MoCA security concerns

[Nonprofit]

Hi everyone,

I've been running a MoCA installation in my new house for a few weeks now. It has been working great.

But I am having trouble convincing myself that this is a secure setup.

I'm using a pretty standard 2 adapter residential configuration. As illustrated in the simple diagram seen here: http://cdn4.thetechjournal.net/wp-c...-mcab1001-moca-coaxethernet-adapter-kit-2.jpg

I'm using the actiontec adapters, which were the only ones I could find for sale, and they do not seem to have an admin portal or anything where I would turn on encryption, etc.

I guess I am wondering what is keeping my internal traffic from shooting back out over the neighborhood coax network at large?

 

[thiggins]

Like HomePlug, encryption is enabled by default in MoCA. But a default key is probably used.

I wouldn't worry too much about the signal getting out to the neighborhood. The distribution amp on the pole is going to block it.

 

[Nonprofit]

Thanks for the reply. I have two questions though...

First, I just found this document: http://support.actiontec.com/doc_files/ECB2500_Configuration_Guide_v1.1_NCS.pdf

Which states:

Privacy Mode controls whether or not the ECB2500 will encrypt packets on the coaxial interface. The user can either enable or disable (default setting) Privacy Mode.

That seems to imply encryption is off by default.

Second, in regards to the distribution amp... I am able to see my neighbor's computers and printers when I connect directly to my cable modem without a router. So that traffic (SMB?) is clearly getting past the pole. Would my MoCA traffic be any different?

 

[sinshiva]

never heard of that happening before lol. glad i switched to dsl. your moca traffic would only be encrypted lan-side. everthing leaving the cable modem would be 'normal'

 

[Nonprofit]

Yeah, I doubt my situation is the norm. I live in a fairly remote area and the cable network is local... it is not maintained by a larger company. We are not talking about Comcast or Road Runner here. It was locally built, and is locally managed - so may not utilize some of the modern technologies or best practices when it comes to typical cable ISPs

 

[stevech]

Many homes have a bi-directional amplifier on the cable that enters the premises. This would block MoCA frequencies from going back out to cableCo's splitter that feeds, typically, 6 residences.

 

[wayner]

I have 8 cable drops supplied by the cable company in my house and they come about by two cable drops from the street - one on the east side and one on the west side. I have MoCA NIM-100 adapters and they don't work if I try to have one on the east side and one on the west side. That would hopefully mean that there isn't much security risk but your mileage may vary.

 

[shrike4242]

Drop a privacy/POE filter between the cable feed into the house and the distribution amplifier:

https://www.tivo.com/shop/detail/moca-poe (not the only place to purchase one)

http://www.tivo.com/my-account/how-to/what-moca#securemoca

A "Point of Entry" filter is used in a MoCA (Multimedia over Coax) network to:
* Keep MoCA signals isolated in your home so that your network will not be visible to your neighbors
* Prevent signal conflict if someone else has a MoCA-enabled network near your home
* Improve the performance of a MoCA home network

A MoCA POE filter is installed at the cable point of entry to your home. For use with a MoCA-enabled TiVo DVR.

 

[stevech]

with encryption on in MoCA, I wouldn't worry about where the RF goes.

 

[truoc]

Thanks for the reply. I have two questions though...

First, I just found this document: http://support.actiontec.com/doc_files/ECB2500_Configuration_Guide_v1.1_NCS.pdf

Which states:

That seems to imply encryption is off by default.

Second, in regards to the distribution amp... I am able to see my neighbor's computers and printers when I connect directly to my cable modem without a router. So that traffic (SMB?) is clearly getting past the pole. Would my MoCA traffic be any different?

This got me wondering about my MOCA setup, so I followed the instructions for my Actiontec ECB2500C to check encryption status and sure enough it wasn't turned on. Guess I should have checked that a long time ago.