What's new

cable modem security question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

128bit

Regular Contributor
can spectrum "see" my lan devices, nas files, etc when these devices are directly connected to a cable modem with wireless router capabilities?

in this case, it's my own modem, a tp-link archer cr700, but i know that they can configure it and apply firmware updates. i just want to understand how much is viewable to them even though my configuration is password protected.

i currently, run an ax86u to which most of my devices are connected behind that cable modem (double nat) but was wondering just how secure the cable modem is from any tech at spectrum with prying eyes.
 
If it's there equipment chances are if they wanted to they could see all your traffic. After all it's there network your just renting the use of it.
 
can spectrum "see" my lan devices, nas files, etc when these devices are directly connected to a cable modem with wireless router capabilities?

in this case, it's my own modem, a tp-link archer cr700, but i know that they can configure it and apply firmware updates. i just want to understand how much is viewable to them even though my configuration is password protected.

Carrier supplied RG's can see and do report attached devices via either DOCSIS or TR069 (TR069 is common for DSL, DOCSIS is cable) - even for consumer owned gear - and they have privileged access above/beyond what the customer does...

In the case of a consumer owned router, the broadband endpoint can report that a router is attached, but does not have visibility behind the router if NAT/Firewall is running (which it is by default on most consumer routers).

The cable modem password - that's for your benefit - used to be that CM's were not password protected, esp for Moto/Arris/Pace Surfboards, where there was a way to send a "reboot" command to the modem via cross site scripting vulnerability, I forget the CVE number - this was common in the gaming community to knock competitors offline without having to resort to things like DDNS attacks.
 
Carrier supplied RG's can see and do report attached devices via either DOCSIS or TR069 (TR069 is common for DSL, DOCSIS is cable) - even for consumer owned gear - and they have privileged access above/beyond what the customer does...

In the case of a consumer owned router, the broadband endpoint can report that a router is attached, but does not have visibility behind the router if NAT/Firewall is running (which it is by default on most consumer routers).

The cable modem password - that's for your benefit - used to be that CM's were not password protected, esp for Moto/Arris/Pace Surfboards, where there was a way to send a "reboot" command to the modem via cross site scripting vulnerability, I forget the CVE number - this was common in the gaming community to knock competitors offline without having to resort to things like DDNS attacks.
i am FLOORED! so sad. i pay for their service and i purchased the cm only for them to "snoop" without my express permission. ok, i'll stop whining and stay the current course.

yes, i do run the ac86u with nat/fwall enabled, but the rj-45 from the cm is currently plugged into the wan port of the ac86u. if i plugged the rj-45 into one of its lan ports, would any ac86u connected devices become "visible" to spectrum? is there a method to make a device that's behind a double nat internet accessible??

many thanks for such a detailed explanation. super helpful!
 
if i plugged the rj-45 into one of its lan ports, would any ac86u connected devices become "visible" to spectrum? is there a method to make a device that's behind a double nat internet accessible??

If you plug the RG lan port into the router LAN port, it's like to cause a lot of other issues - anything from DHCP conflict to an ARP storm...

In other words don't do it - it's not as bad as typing google into the google search bar (which will implode the universe), but it's not good...
 
Having worked for a few cable providers in the past you really don't have much to worry about as they don't have the time to be snooping around nor do they care. Less customer contact is the goal. It costs then money to talk to you and the phone techs are to busy to give AF about your stuff. The CM is just a bridge anyway that doesn't do routing unless you get one that does and their management subnet wouldn't go past the router fw anyway.
 
Having worked for a few cable providers in the past you really don't have much to worry about as they don't have the time to be snooping around nor do they care. Less customer contact is the goal. It costs then money to talk to you and the phone techs are to busy to give AF about your stuff. The CM is just a bridge anyway that doesn't do routing unless you get one that does and their management subnet wouldn't go past the router fw anyway.
well, according to sfx2000, they do have capability. i gather that they may be too busy, but i'd rather not take that chance.

i was going to ask if placing the cm in bridge mode stops their view into my lan?
 
Last edited:
i was going to ask if placing the cm in bridge mode stops their view into my lan?

You have your router in double NAT and all they can see is one client on your LAN - your router. Don't worry about it.
 
You have your router in double NAT and all they can see is one client on your LAN - your router. Don't worry about it.
yep, i understand that. wanted the nvr accessible from outside but i can live without it.
 
You can have the NVR accessible from outside, no problem.
. . . i'm all ears, uhh eyes, if u would. it's reolink. have several cams but would like to "see" the nvr when i'm away from home.
 
See what it needs, port open or something, may not need anything. Or set a VPN server and look at your cameras like you are on your local network. Browser, app... whatever it uses. What's your concern? I have one noname in use and no one hacked it for like 5 years, since installed.
 
See what it needs, port open or something, may not need anything. Or set a VPN server and look at your cameras like you are on your local network. Browser, app... whatever it uses. What's your concern? I have one noname in use and no one hacked it for like 5 years, since installed.
i like the vpn suggestion as i already use nord on the router as opposed to their app. after setting it up with merlinware's vpn director, i have better insight with tunneling. i'll play with it again now knowing that it has been done.
 
I was talking about VPN Server, not VPN Client. Your "nord" is unrelated. You create a VPN Server and connect to it with your mobile VPN Client.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top