[nycbug-talk] Proof that road runner sucks?

Andy Kosela andy.kosela at gmail.com
Sun Dec 23 12:38:52 EST 2007 

On Dec 23, 2007 3:00 PM, michael <lists at genoverly.net> wrote:
> On Sat, 22 Dec 2007 18:19:26 -0500
> Max Gribov <max at neuropunks.org> wrote:
>
> > So my cable connection is really slow. Calling Road Runner is
> > pointless, because ive already turned off and on my cable modem.
> > So i decided to tcpdump on the wire directly from cable modem to my
> > laptop. Heres some interesting tcpdump..
> >
> [snip]
> >
> > we can see arp requests by rr.com router for someone called
> > cpe-68-174-122-163.nyc.res.rr.com. OK i can understand that, even if
> > it makes those requests several times a second making my connection
> > crap. What i dont understand is how mindspring.com got there.
> > Obviously, im lacking knowledge of cable networks to comprehend
> > something this crazy. And more to the point of why rr sucks:
> >
> [snip]
> >
> > look at the times of those arps. Now consider the fact that their
> > network is doing this all the time, at least today - dozens of arp
> > requests per second.
> >
> > I guess besides complaining about paying for crappy service, can
> > anyone shed light on why would i see so much arp traffic, and why
> > would there be mindspring arp traffic?..
> >
> > Just venting, really.. happy holidays!
>
>
> I noticed the same thing here, when I first got my hookup.  There was
> a lot of mindspring and earthlink arp traffic.  I just did a quick dump
> this morning (I dumped with -n to prevent dns traffic) and found around
> 1000 arp requests in 60 seconds.  A little grep, awk, and sort shows
> that it is concentrated to only a few sources.
>
> I also found (well, google found) that we are not the first ones to
> notice and it is not specific to our geography.

Using cable modem means you share a network with all other
subscribers. In concept it's very similar to LAN network - that's why
you see all those ARP's.
Cable modems are transmitting Ethernet broadcast packets to every
subscriber on the neighborhood - this is definetly a big security
risk. In LAN's
the way to prevent those type of broadcast flooding is to employ
VLAN's logically separating traffic.

The ARP problem will be solved by the next-generation cable modems
that implement the DOCSIS 1.1 protocol. Instead of broadcasting ARP
packets over the entire cable segment, DOCSIS 1.1 makes sure that each
customer will only see the ARP messages intended for his or her
machine. As an added protection, DOCSIS 1.1 is also capable of
encrypting all information sent over the cable itself, with a separate
encryption key for each customer. This security measure prevents an
attacker from splicing their own cable modem into the backbone, the
way that some people used to hook up unauthorized cable decoders to
get free cable TV service.

--
Andy Kosela
Protect Ya Neck Records / Wu-Tang Management
www.protect-ya-neck.com

More information about the talk mailing list