In my case after wading through hours of frustration of trying to get AT&T/Comcast cable to bend to my will I ended up with installing a Cisco CPE and an old pentium running xBSD for a firewall. It doesn't help the shared line scenario, but its a start.
-Karsten On Friday 23 May 2003 05:37 am, John S. Denker wrote: # Hi -- # # 1) In a cable-modem system, the layer-1 signal to/from # your cable is physically present in your neighbors' homes. # # 2) To defend against the obvious privacy problems this # implies, the standards provide for Baseline Privacy (BPI) # which encrypts the signals. # # So you're safe, right? # # 3) Evidence suggests that most cable-modem customers in # the US are not protected. Many service providers have # Baseline Privacy turned off. Defeated. Disabled. # Skipped. No privacy. # # The evidence for this comes from # -- directly examining the configuration of a few modems # -- talking to The Cable Guy # -- noting that when certain small providers do implement # BPI, they brag about it and claim this gives them an # advantage over the "established" providers. # http://gemnets.com/c5_technical.html#question5 # # 4) From this it appears that in most cases, all that # protects your privacy is security-by-obscurity. # # And if you want an upper bound on how much obscurity # there is, note that there is a vibrant community of # cable-modem firmware hackers: # http://www.cablemodemhack.com/ # # # 5) It's interesting to think what customers ought to # do about this, short-term and/or long-term. # -- Obviously end-to-end security is needed. But it is # not always feasible at present. I would connect to google # via SSL if I could, but google doesn't implement https. # And that would still leave me open to traffic analysis. # -- Link-by-link security is never a substitute for # overall security, but you need some link-by-link security # just to cut down on traffic analysis and DoS attacks, # including ARP poisoning and the like. # # One idea that comes to mind is to use IPsec to secure the # connections to an onion routing system. Or mist / crowd / # whatever. # # Comments? Suggestions? # # # --------------------------------------------------------------------- # The Cryptography Mailing List # Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] # # --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
