Can my college tell if I have a router?

[Fallen Angel]

Falling Angel, no modem could tell crap about my network.

That's where you are misinformed. As I stated previously, every modem has a cache file called md5. Even if you were to manipulate it, it still shows your broadband connector ip addresses, mac id's from routers, router names etc ..
Don't be foolish and think you can hide your router by masking mac id's. It doesn't work. Every mac id NOT supplied by the modem is cached on that file. You may like to think you aqre being anonymous or masking your id, the truth of the matter is, every ISP has the lookup tool for their own modems with that mac id, and can see external devices from that.
Don't beleive me? Go get a job for one and tell me differently.

 

[Obtruse_Man4]

Fallen Angel - I've only just starting reading about NAT and DNS and TCP/IP and crap, but isn't that the whole point of a router? External pc's can't see PC's on an internal network? I mean isn't that the routers job? How could the modem be pulling that info?

I have encountered MAC address caching, but that's just for the router that is connecting to the modem. As far as the modem is concerned, there's only one IP connecting to it.

 

[Fallen Angel]

Keep in mind your router also has a mac address. For it to be able to connect out to the internet, the modem has to cache that mac id, hence md5. This file contains all secondary information attached to it, be it a router, dual nics, ip ranges etc.

That information specifically for the router has to be cached, else the modem will not push the signal through the router, and you will not connect. It is true there is only one ip assigned to the modem, but going static/dynamic from a router also shows up on an isp's tools when they pull up a diagnostic on your modem.

For example, when someone phones in to me, says they cannot connect, I run a hit to the modem via the mac id. When I get the return, it shows me several things: power levels (dx, tx, rx etc) and it also shows me forms of connection, such as a router, enet or usb.

The router is there to re-assign the information from the modem, but that's about it. You can assign an ip, use proxies, mask your router mac id, you name it. It still shows up on our side. Without that information to us, it is impossible to troubleshoot issues such as no connectivity, line drop, filter issues, drop issues, bad drivers etc.

I don't have the ability to see pc's on a network, but I do have the ability to see all the different connectors. Say Joe Smith has a cable modem and a linksys router with 4 pc's. When I plug in the mac id on the modem, I get to see certain things.
First thing that comes up is the router mac. Usually labelled as cpe - linksys or dlink or whichever the case may be. From that point, it lists any connectors, such as enet cards, wireless cards/usb adapters or usb connections and the assigned/issued ip range. All 4 pc's connection types show up with ip ranges attached.

To give you a better idea of what I see, when I head back to work on Sunday, I will take you a screenshot of the lookup tool as it pertains to what we are talking about.

 

[urf]

Fallen Angel - If you could do that screenshot it would be a pretty big insight for us - or me atleast.

I've watched all traffic going between my router and the WAN side, including when the modem pulls it's config file when I power cycle it. From memory, theres hell of a lot of data, but the only thing exposed on the WAN side to my mind IS the MAC address.

As I understand it, its the first section of the MAC address that identifies it to a particular vendor and considering the router can "borrow" or spoof any MAC address on the LAN for use on the WAN side I can't see how you diagnostic tools would be able to Identify it as a router.

Admitedly, low level analysis could narrow the gap and identify the traffic coming through the router based on things like default window size and the way the device behaves when presented certain types of traffic...but to be honest all of the things that fingerprint a device can be altered as they are put over the wire...

But as I say, I would love to be proved wrong and I enjoy having my eyes opened when I think I'm entirely safe, so to speak.

Let us know!!

 

[DJ-CHRIS]

That's where you are misinformed. As I stated previously, every modem has a cache file called md5. Even if you were to manipulate it, it still shows your broadband connector ip addresses, mac id's from routers, router names etc ..
Don't be foolish and think you can hide your router by masking mac id's. It doesn't work. Every mac id NOT supplied by the modem is cached on that file. You may like to think you aqre being anonymous or masking your id, the truth of the matter is, every ISP has the lookup tool for their own modems with that mac id, and can see external devices from that.
Don't beleive me? Go get a job for one and tell me differently.

Well I am going to research this, nothing has been able to pickup any info at all in this manner. Since alot of my family also works in the DSL sector, very high up I can give this a shot.

Well, i guess they could tell by the open telnet and http and ftp ports on my router, since those broadcast infomation about being a cisco router.

 

[Fallen Angel]

Here's a link to the screenshot of what I see when I use the modem lookup tool. The account here is mine, with appropriate data blacked out of course. With my router config'd to not be seen, it still shows ..

And Chris, we don't see by telnet or http, we see just by what your modem caches. Nobody can block that info, unless of course, you edit your own md5, which without the proper tool to do so, is impossible.

 

[urf]

Looks like a pretty kewl tool

So what's the other identifying info other than MAC/IP address information? (Obviously can't see whats on the other tabs)

 

[DJ-CHRIS]

Why can anyone not abuse that tool, it would give hackers such an edge.

Anyways, the only way I can see it working is reading data off packets.

 

[Fallen Angel]

Looks like a pretty kewl tool

So what's the other identifying info other than MAC/IP address information? (Obviously can't see whats on the other tabs)

Quarantine shows me how many times the account has been locked down for abuse of various varities: antivirus activity, spam, exceeding bandwidth limits, non payment etc ..

UDI History shows me a report of any tech who runs tests/reports across the modem. Sort of an unofficial history into the problems a particular modem may have.

Ping & Trace is used for checking latency/packet loss to the hardware involved, ie modem, router, nic, usd adapters.

Raw message is everything I need to know about the modem, packet loss, account info, line/filter/drop conflicts, bandwidth levels, power levels, cpe ranges, code violations, access attempts, latency issues through the modem itself, port information .. you name it, it's in there.

Why can anyone not abuse that tool, it would give hackers such an edge.

Anyways, the only way I can see it working is reading data off packets.

Well, the UDI History shows all activity on the modem by local techs. So if you were to mess around, the tool records it. And if a customer calls in to complain, and the security team sees what you've been doing ... Pretty much you're out of a job.

You would be lucky if being unemployed is all that happens. We have strict guidelines and security measures on our systems, so if a tech misbehaves, it's usually nailed within a couple of days and either you get escourted out, or worse.
I've been here for 4+ years, and I have only seen one person dismissed for abusing the tools.

Our crew here is tight, nobody here abuses what we are given. Why would you? For the pay and benefits, it's not worth the risk.

 

[DJ-CHRIS]

But someone could find the way you are entering the modem, and use it for their own purposes. They do not need to be an employee.

I consider what your doing with modem's a large scale security risk and would not purchase time warner cable for the above reason.