I knew I should have learned more about Cable when I was at Cisco (although I vaguely remember trolling EDCS for one of my projects so the CMTS acronym sounds familiar) but my 2nd attempt at using Cable provider is coming to an end, anyway. After 10 months of nearly blip-free service (not bad for $29.95 a month) with RCN, things have gone to hell in the last week. God I miss Speakeasy, but a year after swearing never to give another dime to AT&T/SBC, signed up for AT&T Yahoo DSL and even bought one of their little gateways so I don't have to muck with PPPoE (I hope) over the weekend just in case. I don't look forward to dealing with AT&T but what can you do? Maybe two shitty $29.95 Internet Services are better than a single decent $55/month service. And we'll actually have a land line for a change.
Although working as first line support for a consumer Internet provider (even if you are offshore) must suck, it was a surreal experience dealing with them for 3 hours last night, but I did learn a little bit about these mysterious cable modems
Toshiba Cable Modem Diagnostics Page
CM Info: MODEL PCX2500 ; HW_REV 9.2.3 ; SW_REV 1.0.14
MAC Address 00-00-39-xx-xx-xx SerialNO. 3316470xxx Version Capability D1.0
sysUptime:0d:00h:02m:15s CMTS MAC Address:00-30-B8-C6-EB-90
Last CmStatus - prior reset:
Received: -13.1 dBmV Transmitted: 45.1 dBmV
Received SNR: 28.0 dB
Downstream: 735.000 MHz Upstream: 33.000 MHz
User Set Parameter:
Polling Time: No Polling
So besides the high packet loss, on all my devices (2 routers and 2 different laptops) I kept getting leases for 192.168.100.2 (the tech support folks said it must be a configuration error on my end) which reminded me AirLink Cellular Modems we used in the SCADA Honeynet, where the modem itself has a DHCP server which temporarily assigns you a private address before forwarding your DHCP requests and then turning into bridge mode (or whatever) and then your interface finally gets a public address. So I unplugged the coax and sure enough I got a private address (192.168.100.1 was the router) did a quick TCP scan and found the web server up (see the display above) Didn't bother with UDP, would probably find TFTP and some other stuff. Of course one of the bizarre things was that at some point during all my troubleshooting I saw the 172.30.88.1 (the tech said this was also the Cable modem) attempting to ping a 208.x.x.x address. But I saw that on the Ethernet side? Something clearly must not have been well on the modem. And try as I could, I ended up hanging up, because there was obviously going to be no resolution.