So what is uncapping cable modems?
Uncapping cable modems refers to activities performed to alter a DOCSIS cable modems settings. Plain and simple someone is messing with the cable modem’s configuration file to get what they want. So what do they want? Greater bandwidth (the need for speed), wanting more than one public IP, or any other configurable options a DOCSIS modem can offer. Maybe they just want to prove they can do it and or feel they are getting the shaft from their cable provider. Really the psychology of people is not something that can be covered in this post. The fact is that people do uncap their cable modems.
What lead to the capping of cable modems by cable operators? Unfortunately users fail to consider why the caps are on the system to begin with. Remember the days of the web hog? (There were a series of funny commercials that came out in the early 2000’s by Pacific Bell that comically demonstrate the Web Hog). Caps make it easier for cable operators to distribute bandwidth among its users. It prevents individuals from running enormous bandwidth-hogging Web servers and other applications on their cable modems. In addition, cable operators have to distribute bandwidth among all its customers. Caps are in place for all types of modems, whether it is DOCSIS, DSL or PON.
Uncapping is considered illegal and/or unethical, as is as theft of service, and many operators check modem configuration files daily to detect uncapped modems. Uncappers that are caught usually have their accounts terminated and/or are prosecuted for theft of service. At any rate uncapping usually is a violation of the Terms of Service agreement that the subscriber has with the service provider.
So how do you uncap a cable modem? I’m not in the business of educating people on how to do this. It is possible and the information is readily available on numerous web sites. I recommend not to do it but the reality is that the information is out there and it is possible although it has become more difficult with the advent of counter measures offered to cable operators such as BPI+ and Early Authentication Encryption provided in DOCSIS 3.0. It suffices to say that uncapping typically occurs during the cable modem registration process. Even when cable operators employ BPI+ there are often critical steps that are left out which leave the network open to uncapping.
What to do about uncapped modems in your network? You must address it. It’s a security risk and a capacity issue. You’re paying subscribers don’t care how much capacity you have if they aren’t benefiting from it because someone else is stealing the bandwidth. As an example, there are a number of sites where un-cappers brag about having multiple (5-8) cable modems running simultaneously so that they can maximize their file sharing content. These are not people who you want to be your neighbor if you are sharing cable modem bandwidth. So what to do? Some of the solutions involves turning BPI+ on and enabling it along with other security features in the CMTS. Next there are logs in the CMTS, such as flap-lists, etc. to help spot potential unauthorized or heavy usage modems, but typically you need a system for monitoring this that is tied into a database. Ideally a good provisioning system coupled with a fraud detection module will enable you to detect the offenders. Your next step will likely be to notify the offender and/or block the MAC address of their cable modem. Ideally the offender will comply. In some circumstances, a chronic offender may just change the MAC address on the cable modem and continue on. But that is a topic for another post.
Hello! Just curious, how does the flap-list help to identify unauthorized modems? I know its helpful for trouble shooting connectivity problems. Or maybe I’m just
Hi Scott,
You will just see duplicate MAC addresses, which is why I suggested you will need an external dB. The flap-list just flags the duplicates.
-Brady
Hi Brady,
What would you recommend for protection against uncapping? We’re currently leveraging dynamic config files and a system that compares IPDR data to our provisioning database. Is there a simpler/better solution out there?
Hi Ryan,
Thanks for your question. It appears from your description that you already have some good tools in place. In regards to prevention, your question requires that I would actually need to look at your specific network. Unfortunately, I cannot just provide a generic response. If you would like me to look at your network, feel free to get in touch.
-Brady