Has Spectrum removed our access to our owned cable modems?

Schorschi

Has Spectrum removed our access to our owned cable modems? I own my cable modem, I had until very recently, access to the cable modem diagnostics web page, .i.e. 192.168.100.1. I rely on this information to find issues, given I am a 30 year IT professional. I my case, I actually know what the information means and how it can be used. Please don't tell me you removed this access, it makes it much harder to find issues with internet ISP connectivity. I own my modem, thus removing my access to it, is not good.

Tyleen_Z

Hello,

This feature was not removed as we do not have access to customer owned modems to remove this access.

If you are unable to access the modem that you own you would need to contact the modem manufacturer.

-Tyleen

karlbeckman

I believe that Tyleen's comment is incorrect and incomplete.. As a network operator, Spectrum is required by the FCC to be able to disconnect malfunctioning devices that may be causing interference to other customers as well as 911 phone services. Further, network customers are NOT permitted to change the system modem password in an owned modem device to block Spectrum technical personnel from performing their FCC-mandated network maintenance duties.

However, you are asking about 192.168.100.1, the local LAN address of the router, which a completely different device.. Customers who purchase their own ROUTERS are allowed (and STRONGLY advised by Spectrum) to change the router's LAN access password immediately during installation. This you should always do, even if Spectrum provides the cable data modem.. Since you are a long time networking professional, you know well the difference between modem and router, and between LAN vs WAN addresses.

JGwinner

Agreed, Karl - I'm assuming it's just terminology confusion. At one time I did have the cable modem password on another system at work, and that page eventually was locked out, but it's been a while and my memories may be rusty.

In any event, I HAVE seen 192.168.X.X. addresses on the modem - not router - when Spectrum is having an outage. It's quite odd. Normally both the router and modem are 172.112.x.x numbers. So, maybe the OP is talking about the modem, not the router. I would imagine he knows his IP scheme and the difference.

heh. Now I want to factory reset the Aris and see what's up on it.

== John ==

Randy_S

@karlbeckman you are right about having to block any equipment or issues causing noise feedback on the line that could interfere with 911 services and other customer's services. But we do that with "traps" that block the signal on the line to the service address until a tech can come out to determine where the noise is coming from and fix it. The person who traps the line is also supposed to leave a note (usually a door hanger) letting the customer know and what next steps are being taken. We truly do not cut off access from a customer to their own third party equipment and do not have direct access to change its settings.

Randy

Schorschi

Everyone, I have an automated process that captures the cable modem 'state' and logs to a database.. Why? Because I am a 30 year IT enterprise engineer, retired, and I always want to know what and how devices on my network are acting. In the past, cable modems provided by Spectrum have been secured such that you could not always get to the 192.168.100.1 internal diagnostic web pages, but private, owned modems this was available. I recently got a new modem, and initially I could not access to diagnostics on the new device, so I wondered if this access was removed by Spectrum, say by a compatible but custom firmware download to the device by spectrum. Since my original question posted, determined why I could not access the diagnostics pages, and in fact I do have access as expected. There was some google entries that provided a confusing perception of how or when spectrum limits access to such diagnostic information.

As to access to the device via change of id and password, enterprise guidelines I would suggest doing the following steps below. Every organization I have worked for has implemented a comparable strategy, the following is an de-facto industry minimum standard for device access.

1) Change the default password of the default administrative user. This is because every default user access id is published in documentation, such as documented factory reset values for same.

2) Create a new administrative user that only the device owner knows, to a very strong value, complex alphanumeric and symbols if possible, of sufficient length, say 16, or even 32 or more if supported. In enterprise systems there are even more controls around this step, but I digress.

3) Set the password of this new administrative user to a very strong value, complex alphanumeric and symbols if possible, of sufficient length, say 16, or even 32 characters or more if supported.

4) Then disable the original administrator user. Do NOT delete this original user id. You leave it in place so that any attacks to this id can be monitored, tracked, as opposed to deleting it, which on some consumer devices... the device just reports a bad user id warning to the bad actor. Some devices will report a wrong password error as well, which is unfortunate, this should not be done, by default. The best response is to return no warnings or errors at all to the request of access, just deny access. Telling a bad actor anything, under the rationale of being user friendly is not a good practice.

5 Then create a non-administrative user, with a strong password as noted above, that has only limited view or function to the device, say reporting or read-only feature limits. No write or change permissions.

6) Establish a schedule for the (factory) default administrator id, as well as administrative id created in step 2 and non-administrative password in step 5, to change the respective passwords, every 90 days or less if possible is better.

7) For devices that support such, set the user and password retry attempt count to the lowest number that can be accepted at an operational level. For example, if you are an authorized user, you should never need 5 attempts to access a system, 3 at most, before given user id is locked, for example.

Only use the read-only, view only user for monitoring and device status reporting.

Of course, not all consumer level devices support the above, but the more steps you can implement above, for a given device, the better. Seriously consider using only devices that support better (enterprise) security features, such as those itemized above.

AnClar

I'm also a retired IT guy...I've earned numerous industry certs over the years, from CNE to CISSP, to CCNP. I've designed and built 50,000 node networks, as well as fiber rings for corporate clients. Not saying this to brag...just to indicate that I think I have more knowledge about IT than many other folks.

Many times over the years, I've been able to point cable techs in the right direction when I've had issues with my Internet service. The main reason I'm able to do that is because I've been able to see my line stats and logs. Whether it's upstream signal issues, or out of balance channels at the head end, being able to see those numbers and stats helps.

So recently, I did a service change. Spectrum decided that because of that I needed a new modem to replace the Technicolor TC4400 that I'd had when they first offered gig service in my market, years ago, and which was still working fine. I was able to access the UI for the TC4400 and able to use the built in spectrum analyzer. They sent me as replacement a Technicolor ET2251 EMTA. That modem has just two status lights to show, "Power" and "Internet". Those idiot lights tell me pretty much nothing about what's going on with the plant, or my signals. This, and the fact that Spectrum seems to find it necessary to lock users completely out of the modem made me go out and purchase a Netgear CM2000. It's on the Spectrum approved list for D3.1 modems, it has a 2.5Gb LAN port, and, best of all, I can see my logs and stats once again. That and the fact that the CM2000 has a full complement of status lights.

I can attest that Spectrum is not locking down customer-owned modems...at least they haven't touched mine..