Cox Cable / Static IP / New Router

Michael Butash michael at butash.net
Fri Aug 31 16:42:18 MST 2012


It's mostly that ARIN requires justification for ipv4 addresses now more 
than ever.  When cox, or anyone, asks for more ipv4 addresses, they want 
literal records of utilization, unique ownership per customer (usually 
something obfuscated, no pii), and must meet at least 90% utilization. 
Probably worse now that there are literally no more to give.

When customers use more than one, there had better be a good reason. 
Usually people need more than one because they never heard of a 
router/firewall, and have hosts connected direct (insta-infection!). 
I've run very large offices with interface nat/pat out a single ip, it's 
not a problem usually, so long as your total session count is less than 
64512 (65536-1024) at a time.  Limit your torrent sessions locally if 
you must use bt.

Customers will ask for a /24 just to say they have one, and as long as 
providers got paid in the past, they would swip/rent them.  That is no 
longer the case, as sales of ipv4 addresses in large blocks fetch 10's 
of millions of dollars now.  IPv4 has run it's course, and is now a rare 
commodity.  There will be a point eventually cox will insist you take 
and use ipv6, or pay for ipv4.

They won't dump you for it, they just won't allow you to by the cable 
modem config push with cpe_host=1 allowing only a single mac.  Much like 
port security features in enterprise switching to limit mitm/arp attacks.

Old first-gen lan city cable modems circa 1998 prior to docsis were 
great for sniffing your neighbors' traffic with arp injection, mac 
spoofing, and probing their file shares, because they had no protection. 
  Docsis changed that, and these are features the networks use to 
prevent abuse, including address waste.

-mb


On 08/31/2012 01:51 PM, Derek Trotter wrote:
> On 8/31/2012 12:21, Matt Graham wrote:
>> From: Derek Trotter <expat.arizonan at gmail.com>
>>> Since they [the ISP] already know what cable modem you're using,
>>> why do they also require a NIC [behind the cable modem] to be
>>> registered before it can be used?
>> IIRC, the original reason was money. The ISP would allow the
>> cablemodem to
>> transmit to 1 NIC with 1 MAC addr, and if you wanted additional
>> devices to be
>> able to talk to the cablemodem, you had to pay the ISP more. ISPs
>> didn't make
>> nearly as much money doing this as they thought they would, because
>> NAT/IP-Masqing are relatively easy to do.
>>
>> They may retain some language in their contracts/TOS/whatever that say
>> "You're
>> allowed to connect ONE DEVICE to this network". If they've got that
>> language,
>> they have a way to dump any customer they don't like who's ever used
>> more than
>> 1 network device at a time through their service.
> Thanks for clearing it up for me. I'm guessing if an isp had that one
> device rule in their contracts and used it to get rid of a customer,
> they'd be asking for a lawsuit. The customer could argue they're being
> unfairly singled out since most everyone has multiple devices behind a
> router.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>


More information about the PLUG-discuss mailing list