.0.0.254 se Rpo qu s 172.16.0.1 Src: 200.0.0.10 ne ToD Server ToD Server e st 200.0.0.1 Dst: 10.0.0.2 CMTS FILE: gold.bin 10.0.0.3 Provisioning System
DOCSIS Provisioning DHCP Process CMTS is a DHCP Relay DHCP Server DHCP Server DHCP Offer DHCP Offer Agent Src: 10.0.0.1 Src: C4:C4:C4:C4:C4:C4 10.0.0.1 Dst: 10.0.0.254 Dst: 00:00:DE:AD:BE:EF TFTP S: 10.0.0.2 TFTP F: silver.bin Cablemodem TFTP Server TFTP Server HFC MAC: 00:00:DE:AD:BE:EF Network 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 Provisioning System
DOCSIS Provisioning Hacked TFTP Process Cablemodem MAC: 00:00:DE:AD:BE:EF IP: 172.16.0.10 DHCP Server DHCP Server Src: 192.168.100.1 Dst: 192.168.100.10 10.0.0.1 FILE: gold.bin TFTP Server TFTP Server HFC TFTP - Request TFTP - Response Network 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 Src: 192.168.100.10 Provisioning Dst: 192.168.100.1 FILE: gold.bin System
DOCSIS Piracy DHCP Broadcast and Unicast ▪ If a modem makes a DHCP discover with the Broadcast flag enabled, the Offer is sent to the Broadcast (ff:ff:ff:ff:ff:ff) in the Downstream. ▪ All the broadcast traffic received by a modem is copied to the ethernet port. ▪ Anybody with a packet sniffer and get Modem MAC Addresses and config file names in the local downstream!!!. ▪ When the modem sends a Discover with the broadcast flag in 0 the Offer will be sent only to the modem MAC Address and will not be copied in other modems ethernet port.
DOCSIS Piracy Speed Uncapping - Protection DOCSIS Provided ▪ Implement Shared Secret MIC! ▪ Use a Strong Secret - 30 Chars+ and Special Characters. ▪ Allow TFTP Files Downloads only from Cablemodem IP Networks (172.16.0.0) and block from CPE network and others (Use Filters in CMTS and routers, not CMs they are untrusted). ▪ Request CM Vendors firmware supporting DHCP requests using Broadcast Flag disabled. CMTS Provided ▪ Implement TFTP Enforce (TFTP Proxy) ▪ Use Dynamic Shared Secret
DOCSIS Piracy Speed Uncapping – TFTP Enforce ▪ During the DHCP Exchange, the CMTS replaces the TFTP Server address and name with its own address and stores that information in a table. ▪ When the modem sends the TFTP File request, the CMTS Proxies it and gets the file from the TFTP Server. ▪ By doing that it ensures that the legit file is downloaded from the proper server.
DOCSIS Provisioning TFTP Enforce - DHCP Process DHCP Server DHCP Server DHCP Offer DHCP Offer Yiaddr:172.16.0.10 Src: 10.0.0.1 10.0.0.1 TFTP S: 172.16.0.1 Dst: 10.0.0.254 TFTP F: silver.bin Yiaddr:172.16.0.10 Cablemodem TFTP Server TFTP Server TFTP S: 10.0.0.2 TFTP F: silver.bin HFC MAC: 00:00:DE:AD:BE:EF Network 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 CMTS TFTP Client Table Provisioning CM TFTP S TFTP File System 172.16.0.11 10.0.0.2 gold.bin 172.16.0.10 10.0.0.2 silver.bin
DOCSIS Provisioning TFTP Enforce - TFTP Process Src: 172.16.0.10 Src: 172.16.0.1 Src: 10.0.0.2 Src: 172.16.0.1 Dst: 172.16.0.1 Dst: 10.0.0.2 Dst: 172.16.0.1 Dst: 172.16.0.10 FILE: silver.bin FILE: silver.bin FILE: silver.bin FILE: silver.bin DHCP Server DHCP Server TFTP - Response TFTP - Request TFTP - Response TFTP - Request 10.0.0.1 Cablemodem TFTP Server TFTP Server HFC MAC: 00:00:DE:AD:BE:EF Network IP: 172.16.0.10 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 CMTS TFTP Client Table Provisioning CM TFTP S TFTP File System 172.16.0.11 10.0.0.2 gold.bin 172.16.0.10 10.0.0.2 silver.bin
DOCSIS Piracy Speed Uncapping – Dynamic Secret ▪ This feature goes one step further than TFTP enforce, the CMTS instead of just doing a proxy of the file, it disassembles the file and recalculates the MIC with a per session shared secret and reassemble the file. ▪ After the modem gets the file and sends the Registration Request, the MICs must match. ▪ This is much more secure as an individual secret is used for each file download.
DOCSIS Provisioning Dynamic Shared Secret Src: 172.16.0.10 Src: 172.16.0.1 Src: 10.0.0.2 Src: 172.16.0.1 Dst: 172.16.0.1 Dst: 10.0.0.2 Dst: 172.16.0.1 Dst: 172.16.0.10 FILE: silver.bin FILE: silver.bin FILE: silver.bin FILE: silver.bin DHCP Server DHCP Server TFTP - Response TFTP - Request TFTP - Response TFTP - Request 10.0.0.1 Cablemodem TFTP Server TFTP Server HFC MAC: 00:00:DE:AD:BE:EF Network IP: 172.16.0.10 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 CMTS TFTP Client Table Provisioning CM TFTP S TFTP File Dynamic MIC System 172.16.0.11 10.0.0.2 gold.bin 0x12dce5f5430 172.16.0.10 10.0.0.2 silver.bin 0x524c45f5879
DOCSIS Provisioning Dynamic Shared Secret Registration ACK Service Flows Classifiers MAC CPE MD5 CMTS MIC= DHCP Server DHCP Server 0x524c45f5879 REG - Response REG - Request 10.0.0.1 Cablemodem TFTP Server TFTP Server HFC MAC: 00:00:DE:AD:BE:EF Network IP: 172.16.0.10 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 CMTS TFTP Client Table Provisioning CM TFTP S TFTP File Dynamic MIC System 00:00:DE:AD:00:00 10.0.0.2 gold.bin 0x12dce5f5430 00:00:DE:AD:BE:EF 10.0.0.2 silver.bin 0x524c45f5879
DOCSIS Piracy Cablemodem MAC Cloning ▪ A Cable Modem identifies to the Network by its MAC Address ▪ Cloning the MAC Address of a Modem allows an un-provisioned modem to get the Service of a provisioned modem. ▪ This is much more dangerous because a Hacker behind a cloned modem can do illegal activities and be untraceable. ▪ Hacked Firmware allows to change the MAC address of a compromised modem to any value
DOCSIS Piracy Cablemodem MAC Cloning ▪ DOCSIS 1.1 Specified BPI Plus as a method to authenticate a Cable Modem ▪ All Modems DOCSIS 1.1 and over, have an embedded certificate that is Signed by the Manufacturer and Cablelabs ▪ When BPI+ is enabled the modem must send the Certificate to the CMTS and it validates the signature with its own database. If it fails the CMTS can deny the service.
DOCSIS Piracy MAC Cloning - Recommendations ▪ BPI+ is enabled in the Configuration File, all the previous protection measures should be implemented in order to ensure that the file is not modified and BPI+ is disabled. ▪ It is recommended to remove all DOCSIS 1.0 modems from the network and only having DOCSIS 1.1 Modems, by doing so all DOCSIS 1.0 Config files can be deleted from the TFTP Server. ▪ Ensure all the modems send the DHCP broadcast flag in 0 in order to ensure that that their offers are not sent on the broadcast.
DOCSIS Piracy MAC Cloning – BPI+ Mandatory ▪ Hacked firmware also supports changing the advertised supported DOCSIS Version in order to cheat the provisioning. ▪ Some CMTSs support BPI+ mandatory, that means that if a modem tries to register without BPI+ is rejected. ▪ All modems and config files need to be DOCSIS 1.1 enabled.
DOCSIS Piracy MAC Cloning – Other Cases ▪ Some modems vendor are vulnerable to full Flash copy (MAC and Certificates) ▪ This Creates a full Clone ▪ High Tech Equipment and physical access is required for that. ▪ BPI+ cannot do much about that. ▪ Some CMTSs support manual deny lists in order to block that modems to pass from Ranging stage. ▪ Your provisioning system could have detection algorithms in order to detect the same MAC coming from different CMTS/Upstream Ports
CPE Related Security
Customer Security CMTS ▪ Packet Filters ▪ Source Verify (Source Address Verification) ▪ DHCP Option 82.1 and 82.2 relaying ▪ Protocol Throttling (DHCP and ARP) DHCP Server ▪ CPE Lease Logging
Customer Security Source Verify ▪ CMTS snoops all CPE DHCP offers and creates a list of CPE MAC/IP and CM Table ▪ When a CPE sends and ARP Request, the CMTS Looks for in the table for an existing entry, if there is not matching entry, the ARP is discarded. ▪ This allows to avoid ARP Poisoning. ▪ Also allows a tight control to be sure that all the IP addresses being used by CPEs were assigned and logged by the DHCP Server.
DOCSIS Provisioning Source Verify Src: 00:11:22:33:44:55 Src: 10.0.0.254 Src: 10.0.0.1 Dst: FF:FF:FF:FF.FF:FF Src: C4:C4:C4:C4:C4:C4 Dst: 10.0.0.1 Dst: 10.0.0.254 Dst: 00:11:22:33:44:55 Giaddr:200.0.0.1 chaddr: 00:11:22:33:44:55 yiaddr: 200.0.0.10 yiaddr: 200.0.0.10 DHCP Server DHCP Server DHCP --Discover DHCP Offer DHCP --Discover DHCP Offer 10.0.0.1 TFTP Server TFTP Server HFC Network 10.0.0.2 Cablemodem 10.0.0.254 172.16.0.1 MAC: 00:00:DE:AD:BE:EF ToD Server ToD Server 200.0.0.1 IP: 172.16.0.10 CMTS 10.0.0.3 CMTS MACDB Client Table Provisioning CPE MAC CPE IP CM MAC System 00:11:22:33:44:55 200.0.0.10 00:00:DE:AD:BE:EF
DOCSIS Provisioning Source Verify Who has : 200.0.0.1 Src: 00:11:22:33:44:55 Src: C4:C4:C4:C4:C4:C4 Dst: 00:00:00:00:00:00 Dst: 00:11:22:33:44:55 tell: 200.0.0.1 DHCP Server DHCP Server ARP REP ARP REQ 10.0.0.1 TFTP Server TFTP Server HFC Network 10.0.0.2 Cablemodem 10.0.0.254 172.16.0.1 MAC: 00:00:DE:AD:BE:EF ToD Server ToD Server 200.0.0.1 IP: 172.16.0.10 CMTS 10.0.0.3 CMTS MACDB Client Table Provisioning CPE MAC CPE IP CM MAC System 00:11:22:33:44:55 200.0.0.10 00:00:DE:AD:BE:EF
Customer Security CMTS Option 82.1 and 82.2 Relay ▪ The CMTS can add to either CM or CPE DHCP Discover packets the option 82. ▪ Option 82.1 specifies the Upstream Port name from where the request came. ▪ Option 82.2 specifies the MAC Address of the Cablemodem from where that Discover came. ▪ For CPEs is Very useful to know to which Cablemodem (MAC) that Device is connected in order to take provisioning actions, or just for keeping a log.
DOCSIS Provisioning Option 82 Relay Src: 00:11:22:33:44:55 Src: 10.0.0.254 Dst: 10.0.0.1 Dst: FF:FF:FF:FF.FF:FF Giaddr: 200.0.0.1 hwaddr: 00:11:22:33:44:55 Opt 82.1:Upstream 1 Opt 82.2 :00:00:DE:AD:BE:EF DHCP Server DHCP Server DHCP - Discover DHCP - Discover 10.0.0.1 TFTP Server TFTP Server HFC Network 10.0.0.2 Cablemodem 10.0.0.254 172.16.0.1 MAC: 00:00:DE:AD:BE:EF ToD Server ToD Server 200.0.0.1 IP: 172.16.0.10 CMTS 10.0.0.3 Provisioning System
Customer Security Protocol Throttling ▪ ARP and DHCP are protocols that are necessary for system operation and cannot be completely filtered. ▪ Hackers can take advantage of that and generate denial of service attacks. ▪ DHCP DoS can overload the DHCP Server. ▪ ARP DoS can saturate the local segment with ARP Traffic. ▪ CMTSs support Protocol Throttling, that means that they allow a certain acceptable amount of traffic of that protocols and drop the rest.
Questions?
Thanks!

Recommended

Image Converter
Image ConverterImage Converter
Image ConverterNavin Kumar
 
Design Like a Pro: Building Mobile-Responsive HMIs in Ignition Perspective
Design Like a Pro: Building Mobile-Responsive HMIs in Ignition PerspectiveDesign Like a Pro: Building Mobile-Responsive HMIs in Ignition Perspective
Design Like a Pro: Building Mobile-Responsive HMIs in Ignition PerspectiveInductive Automation
 
Zigbee technology ppt
Zigbee technology pptZigbee technology ppt
Zigbee technology pptijaranjani
 
Architecture of 5G technology
Architecture of 5G technologyArchitecture of 5G technology
Architecture of 5G technologyThesis Scientist Private Limited
 
voice over internet protocol
voice over internet protocol voice over internet protocol
voice over internet protocol jomin mathew
 
Yii framework
Yii frameworkYii framework
Yii frameworkLeena Roja
 
W-LAN (Wireless Local Area Network)
W-LAN (Wireless Local Area Network)W-LAN (Wireless Local Area Network)
W-LAN (Wireless Local Area Network)Parvesh Taneja
 
Wireless Usb
Wireless UsbWireless Usb
Wireless Usbshibani336
 

Recommended

Image Converter
Image ConverterImage Converter
Image ConverterNavin Kumar
 
Design Like a Pro: Building Mobile-Responsive HMIs in Ignition Perspective
Design Like a Pro: Building Mobile-Responsive HMIs in Ignition PerspectiveDesign Like a Pro: Building Mobile-Responsive HMIs in Ignition Perspective
Design Like a Pro: Building Mobile-Responsive HMIs in Ignition PerspectiveInductive Automation
 
Zigbee technology ppt
Zigbee technology pptZigbee technology ppt
Zigbee technology pptijaranjani
 
Architecture of 5G technology
Architecture of 5G technologyArchitecture of 5G technology
Architecture of 5G technologyThesis Scientist Private Limited
 
voice over internet protocol
voice over internet protocol voice over internet protocol
voice over internet protocol jomin mathew
 
Yii framework
Yii frameworkYii framework
Yii frameworkLeena Roja
 
W-LAN (Wireless Local Area Network)
W-LAN (Wireless Local Area Network)W-LAN (Wireless Local Area Network)
W-LAN (Wireless Local Area Network)Parvesh Taneja
 
Wireless Usb
Wireless UsbWireless Usb
Wireless Usbshibani336
 
3G Technology
3G Technology 3G Technology
3G Technology Arif, Mohammed Nazrul Islam
 
Wireless usb ppt
Wireless usb pptWireless usb ppt
Wireless usb pptrajveer007
 
Presentation On "Wi-Max Technology"
Presentation On "Wi-Max Technology"Presentation On "Wi-Max Technology"
Presentation On "Wi-Max Technology"surabhii007
 
ppt on femtocell
ppt on femtocellppt on femtocell
ppt on femtocellVikram Kumar
 
Case study of wireless networking for small business
Case study of wireless networking for small businessCase study of wireless networking for small business
Case study of wireless networking for small businessKambohwell Publisher Enterprises
 
LPWAN for IoT
LPWAN for IoTLPWAN for IoT
LPWAN for IoTInfiswift Solutions
 
DakNet PPT
DakNet PPTDakNet PPT
DakNet PPTSeminar Links
 
Call Center Features in Grandstream
Call Center Features in GrandstreamCall Center Features in Grandstream
Call Center Features in GrandstreamBilawalKhan33
 
Case study of amazon EC2 by Akash Badone
Case study of amazon EC2 by Akash BadoneCase study of amazon EC2 by Akash Badone
Case study of amazon EC2 by Akash BadoneAkash Badone
 
MIT Project Oxygen - A seminar report
MIT Project Oxygen - A seminar reportMIT Project Oxygen - A seminar report
MIT Project Oxygen - A seminar reportPranav Prakash
 
Rover Technology
Rover TechnologyRover Technology
Rover TechnologyBhumivaghasiya
 
SMART GLOVES FOR.pptx
SMART GLOVES FOR.pptxSMART GLOVES FOR.pptx
SMART GLOVES FOR.pptxSureshPharamasivam
 
Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Mahesh Tibrewal
 
Near rt ric tc
Near rt ric tcNear rt ric tc
Near rt ric tcNickHuang49
 
6 g mobile technology
6 g mobile technology6 g mobile technology
6 g mobile technologyausdisankara group of institutions
 
Lamp technology
Lamp technologyLamp technology
Lamp technologyHarish Sabbani
 
wireless usb ppt
wireless usb pptwireless usb ppt
wireless usb pptChaithanya Adudodla
 
Talking gloves
Talking glovesTalking gloves
Talking glovesatulnitrkl
 
Gifi
GifiGifi
GifiAjmal Khan
 
Wireless USB
Wireless USBWireless USB
Wireless USBEr. Saba karim
 
Data over Coax - The Best Last Mile Access Technology before FTTH
Data over Coax - The Best Last Mile Access Technology before FTTHData over Coax - The Best Last Mile Access Technology before FTTH
Data over Coax - The Best Last Mile Access Technology before FTTHTeleste Corporation
 
Docsis overview
Docsis overviewDocsis overview
Docsis overviewAnderson Huang
 

More Related Content

What's hot

Wireless usb ppt
Wireless usb pptWireless usb ppt
Wireless usb pptrajveer007
 
Presentation On "Wi-Max Technology"
Presentation On "Wi-Max Technology"Presentation On "Wi-Max Technology"
Presentation On "Wi-Max Technology"surabhii007
 
Call Center Features in Grandstream
Call Center Features in GrandstreamCall Center Features in Grandstream
Call Center Features in GrandstreamBilawalKhan33
 
Case study of amazon EC2 by Akash Badone
Case study of amazon EC2 by Akash BadoneCase study of amazon EC2 by Akash Badone
Case study of amazon EC2 by Akash BadoneAkash Badone
 
MIT Project Oxygen - A seminar report
MIT Project Oxygen - A seminar reportMIT Project Oxygen - A seminar report
MIT Project Oxygen - A seminar reportPranav Prakash
 
Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Mahesh Tibrewal
 
Talking gloves
Talking glovesTalking gloves
Talking glovesatulnitrkl
 

What's hot (20)

3G Technology
3G Technology 3G Technology
3G Technology
 
Wireless usb ppt
Wireless usb pptWireless usb ppt
Wireless usb ppt
 
Presentation On "Wi-Max Technology"
Presentation On "Wi-Max Technology"Presentation On "Wi-Max Technology"
Presentation On "Wi-Max Technology"
 
ppt on femtocell
ppt on femtocellppt on femtocell
ppt on femtocell
 
Case study of wireless networking for small business
Case study of wireless networking for small businessCase study of wireless networking for small business
Case study of wireless networking for small business
 
LPWAN for IoT
LPWAN for IoTLPWAN for IoT
LPWAN for IoT
 
DakNet PPT
DakNet PPTDakNet PPT
DakNet PPT
 
Call Center Features in Grandstream
Call Center Features in GrandstreamCall Center Features in Grandstream
Call Center Features in Grandstream
 
Case study of amazon EC2 by Akash Badone
Case study of amazon EC2 by Akash BadoneCase study of amazon EC2 by Akash Badone
Case study of amazon EC2 by Akash Badone
 
MIT Project Oxygen - A seminar report
MIT Project Oxygen - A seminar reportMIT Project Oxygen - A seminar report
MIT Project Oxygen - A seminar report
 
Rover Technology
Rover TechnologyRover Technology
Rover Technology
 
SMART GLOVES FOR.pptx
SMART GLOVES FOR.pptxSMART GLOVES FOR.pptx
SMART GLOVES FOR.pptx
 
Cloud Computing for college presenation project.
Cloud Computing for college presenation project.Cloud Computing for college presenation project.
Cloud Computing for college presenation project.
 
Near rt ric tc
Near rt ric tcNear rt ric tc
Near rt ric tc
 
6 g mobile technology
6 g mobile technology6 g mobile technology
6 g mobile technology
 
Lamp technology
Lamp technologyLamp technology
Lamp technology
 
wireless usb ppt
wireless usb pptwireless usb ppt
wireless usb ppt
 
Talking gloves
Talking glovesTalking gloves
Talking gloves
 
Gifi
GifiGifi
Gifi
 
Wireless USB
Wireless USBWireless USB
Wireless USB
 

Viewers also liked

Data over Coax - The Best Last Mile Access Technology before FTTH
Data over Coax - The Best Last Mile Access Technology before FTTHData over Coax - The Best Last Mile Access Technology before FTTH
Data over Coax - The Best Last Mile Access Technology before FTTHTeleste Corporation
 
Cable Access Developments
Cable Access DevelopmentsCable Access Developments
Cable Access DevelopmentsBenjamin Fu
 
DOCSIS 3.0 Troubleshooting, SCTE Blacksburg, VA
DOCSIS 3.0 Troubleshooting, SCTE Blacksburg, VADOCSIS 3.0 Troubleshooting, SCTE Blacksburg, VA
DOCSIS 3.0 Troubleshooting, SCTE Blacksburg, VAThe Volpe Firm, Inc.
 
DOCSIS 3.0 SCTE Piedmont Chapter January 18th
DOCSIS 3.0 SCTE Piedmont Chapter January 18thDOCSIS 3.0 SCTE Piedmont Chapter January 18th
DOCSIS 3.0 SCTE Piedmont Chapter January 18thThe Volpe Firm, Inc.
 
Internet Access Via Cable Network
Internet Access Via Cable NetworkInternet Access Via Cable Network
Internet Access Via Cable NetworkSonal Patil
 
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1Erik Vloothuis
 

Viewers also liked (7)

Data over Coax - The Best Last Mile Access Technology before FTTH
Data over Coax - The Best Last Mile Access Technology before FTTHData over Coax - The Best Last Mile Access Technology before FTTH
Data over Coax - The Best Last Mile Access Technology before FTTH
 
Docsis overview
Docsis overviewDocsis overview
Docsis overview
 
Cable Access Developments
Cable Access DevelopmentsCable Access Developments
Cable Access Developments
 
DOCSIS 3.0 Troubleshooting, SCTE Blacksburg, VA
DOCSIS 3.0 Troubleshooting, SCTE Blacksburg, VADOCSIS 3.0 Troubleshooting, SCTE Blacksburg, VA
DOCSIS 3.0 Troubleshooting, SCTE Blacksburg, VA
 
DOCSIS 3.0 SCTE Piedmont Chapter January 18th
DOCSIS 3.0 SCTE Piedmont Chapter January 18thDOCSIS 3.0 SCTE Piedmont Chapter January 18th
DOCSIS 3.0 SCTE Piedmont Chapter January 18th
 
Internet Access Via Cable Network
Internet Access Via Cable NetworkInternet Access Via Cable Network
Internet Access Via Cable Network
 
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1A very quick introduction to HFC, DOCSIS 3.0 and 3.1
A very quick introduction to HFC, DOCSIS 3.0 and 3.1
 

Similar to Expo Canitec 2010, Taller Arris

ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsAmazon Web Services
 
ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsAmazon Web Services
 
(NET403) Another Day, Another Billion Packets
(NET403) Another Day, Another Billion Packets(NET403) Another Day, Another Billion Packets
(NET403) Another Day, Another Billion PacketsAmazon Web Services
 
ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsAmazon Web Services
 
Another day, another billion packets - Toronto
Another day, another billion packets - TorontoAnother day, another billion packets - Toronto
Another day, another billion packets - TorontoAmazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
another day, another billion packets
another day, another billion packetsanother day, another billion packets
another day, another billion packetsAmazon Web Services
 
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)Amazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るsamemoon
 
CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るsamemoon
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013Amazon Web Services
 
Ex no1 (1)
Ex no1 (1)Ex no1 (1)
Ex no1 (1)basramya
 
Understanding computer networks
Understanding computer networksUnderstanding computer networks
Understanding computer networksUC San Diego
 
An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)
An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)
An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)jackweirdy
 

Similar to Expo Canitec 2010, Taller Arris (20)

ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion Packets
 
ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion Packets
 
(NET403) Another Day, Another Billion Packets
(NET403) Another Day, Another Billion Packets(NET403) Another Day, Another Billion Packets
(NET403) Another Day, Another Billion Packets
 
ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion Packets
 
Another day, another billion packets - Toronto
Another day, another billion packets - TorontoAnother day, another billion packets - Toronto
Another day, another billion packets - Toronto
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
another day, another billion packets
another day, another billion packetsanother day, another billion packets
another day, another billion packets
 
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫る
 
CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫る
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013
 
Ex no1 (1)
Ex no1 (1)Ex no1 (1)
Ex no1 (1)
 
Understanding computer networks
Understanding computer networksUnderstanding computer networks
Understanding computer networks
 
An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)
An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)
An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)
 
Log
LogLog
Log
 
R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1
 

More from Expo Canitec

Spot de Televisión de Expo Canitec 2011
Spot de Televisión de Expo Canitec 2011Spot de Televisión de Expo Canitec 2011
Spot de Televisión de Expo Canitec 2011Expo Canitec
 
Programa general Expo Canitec 2011
Programa general Expo Canitec 2011Programa general Expo Canitec 2011
Programa general Expo Canitec 2011Expo Canitec
 
Conference Program Expo Canitec 2011
Conference Program Expo Canitec 2011Conference Program Expo Canitec 2011
Conference Program Expo Canitec 2011Expo Canitec
 
Workshops Expo Canitec 2011
Workshops Expo Canitec 2011Workshops Expo Canitec 2011
Workshops Expo Canitec 2011Expo Canitec
 
Programa de conferencias y talleres Expo Canitec 2011
Programa de conferencias y talleres Expo Canitec 2011Programa de conferencias y talleres Expo Canitec 2011
Programa de conferencias y talleres Expo Canitec 2011Expo Canitec
 
Expo Canitec 2011, General Presentation
Expo Canitec 2011, General PresentationExpo Canitec 2011, General Presentation
Expo Canitec 2011, General PresentationExpo Canitec
 
Expo Canitec 2011, Hotel Packages and Social events
Expo Canitec 2011, Hotel Packages and Social eventsExpo Canitec 2011, Hotel Packages and Social events
Expo Canitec 2011, Hotel Packages and Social eventsExpo Canitec
 
Expo Canitec 2011 Hospedaje y eventos, español
Expo Canitec 2011 Hospedaje y eventos, españolExpo Canitec 2011 Hospedaje y eventos, español
Expo Canitec 2011 Hospedaje y eventos, españolExpo Canitec
 
Memoria Presentación Expo Canitec 2011
Memoria Presentación Expo Canitec 2011Memoria Presentación Expo Canitec 2011
Memoria Presentación Expo Canitec 2011Expo Canitec
 
¿Por qué es importante participar en Expo Canitec 2011?
¿Por qué es importante participar en Expo Canitec 2011?¿Por qué es importante participar en Expo Canitec 2011?
¿Por qué es importante participar en Expo Canitec 2011?Expo Canitec
 
Video presentación Expo Canitec 2011
Video presentación Expo Canitec 2011Video presentación Expo Canitec 2011
Video presentación Expo Canitec 2011Expo Canitec
 
Expo Canitec 2011 English
Expo Canitec 2011 EnglishExpo Canitec 2011 English
Expo Canitec 2011 EnglishExpo Canitec
 
Folleto de Ventas Expo Canitec 2011
Folleto de Ventas Expo Canitec 2011Folleto de Ventas Expo Canitec 2011
Folleto de Ventas Expo Canitec 2011Expo Canitec
 
Expo Canitec 2010, ¿Qué obstáculos le impiden a México aprovechar su potencial?
Expo Canitec 2010, ¿Qué obstáculos le impiden a México aprovechar su potencial?Expo Canitec 2010, ¿Qué obstáculos le impiden a México aprovechar su potencial?
Expo Canitec 2010, ¿Qué obstáculos le impiden a México aprovechar su potencial?Expo Canitec
 
Expo Canitec 2010, Algunas razones de nuestro mediocre crecimiento
Expo Canitec 2010, Algunas razones de nuestro mediocre crecimientoExpo Canitec 2010, Algunas razones de nuestro mediocre crecimiento
Expo Canitec 2010, Algunas razones de nuestro mediocre crecimientoExpo Canitec
 
Expo Canitec 2010, Crecimiento Económico, México
Expo Canitec 2010, Crecimiento Económico, MéxicoExpo Canitec 2010, Crecimiento Económico, México
Expo Canitec 2010, Crecimiento Económico, MéxicoExpo Canitec
 
Expo Canitec 2010, Crecimiento competitivo y telecomunicaciones
Expo Canitec 2010, Crecimiento competitivo y telecomunicacionesExpo Canitec 2010, Crecimiento competitivo y telecomunicaciones
Expo Canitec 2010, Crecimiento competitivo y telecomunicacionesExpo Canitec
 
Expo Canitec 2010. Crecimiento económico, sociedad del conocimiento, caso N.L.
Expo Canitec 2010. Crecimiento económico, sociedad del conocimiento, caso N.L.Expo Canitec 2010. Crecimiento económico, sociedad del conocimiento, caso N.L.
Expo Canitec 2010. Crecimiento económico, sociedad del conocimiento, caso N.L.Expo Canitec
 
Expo Canitec 2010, Shift Happens, Cisco
Expo Canitec 2010, Shift Happens, CiscoExpo Canitec 2010, Shift Happens, Cisco
Expo Canitec 2010, Shift Happens, CiscoExpo Canitec
 
Expo Canitec 2010, Desarrollo de las telecomunicaciones, México
Expo Canitec 2010, Desarrollo de las telecomunicaciones, MéxicoExpo Canitec 2010, Desarrollo de las telecomunicaciones, México
Expo Canitec 2010, Desarrollo de las telecomunicaciones, MéxicoExpo Canitec
 

More from Expo Canitec (20)

Spot de Televisión de Expo Canitec 2011
Spot de Televisión de Expo Canitec 2011Spot de Televisión de Expo Canitec 2011
Spot de Televisión de Expo Canitec 2011
 
Programa general Expo Canitec 2011
Programa general Expo Canitec 2011Programa general Expo Canitec 2011
Programa general Expo Canitec 2011
 
Conference Program Expo Canitec 2011
Conference Program Expo Canitec 2011Conference Program Expo Canitec 2011
Conference Program Expo Canitec 2011
 
Workshops Expo Canitec 2011
Workshops Expo Canitec 2011Workshops Expo Canitec 2011
Workshops Expo Canitec 2011
 
Programa de conferencias y talleres Expo Canitec 2011
Programa de conferencias y talleres Expo Canitec 2011Programa de conferencias y talleres Expo Canitec 2011
Programa de conferencias y talleres Expo Canitec 2011
 
Expo Canitec 2011, General Presentation
Expo Canitec 2011, General PresentationExpo Canitec 2011, General Presentation
Expo Canitec 2011, General Presentation
 
Expo Canitec 2011, Hotel Packages and Social events
Expo Canitec 2011, Hotel Packages and Social eventsExpo Canitec 2011, Hotel Packages and Social events
Expo Canitec 2011, Hotel Packages and Social events
 
Expo Canitec 2011 Hospedaje y eventos, español
Expo Canitec 2011 Hospedaje y eventos, españolExpo Canitec 2011 Hospedaje y eventos, español
Expo Canitec 2011 Hospedaje y eventos, español
 
Memoria Presentación Expo Canitec 2011
Memoria Presentación Expo Canitec 2011Memoria Presentación Expo Canitec 2011
Memoria Presentación Expo Canitec 2011
 
¿Por qué es importante participar en Expo Canitec 2011?
¿Por qué es importante participar en Expo Canitec 2011?¿Por qué es importante participar en Expo Canitec 2011?
¿Por qué es importante participar en Expo Canitec 2011?
 
Video presentación Expo Canitec 2011
Video presentación Expo Canitec 2011Video presentación Expo Canitec 2011
Video presentación Expo Canitec 2011
 
Expo Canitec 2011 English
Expo Canitec 2011 EnglishExpo Canitec 2011 English
Expo Canitec 2011 English
 
Folleto de Ventas Expo Canitec 2011
Folleto de Ventas Expo Canitec 2011Folleto de Ventas Expo Canitec 2011
Folleto de Ventas Expo Canitec 2011
 
Expo Canitec 2010, ¿Qué obstáculos le impiden a México aprovechar su potencial?
Expo Canitec 2010, ¿Qué obstáculos le impiden a México aprovechar su potencial?Expo Canitec 2010, ¿Qué obstáculos le impiden a México aprovechar su potencial?
Expo Canitec 2010, ¿Qué obstáculos le impiden a México aprovechar su potencial?
 
Expo Canitec 2010, Algunas razones de nuestro mediocre crecimiento
Expo Canitec 2010, Algunas razones de nuestro mediocre crecimientoExpo Canitec 2010, Algunas razones de nuestro mediocre crecimiento
Expo Canitec 2010, Algunas razones de nuestro mediocre crecimiento
 
Expo Canitec 2010, Crecimiento Económico, México
Expo Canitec 2010, Crecimiento Económico, MéxicoExpo Canitec 2010, Crecimiento Económico, México
Expo Canitec 2010, Crecimiento Económico, México
 
Expo Canitec 2010, Crecimiento competitivo y telecomunicaciones
Expo Canitec 2010, Crecimiento competitivo y telecomunicacionesExpo Canitec 2010, Crecimiento competitivo y telecomunicaciones
Expo Canitec 2010, Crecimiento competitivo y telecomunicaciones
 
Expo Canitec 2010. Crecimiento económico, sociedad del conocimiento, caso N.L.
Expo Canitec 2010. Crecimiento económico, sociedad del conocimiento, caso N.L.Expo Canitec 2010. Crecimiento económico, sociedad del conocimiento, caso N.L.
Expo Canitec 2010. Crecimiento económico, sociedad del conocimiento, caso N.L.
 
Expo Canitec 2010, Shift Happens, Cisco
Expo Canitec 2010, Shift Happens, CiscoExpo Canitec 2010, Shift Happens, Cisco
Expo Canitec 2010, Shift Happens, Cisco
 
Expo Canitec 2010, Desarrollo de las telecomunicaciones, México
Expo Canitec 2010, Desarrollo de las telecomunicaciones, MéxicoExpo Canitec 2010, Desarrollo de las telecomunicaciones, México
Expo Canitec 2010, Desarrollo de las telecomunicaciones, México
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 

Expo Canitec 2010, Taller Arris

  • 1. Avoiding Piracy in DOCSIS Networks April 29th, 2010 Patricio S. Latini Director, Sales Engineering Caribbean and Latin America
  • 2. Agenda ▪ DOCSIS Provisioning ▪ Piracy Attacks and Solutions ▪ CPE Related Security
  • 4. DOCSIS Provisioning ▪ Standards Based - DHCP, ToD, TFTP ▪ Distributed Architecture - DHCP Server has all the customer data - CMTS and CMs just policy enforcers - CMs are untrusted elements
  • 5. DOCSIS Piracy ▪ Mostly Based on Hacked Firmware of Cablemodems. ▪ Need to be mitigated by a battery of counter measures. - Network Based - CMTS Based - Provisioning System Based
  • 8. DOCSIS Piracy Speed Uncapping ▪ Removing the Speed Caps (Limits) by either changing them for higher ones or completely removing them. ▪ Done by changing the legit configuration file used by the Cable Modem with a different one. ▪ Can use a file on a Local PC or in the TFTP servers in the Network.
  • 9. DOCSIS Piracy Speed Uncapping ▪ Case I – No Shared Secret implemented Worst case, the hacker can create a Config file with any speed limit (or no limit), put it in his PC and instruct the hacked modem to ignore the parameters received by DHCP and download a file from the Local PC.
  • 10. DOCSIS Provisioning DHCP Process CMTS is a DHCP Relay DHCP Server DHCP Server DHCP Offer DHCP Offer Agent Src: 10.0.0.1 Src: C4:C4:C4:C4:C4:C4 10.0.0.1 Dst: 10.0.0.254 Dst: 00:00:DE:AD:BE:EF TFTP S: 10.0.0.2 TFTP F: silver.bin Cablemodem TFTP Server TFTP Server HFC MAC: 00:00:DE:AD:BE:EF Network 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 Provisioning System
  • 11. DOCSIS Provisioning Hacked TFTP Process Hacked Cablemodem MAC: 00:00:DE:AD:BE:EF IP: 172.16.0.10 DHCP Server DHCP Server Src: 192.168.100.1 Dst: 192.168.100.10 10.0.0.1 FILE: hacked.bin TFTP Server TFTP Server HFC TFTP - Request TFTP - Response Network 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 Src: 192.168.100.10 Provisioning Dst: 192.168.100.1 FILE: hacked.bin System
  • 12. DOCSIS Piracy Speed Uncapping ▪ Case II – Shared Secret implemented No Network Security In this case, the hacker cannot create a custom config file because it will fail Shared Secret verification. However it can get valid files with higher speeds from the MSO TFTP Server and put them in their own PC.
  • 13. DOCSIS Provisioning Hacked TFTP Process Cablemodem MAC: 00:00:DE:AD:BE:EF IP: 172.16.0.10 Src: 10.0.0.2 DHCP Server DHCP Server Dst: 200.0.0.10 FILE: gold.bin 10.0.0.1 TFTP Server TFTP Server HFC Network 10.0.0.2 TF TF PT- P -e R 10.0.0.254 se Rpo qu s 172.16.0.1 Src: 200.0.0.10 ne ToD Server ToD Server e st 200.0.0.1 Dst: 10.0.0.2 CMTS FILE: gold.bin 10.0.0.3 Provisioning System
  • 14. DOCSIS Provisioning DHCP Process CMTS is a DHCP Relay DHCP Server DHCP Server DHCP Offer DHCP Offer Agent Src: 10.0.0.1 Src: C4:C4:C4:C4:C4:C4 10.0.0.1 Dst: 10.0.0.254 Dst: 00:00:DE:AD:BE:EF TFTP S: 10.0.0.2 TFTP F: silver.bin Cablemodem TFTP Server TFTP Server HFC MAC: 00:00:DE:AD:BE:EF Network 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 Provisioning System
  • 15. DOCSIS Provisioning Hacked TFTP Process Cablemodem MAC: 00:00:DE:AD:BE:EF IP: 172.16.0.10 DHCP Server DHCP Server Src: 192.168.100.1 Dst: 192.168.100.10 10.0.0.1 FILE: gold.bin TFTP Server TFTP Server HFC TFTP - Request TFTP - Response Network 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 Src: 192.168.100.10 Provisioning Dst: 192.168.100.1 FILE: gold.bin System
  • 16. DOCSIS Piracy DHCP Broadcast and Unicast ▪ If a modem makes a DHCP discover with the Broadcast flag enabled, the Offer is sent to the Broadcast (ff:ff:ff:ff:ff:ff) in the Downstream. ▪ All the broadcast traffic received by a modem is copied to the ethernet port. ▪ Anybody with a packet sniffer and get Modem MAC Addresses and config file names in the local downstream!!!. ▪ When the modem sends a Discover with the broadcast flag in 0 the Offer will be sent only to the modem MAC Address and will not be copied in other modems ethernet port.
  • 17. DOCSIS Piracy Speed Uncapping - Protection DOCSIS Provided ▪ Implement Shared Secret MIC! ▪ Use a Strong Secret - 30 Chars+ and Special Characters. ▪ Allow TFTP Files Downloads only from Cablemodem IP Networks (172.16.0.0) and block from CPE network and others (Use Filters in CMTS and routers, not CMs they are untrusted). ▪ Request CM Vendors firmware supporting DHCP requests using Broadcast Flag disabled. CMTS Provided ▪ Implement TFTP Enforce (TFTP Proxy) ▪ Use Dynamic Shared Secret
  • 18. DOCSIS Piracy Speed Uncapping – TFTP Enforce ▪ During the DHCP Exchange, the CMTS replaces the TFTP Server address and name with its own address and stores that information in a table. ▪ When the modem sends the TFTP File request, the CMTS Proxies it and gets the file from the TFTP Server. ▪ By doing that it ensures that the legit file is downloaded from the proper server.
  • 19. DOCSIS Provisioning TFTP Enforce - DHCP Process DHCP Server DHCP Server DHCP Offer DHCP Offer Yiaddr:172.16.0.10 Src: 10.0.0.1 10.0.0.1 TFTP S: 172.16.0.1 Dst: 10.0.0.254 TFTP F: silver.bin Yiaddr:172.16.0.10 Cablemodem TFTP Server TFTP Server TFTP S: 10.0.0.2 TFTP F: silver.bin HFC MAC: 00:00:DE:AD:BE:EF Network 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 CMTS TFTP Client Table Provisioning CM TFTP S TFTP File System 172.16.0.11 10.0.0.2 gold.bin 172.16.0.10 10.0.0.2 silver.bin
  • 20. DOCSIS Provisioning TFTP Enforce - TFTP Process Src: 172.16.0.10 Src: 172.16.0.1 Src: 10.0.0.2 Src: 172.16.0.1 Dst: 172.16.0.1 Dst: 10.0.0.2 Dst: 172.16.0.1 Dst: 172.16.0.10 FILE: silver.bin FILE: silver.bin FILE: silver.bin FILE: silver.bin DHCP Server DHCP Server TFTP - Response TFTP - Request TFTP - Response TFTP - Request 10.0.0.1 Cablemodem TFTP Server TFTP Server HFC MAC: 00:00:DE:AD:BE:EF Network IP: 172.16.0.10 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 CMTS TFTP Client Table Provisioning CM TFTP S TFTP File System 172.16.0.11 10.0.0.2 gold.bin 172.16.0.10 10.0.0.2 silver.bin
  • 21. DOCSIS Piracy Speed Uncapping – Dynamic Secret ▪ This feature goes one step further than TFTP enforce, the CMTS instead of just doing a proxy of the file, it disassembles the file and recalculates the MIC with a per session shared secret and reassemble the file. ▪ After the modem gets the file and sends the Registration Request, the MICs must match. ▪ This is much more secure as an individual secret is used for each file download.
  • 22. DOCSIS Provisioning Dynamic Shared Secret Src: 172.16.0.10 Src: 172.16.0.1 Src: 10.0.0.2 Src: 172.16.0.1 Dst: 172.16.0.1 Dst: 10.0.0.2 Dst: 172.16.0.1 Dst: 172.16.0.10 FILE: silver.bin FILE: silver.bin FILE: silver.bin FILE: silver.bin DHCP Server DHCP Server TFTP - Response TFTP - Request TFTP - Response TFTP - Request 10.0.0.1 Cablemodem TFTP Server TFTP Server HFC MAC: 00:00:DE:AD:BE:EF Network IP: 172.16.0.10 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 CMTS TFTP Client Table Provisioning CM TFTP S TFTP File Dynamic MIC System 172.16.0.11 10.0.0.2 gold.bin 0x12dce5f5430 172.16.0.10 10.0.0.2 silver.bin 0x524c45f5879
  • 23. DOCSIS Provisioning Dynamic Shared Secret Registration ACK Service Flows Classifiers MAC CPE MD5 CMTS MIC= DHCP Server DHCP Server 0x524c45f5879 REG - Response REG - Request 10.0.0.1 Cablemodem TFTP Server TFTP Server HFC MAC: 00:00:DE:AD:BE:EF Network IP: 172.16.0.10 10.0.0.2 10.0.0.254 172.16.0.1 ToD Server ToD Server CMTS 10.0.0.3 CMTS TFTP Client Table Provisioning CM TFTP S TFTP File Dynamic MIC System 00:00:DE:AD:00:00 10.0.0.2 gold.bin 0x12dce5f5430 00:00:DE:AD:BE:EF 10.0.0.2 silver.bin 0x524c45f5879
  • 24. DOCSIS Piracy Cablemodem MAC Cloning ▪ A Cable Modem identifies to the Network by its MAC Address ▪ Cloning the MAC Address of a Modem allows an un-provisioned modem to get the Service of a provisioned modem. ▪ This is much more dangerous because a Hacker behind a cloned modem can do illegal activities and be untraceable. ▪ Hacked Firmware allows to change the MAC address of a compromised modem to any value
  • 25. DOCSIS Piracy Cablemodem MAC Cloning ▪ DOCSIS 1.1 Specified BPI Plus as a method to authenticate a Cable Modem ▪ All Modems DOCSIS 1.1 and over, have an embedded certificate that is Signed by the Manufacturer and Cablelabs ▪ When BPI+ is enabled the modem must send the Certificate to the CMTS and it validates the signature with its own database. If it fails the CMTS can deny the service.
  • 26. DOCSIS Piracy MAC Cloning - Recommendations ▪ BPI+ is enabled in the Configuration File, all the previous protection measures should be implemented in order to ensure that the file is not modified and BPI+ is disabled. ▪ It is recommended to remove all DOCSIS 1.0 modems from the network and only having DOCSIS 1.1 Modems, by doing so all DOCSIS 1.0 Config files can be deleted from the TFTP Server. ▪ Ensure all the modems send the DHCP broadcast flag in 0 in order to ensure that that their offers are not sent on the broadcast.
  • 27. DOCSIS Piracy MAC Cloning – BPI+ Mandatory ▪ Hacked firmware also supports changing the advertised supported DOCSIS Version in order to cheat the provisioning. ▪ Some CMTSs support BPI+ mandatory, that means that if a modem tries to register without BPI+ is rejected. ▪ All modems and config files need to be DOCSIS 1.1 enabled.
  • 28. DOCSIS Piracy MAC Cloning – Other Cases ▪ Some modems vendor are vulnerable to full Flash copy (MAC and Certificates) ▪ This Creates a full Clone ▪ High Tech Equipment and physical access is required for that. ▪ BPI+ cannot do much about that. ▪ Some CMTSs support manual deny lists in order to block that modems to pass from Ranging stage. ▪ Your provisioning system could have detection algorithms in order to detect the same MAC coming from different CMTS/Upstream Ports
  • 30. Customer Security CMTS ▪ Packet Filters ▪ Source Verify (Source Address Verification) ▪ DHCP Option 82.1 and 82.2 relaying ▪ Protocol Throttling (DHCP and ARP) DHCP Server ▪ CPE Lease Logging
  • 31. Customer Security Source Verify ▪ CMTS snoops all CPE DHCP offers and creates a list of CPE MAC/IP and CM Table ▪ When a CPE sends and ARP Request, the CMTS Looks for in the table for an existing entry, if there is not matching entry, the ARP is discarded. ▪ This allows to avoid ARP Poisoning. ▪ Also allows a tight control to be sure that all the IP addresses being used by CPEs were assigned and logged by the DHCP Server.
  • 32. DOCSIS Provisioning Source Verify Src: 00:11:22:33:44:55 Src: 10.0.0.254 Src: 10.0.0.1 Dst: FF:FF:FF:FF.FF:FF Src: C4:C4:C4:C4:C4:C4 Dst: 10.0.0.1 Dst: 10.0.0.254 Dst: 00:11:22:33:44:55 Giaddr:200.0.0.1 chaddr: 00:11:22:33:44:55 yiaddr: 200.0.0.10 yiaddr: 200.0.0.10 DHCP Server DHCP Server DHCP --Discover DHCP Offer DHCP --Discover DHCP Offer 10.0.0.1 TFTP Server TFTP Server HFC Network 10.0.0.2 Cablemodem 10.0.0.254 172.16.0.1 MAC: 00:00:DE:AD:BE:EF ToD Server ToD Server 200.0.0.1 IP: 172.16.0.10 CMTS 10.0.0.3 CMTS MACDB Client Table Provisioning CPE MAC CPE IP CM MAC System 00:11:22:33:44:55 200.0.0.10 00:00:DE:AD:BE:EF
  • 33. DOCSIS Provisioning Source Verify Who has : 200.0.0.1 Src: 00:11:22:33:44:55 Src: C4:C4:C4:C4:C4:C4 Dst: 00:00:00:00:00:00 Dst: 00:11:22:33:44:55 tell: 200.0.0.1 DHCP Server DHCP Server ARP REP ARP REQ 10.0.0.1 TFTP Server TFTP Server HFC Network 10.0.0.2 Cablemodem 10.0.0.254 172.16.0.1 MAC: 00:00:DE:AD:BE:EF ToD Server ToD Server 200.0.0.1 IP: 172.16.0.10 CMTS 10.0.0.3 CMTS MACDB Client Table Provisioning CPE MAC CPE IP CM MAC System 00:11:22:33:44:55 200.0.0.10 00:00:DE:AD:BE:EF
  • 34. Customer Security CMTS Option 82.1 and 82.2 Relay ▪ The CMTS can add to either CM or CPE DHCP Discover packets the option 82. ▪ Option 82.1 specifies the Upstream Port name from where the request came. ▪ Option 82.2 specifies the MAC Address of the Cablemodem from where that Discover came. ▪ For CPEs is Very useful to know to which Cablemodem (MAC) that Device is connected in order to take provisioning actions, or just for keeping a log.
  • 35. DOCSIS Provisioning Option 82 Relay Src: 00:11:22:33:44:55 Src: 10.0.0.254 Dst: 10.0.0.1 Dst: FF:FF:FF:FF.FF:FF Giaddr: 200.0.0.1 hwaddr: 00:11:22:33:44:55 Opt 82.1:Upstream 1 Opt 82.2 :00:00:DE:AD:BE:EF DHCP Server DHCP Server DHCP - Discover DHCP - Discover 10.0.0.1 TFTP Server TFTP Server HFC Network 10.0.0.2 Cablemodem 10.0.0.254 172.16.0.1 MAC: 00:00:DE:AD:BE:EF ToD Server ToD Server 200.0.0.1 IP: 172.16.0.10 CMTS 10.0.0.3 Provisioning System
  • 36. Customer Security Protocol Throttling ▪ ARP and DHCP are protocols that are necessary for system operation and cannot be completely filtered. ▪ Hackers can take advantage of that and generate denial of service attacks. ▪ DHCP DoS can overload the DHCP Server. ▪ ARP DoS can saturate the local segment with ARP Traffic. ▪ CMTSs support Protocol Throttling, that means that they allow a certain acceptable amount of traffic of that protocols and drop the rest.