Citat:
Uporabnik ducttape pravi:
Ravno RF je največji problem. Za downstream se uporablja enak physical layer kakor za dvb-c ... vse kar rabiš je primerno podprt dvb-c tuner, ki stane manj kot 100 EUR, in sniffas promet celi soseski!
Ne vem kako da to nobenega ne skrbi.
Doscis 3.0 rešuje tudi problem RF snifanja.
Citat iz Wikipedia:
The intent of the BPI/SEC specifications is to describe MAC layer security services for DOCSIS CMTS to cable modem communications. BPI/SEC security goals are twofold:
provide cable modem users with data privacy across the cable network
provide cable service operators with service protection; i.e., prevent unauthorized modems and users from gaining access to the network’s RF MAC services
BPI/SEC is intended to prevent cable users from listening to each other. It does this by encrypting data flows between the CMTS and the cable modem. BPI & BPI+ utilize 56-bit DES encryption, while SEC adds support for 128-bit AES. All versions provide for periodic key refreshes (at a period configured by the network operator) in order to increase the level of protection.
BPI/SEC is intended to allow cable service operators to refuse service to uncertified cable modems and unauthorized users. BPI+ strengthened service protection by adding digital certificate based authentication to its key exchange protocol, using a public key infrastructure (PKI), based on digital certificate authorities (CAs) of the certification testers, currently Excentis (formerly known as tComLabs) for EuroDOCSIS and CableLabs for DOCSIS. The relationship of the cable modem to the user is often done by means of manually adding the cable modem's MAC address to a customer's account with the cable service operator,[9][10] who would then allow network access to a cable modem which can attest to that MAC address using a valid certificate issued via the PKI. The earlier BPI specification (ANSI/SCTE 22-2) had limited service protection because the underlying key management protocol did not authenticate the user's cable modem.
Security in the DOCSIS network is vastly improved when only business critical communications are permitted, and end user communication to the network infrastructure is denied. Successful attacks often occur when the CMTS is configured for backwards compatibility with early pre-standard DOCSIS 1.1 modems. These modems were "software upgradeable in the field", but did not include valid DOCSIS or EuroDOCSIS root certificates.