Do I need a router with Mac and these firewall settings?

[Gramek]

I am single home user in one apartment with no other users, living in apartment block house with over hundred apartments. I have cable internet and one modem.

Mac firewall has "block all incoming connections" and "enable stealth mode" enabled. All sharing services are disabled.

Do I need a router? All ports are disabled with these settings (I assume at least) so is router needed?

 

[ferrarr]

Are you using a desktop Mac or a portable Mac? Do you want to use it in any room in the apartment or just the one room?

 

[RadDave]

I am single home user in one apartment with no other users, living in apartment block house with over hundred apartments. I have cable internet and one modem.

Mac firewall has "block all incoming connections" and "enable stealth mode" enabled. All sharing services are disabled.

Do I need a router? All ports are disabled with these settings (I assume at least) so is router needed?

First, I would suggest that you go to Steve Gibson's website HERE and run 'Shield's UP' - see first image below - run 'Test All Ports' (arrow); the second image is the results on my MBPro - my assigned IP address from my cable modem ISP is detected; BUT, I'm behind an Apple AirPort Extreme router, the 'internal personal' address of that machine is 10.0.1.19, which would NOT be seen by the internet world trying to probe my home network.

Second, my feeling is that even if you owned one computer, that a router is still important - before Wi-Fi, I used routers on my single computers - some advice HERE, if interested. More importantly, do you need a home Wi-Fi network, do you want NAS, do you need to exchange information (data, music, etc.) between devices other than desktop/laptop computer(s), e.g. iDevices, smartphone, and electronic gear (my iPads, iPhone, HDTV, Blu-ray player, and Roku devices are all Wi-Fi compatible). Dave

.

 

[vansmith]

Routers are cheap and make a network infinitely more expandable should you need it (ie. it makes it possible to use more than one device using the one internet connection). At a very minimum, it adds another layer between you and your public IP or, if you have an IP allocated by the building's hardware, between you and everyone else behind the switch/router in the building. Given that a decent router can be had for very little, I'd recommend it especially since you can then get a hardware based router in your living space that is controlled entirely by you and no one else.

EDIT: For command line junkies, there is an interesting discussion here about using built in tools to quickly get a sense of what ports are open and listening.

 

[Gramek]

Are you using a desktop Mac or a portable Mac? Do you want to use it in any room in the apartment or just the one room?

Mac Mini, using it only in one room.

First, I would suggest that you go to Steve Gibson's website HERE and run 'Shield's UP' - see first image below - run 'Test All Ports' (arrow); the second image is the results on my MBPro - my assigned IP address from my cable modem ISP is detected; BUT, I'm behind an Apple AirPort Extreme router, the 'internal personal' address of that machine is 10.0.1.19, which would NOT be seen by the internet world trying to probe my home network.

Second, my feeling is that even if you owned one computer, that a router is still important - before Wi-Fi, I used routers on my single computers - some advice HERE, if interested. More importantly, do you need a home Wi-Fi network, do you want NAS, do you need to exchange information (data, music, etc.) between devices other than desktop/laptop computer(s), e.g. iDevices, smartphone, and electronic gear (my iPads, iPhone, HDTV, Blu-ray player, and Roku devices are all Wi-Fi compatible). Dave

.
View attachment 25635 View attachment 25636

Nice site!
Hm, mine is ALL green expect one blue. Is that bad?

Also: THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!


I don't really need Wi-Fi (and would disable it in router is possible), don't need to exchange information between devices.

Routers are cheap and make a network infinitely more expandable should you need it (ie. it makes it possible to use more than one device using the one internet connection). At a very minimum, it adds another layer between you and your public IP or, if you have an IP allocated by the building's hardware, between you and everyone else behind the switch/router in the building. Given that a decent router can be had for very little, I'd recommend it especially since you can then get a hardware based router in your living space that is controlled entirely by you and no one else.

EDIT: For command line junkies, there is an interesting discussion here about using built in tools to quickly get a sense of what ports are open and listening.

So any router would suit? There are no issues if I go to shop and pick up the cheapest? They all have firewall capability?

 

[Gramek]

Are you using a desktop Mac or a portable Mac? Do you want to use it in any room in the apartment or just the one room?

Mac Mini, in one room only.

First, I would suggest that you go to Steve Gibson's website HERE and run 'Shield's UP' - see first image below - run 'Test All Ports' (arrow); the second image is the results on my MBPro - my assigned IP address from my cable modem ISP is detected; BUT, I'm behind an Apple AirPort Extreme router, the 'internal personal' address of that machine is 10.0.1.19, which would NOT be seen by the internet world trying to probe my home network.

That's a nice site! Hm, one is blue, everything else is green. Is this good or bad?

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.

NO PORTS were found to be OPEN.
The port found to be CLOSED was:
Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Second, my feeling is that even if you owned one computer, that a router is still important - before Wi-Fi, I used routers on my single computers - some advice HERE, if interested. More importantly, do you need a home Wi-Fi network, do you want NAS, do you need to exchange information (data, music, etc.) between devices other than desktop/laptop computer(s), e.g. iDevices, smartphone, and electronic gear (my iPads, iPhone, HDTV, Blu-ray player, and Roku devices are all Wi-Fi compatible). Dave

Well, I have no need for Wi-Fi. If I'd have Wi-Fi router, I'd try to disable it.

Routers are cheap and make a network infinitely more expandable should you need it (ie. it makes it possible to use more than one device using the one internet connection). At a very minimum, it adds another layer between you and your public IP or, if you have an IP allocated by the building's hardware, between you and everyone else behind the switch/router in the building. Given that a decent router can be had for very little, I'd recommend it especially since you can then get a hardware based router in your living space that is controlled entirely by you and no one else.

EDIT: For command line junkies, there is an interesting discussion here about using built in tools to quickly get a sense of what ports are open and listening.

So any cheap router would do? There won't be issues if router is too cheap and will do more harm than good?
What about these brands: D-Link, Trendnet, Linksys, TP-Link?

 

[vansmith]

So any router would suit? There are no issues if I go to shop and pick up the cheapest? They all have firewall capability?

I suppose any will do although dlink seems to be having some bad luck lately. A quality Linksys will do the job. Ultimately, I suppose that my advice is to get the bets router that you can for the price that you're comfortable with.

My only recommendation would be to stay away from Apple's routers. While they are fine routers, they're old and Apple doesn't seem to be updating/refreshing them anymore so they're a little long in the tooth.

 

[RadDave]

Mac Mini, using it only in one room.

Nice site!
Hm, mine is ALL green expect one blue. Is that bad?

Also: THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

I don't really need Wi-Fi (and would disable it in router is possible), don't need to exchange information between devices.

So any router would suit? There are no issues if I go to shop and pick up the cheapest? They all have firewall capability?

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.

NO PORTS were found to be OPEN.
The port found to be CLOSED was:
Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

So any cheap router would do? There won't be issues if router is too cheap and will do more harm than good?
What about these brands: D-Link, Trendnet, Linksys, TP-Link?

Hello - appears your posts have appeared - I tried to eliminate some of the duplication above - let me address a few of your questions just as starters:

1 - Glad that you enjoyed Steve Gibson's site (I've been using 'Shields Up' since my PC days) - you're pretty much in 'Stealth Mode' meaning that your ports tested are not being seen on the public internet - that is GOOD! Plus, your IP address (i.e. one assigned by your ISP) seems to also be hidden - true? Or did it show up as in my example? Your results are better than mine, i.e. I'm ALL closed or stealthed - you seem to be HIDDEN except for some of this discussion above - for that, you need to spend more time on Gibson's site.

2 - NOW, do you still want a router w/ the Gibson results? For me, despite my public IP address being seen, the internally assigned addresses by my home network's router are completely hidden - SO, I would probably still suggest that you obtain a router for the best security and a more robust firewall - what to buy? You can google for many suggestions, such as this PC Mag Review - pick the one in your price range based on the reviews - I've owned Linksys and Cisco routers in the past and am now using an Apple AirPort Extreme - I like using Apple products together, so for a less expensive option, you might consider the Apple AirPort Express (again go to the Apple website or do some googling). Let me stop there for you to respond. Dave

ADDENDUM: Vansmith left a post as I was composing about the Apple routers and his concerns are an important consideration, i.e. Apple has not upgraded this equipment in a number of years and is about to abort this line - but might be still worth reviewing for your particular needs.

 

[pm-r]

Gramek, I did not see or notice what modem you're using and presumably supplied by your ISP, but I have no ides why all the suggestions that you need a router when you're probably all set to go connecting via Ethernet cable and using the Firewall settings you already mentioned.

Why create more possible problems, and expenses???






- Patrick
==========

 

[RadDave]

Gramek, I did not see or notice what modem you're using and presumably supplied by your ISP, but I have no ides why all the suggestions that you need a router when you're probably all set to go connecting via Ethernet cable and using the Firewall settings you already mentioned.

Why create more possible problems, and expenses???

Hi Patrick - I don't disagree at all and implied in my response after his/her Gibson testing that the current setup was well protected - but for me, I would still get a router - Dave

 

[ferrarr]

If you only have one device (Mac mini), there is no need for a router, the modem will be all you need. If you have a phone, or tablet, then a wifi router will let those devices connect to the internet.

 

[vansmith]

I'd disagree. Routers add a layer of security and make the nextwork more expandable for the future. Even if network expansion isn't needed, the extra layer of security, particularly the security that comes with a hardware level firewall is worth it.

 

[Gramek]

I suppose any will do although dlink seems to be having some bad luck lately. A quality Linksys will do the job. Ultimately, I suppose that my advice is to get the bets router that you can for the price that you're comfortable with.

My only recommendation would be to stay away from Apple's routers. While they are fine routers, they're old and Apple doesn't seem to be updating/refreshing them anymore so they're a little long in the tooth.

Thank you for the Apple advice!
But what is going on with D-link routers?

Hello - appears your posts have appeared - I tried to eliminate some of the duplication above - let me address a few of your questions just as starters:

1 - Glad that you enjoyed Steve Gibson's site (I've been using 'Shields Up' since my PC days) - you're pretty much in 'Stealth Mode' meaning that your ports tested are not being seen on the public internet - that is GOOD! Plus, your IP address (i.e. one assigned by your ISP) seems to also be hidden - true? Or did it show up as in my example? Your results are better than mine, i.e. I'm ALL closed or stealthed - you seem to be HIDDEN except for some of this discussion above - for that, you need to spend more time on Gibson's site.

2 - NOW, do you still want a router w/ the Gibson results? For me, despite my public IP address being seen, the internally assigned addresses by my home network's router are completely hidden - SO, I would probably still suggest that you obtain a router for the best security and a more robust firewall - what to buy? You can google for many suggestions, such as this PC Mag Review - pick the one in your price range based on the reviews - I've owned Linksys and Cisco routers in the past and am now using an Apple AirPort Extreme - I like using Apple products together, so for a less expensive option, you might consider the Apple AirPort Express (again go to the Apple website or do some googling). Let me stop there for you to respond. Dave

ADDENDUM: Vansmith left a post as I was composing about the Apple routers and his concerns are an important consideration, i.e. Apple has not upgraded this equipment in a number of years and is about to abort this line - but might be still worth reviewing for your particular needs.

My IP did show up, I just removed it in post.
I only heard about router being essential for security few days ago so I'm still making up my mind. But if it does give more security I should consider it.

Gramek, I did not see or notice what modem you're using and presumably supplied by your ISP, but I have no ides why all the suggestions that you need a router when you're probably all set to go connecting via Ethernet cable and using the Firewall settings you already mentioned.

Why create more possible problems, and expenses???






- Patrick
==========

My modem is rented from my ISP, Scientific Atlanta EPC 2203.

Spoiler

I heard few days ago that just using modem is not secure at all... so I'm trying to get as much information as possible to make my mind up. I only have this old modem and don't know how dangerous it is.


I have one extra question: are there any ways to check if my modem is at its best and not insecure/compromised? If I'm already looking for all this info, I'd like to be know everything there is.
Some time ago, in my Windows, AVAST gave some false alert about compromised network. I remember panicking and trying to upgrade modem's firmware - now I have no idea what I did or how I did it. Vague memory says it was through PC, I clicked something, something updated... but checking now, I find no such place.

Modem is working nice, speed seems to be okay - is there any chance I compromised modem somehow and made it a security risk? Can someone use modem to hack into my computer/Mac if there is any weakness? And can it be checked?

 

[RadDave]

I only heard about router being essential for security few days ago so I'm still making up my mind. But if it does give more security I should consider it.

My modem is rented from my ISP, Scientific Atlanta EPC 2203.

I heard few days ago that just using modem is not secure at all... so I'm trying to get as much information as possible to make my mind up. I only have this old modem and don't know how dangerous it is.

I have one extra question: are there any ways to check if my modem is at its best and not insecure/compromised? If I'm already looking for all this info, I'd like to be know everything there is.

Modem is working nice, speed seems to be okay - is there any chance I compromised modem somehow and made it a security risk? Can someone use modem to hack into my computer/Mac if there is any weakness? And can it be checked?

Hi again Gramek - a LOT of questions above. First, a modem uses Data Over Cable Service Interface Specification (DOCSIS), a telecommunications standard that provides Internet access. The DOCSIS standard is now v. 3 and offers the 'security' described in the quote below (Source) - my ISP is Time Warner and I rent their modem which was replaced last year w/ the Arris model shown below; my plan is 100 Mbps DL speed ideally - just check my speeds at Speedtest and got nearly 80 Mbps DL which serves my streaming needs (see pics below) - go to the link and check your speeds; also make sure that your modem is the newest model offered by your ISP, and hopefully up to current DOCSIS standards.

NOW, the modem does not have a robust firewall, thus the router recommendation by several of us for added security; plus, the router offers many other features (some outlined previously), including a wireless Wi-Fi network, if you do decide to setup one. Let us know if you are still interested in obtaining a router and further comments can be offered. P.S. most ISPs (or you can purchased one) offer a combo device that includes a modem and a router, so just another option. Dave

The DOCSIS system architecture includes security components that will ensure user data privacy across the shared cable network and will prevent unauthorized access to DOCSIS-based data transport services across the cable network. The DOCSIS architecture also supports policing (i.e., filtering) functions which can be used to reduce the risk of attacks targeted at attached CPE devices (Customer Premises Equipment, or personal computer). These policing capabilities match those available within dedicated line network access systems (e.g., telephone, ISDN, DSL) and cable data enterprises are as secure as DSL or other traditional phone architectures.

.

.

 

[pm-r]

Well, the OP can always do some googling:
https://www.google.ca/search?client...&oe=UTF-8&gfe_rd=cr&ei=NiZ1WJunCcPM8gev_pbIDw

And come up with some reports and tests like this:
Security Issue: SL subscriber's using Cisco Residential Gateways

Products Confirmed Not Vulnerable
-Cisco Model DCP2100 DOCSIS 2.0 Cable Modem
-Cisco Model DPC3008 DOCSIS 3.0 8x4 Cable Modem
-Cisco Model DPC3208 8x4 DOCSIS 3.0 Cable Modem
-Cisco Model DPC3828 DOCSIS 3.0 8x4 Residential Wireless Gateway
-Cisco Model DPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway
-Cisco Model EPC2425 EuroDOCSIS 2.0 Cable Modem
-Cisco Model EPC3008 EuroDOCSIS 3.0 8x4 VoIP Cable Modem
-Cisco Model EPC3208 8x4 DOCSIS 3.0 Cable Modem
-Cisco Model EPC3828 EuroDOCSIS 3.0 8x4 Residential Wireless Gateway
-Cisco Model EPC3928 EuroDOCSIS 3.0 8x4 Wireless Residential Gateway
-Scientific Atlanta DPR2320 Cable Modem
-Scientific Atlanta DPX 2000 Cable Modem
-Scientific Atlanta EPC2203 VoIP Cable Modem
-WebSTAR DPX2100 Cable Modem
-WebSTAR DPX2203C VoIP Cable Modem
-WebSTAR EPC2100R2 Cable Modem
-WebSTAR EPR2325 EuroDOCSIS Residential Gateway with Wireless Access Point

[bold mine]

http://www.dslreports.com/forum/r29...subscriber-s-using-Cisco-Residential-Gateways

See also:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm








- Patrick
==========

 

[pm-r]

Good grief!!!

I just noticed that the updated Cisco DPC3825 our ISP just supplied us a few months ago is also on that list, but under the

Vulnerable Products

The following Cisco products are affected by this vulnerability:
Cisco DPC3212 VoIP Cable Modem
Cisco DPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
Cisco EPC3212 VoIP Cable Modem
Cisco EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
Cisco Model DPC3010 DOCSIS 3.0 8x4 Cable Modem
Cisco Model DPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
Cisco Model EPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA

Advisory ID: ciscosa-20140716-cm
First Published: 2014 July 16 16:00 GMT
Last Updated: 2014 July 18 17:55 GMT
Version 1.1: Final

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm

But, no sweat…





EDIT:
PS:

Cisco has released software updates that address this vulnerability.

More info:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm







- Patrick
==========

 

[chscag]

Hey Patrick... nice of you to post a portrait of yourself! (You knew that was coming... LOL) I think I'll copy it to our "Mug Shot" forum with your name. (Just kidding.)

On a serious note... I have to agree with Bryan about using a router whether or not it's needed at this time. The hardware firewall provided by a good router is just another safety net in the chain of things.

As for a router recommendation, I did some extensive looking around and reading of reviews and came up with an "Archer TP-Link C7 model AC 1750" ($86.00 from B&H in NY). Dual band and includes two USB ports for a printer.

 

[Gramek]

Hi again Gramek - a LOT of questions above. First, a modem uses Data Over Cable Service Interface Specification (DOCSIS), a telecommunications standard that provides Internet access. The DOCSIS standard is now v. 3 and offers the 'security' described in the quote below (Source) - my ISP is Time Warner and I rent their modem which was replaced last year w/ the Arris model shown below; my plan is 100 Mbps DL speed ideally - just check my speeds at Speedtest and got nearly 80 Mbps DL which serves my streaming needs (see pics below) - go to the link and check your speeds; also make sure that your modem is the newest model offered by your ISP, and hopefully up to current DOCSIS standards.

NOW, the modem does not have a robust firewall, thus the router recommendation by several of us for added security; plus, the router offers many other features (some outlined previously), including a wireless Wi-Fi network, if you do decide to setup one. Let us know if you are still interested in obtaining a router and further comments can be offered. P.S. most ISPs (or you can purchased one) offer a combo device that includes a modem and a router, so just another option. Dave

Hello and thank you and sorry!

Thank you for explaining the terminology!
And really good site to test my speed that is... well, I thought I had pretty good, but it pales in comparison to yours.
Mine is Download 21.47 and upload 2.14. Well, it serves me well so I have no complaints.

Yes, after reading around I really should get router, if only for peace of mind.

Well, the OP can always do some googling:
https://www.google.ca/search?client...&oe=UTF-8&gfe_rd=cr&ei=NiZ1WJunCcPM8gev_pbIDw

And come up with some reports and tests like this:
Security Issue: SL subscriber's using Cisco Residential Gateways

Products Confirmed Not Vulnerable
-Cisco Model DCP2100 DOCSIS 2.0 Cable Modem
-Cisco Model DPC3008 DOCSIS 3.0 8x4 Cable Modem
-Cisco Model DPC3208 8x4 DOCSIS 3.0 Cable Modem
-Cisco Model DPC3828 DOCSIS 3.0 8x4 Residential Wireless Gateway
-Cisco Model DPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway
-Cisco Model EPC2425 EuroDOCSIS 2.0 Cable Modem
-Cisco Model EPC3008 EuroDOCSIS 3.0 8x4 VoIP Cable Modem
-Cisco Model EPC3208 8x4 DOCSIS 3.0 Cable Modem
-Cisco Model EPC3828 EuroDOCSIS 3.0 8x4 Residential Wireless Gateway
-Cisco Model EPC3928 EuroDOCSIS 3.0 8x4 Wireless Residential Gateway
-Scientific Atlanta DPR2320 Cable Modem
-Scientific Atlanta DPX 2000 Cable Modem
-Scientific Atlanta EPC2203 VoIP Cable Modem
-WebSTAR DPX2100 Cable Modem
-WebSTAR DPX2203C VoIP Cable Modem
-WebSTAR EPC2100R2 Cable Modem
-WebSTAR EPR2325 EuroDOCSIS Residential Gateway with Wireless Access Point

[bold mine]

http://www.dslreports.com/forum/r29...subscriber-s-using-Cisco-Residential-Gateways

See also:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm



- Patrick
==========

Good grief!!!

I just noticed that the updated Cisco DPC3825 our ISP just supplied us a few months ago is also on that list, but under the

Vulnerable Products

The following Cisco products are affected by this vulnerability:
Cisco DPC3212 VoIP Cable Modem
Cisco DPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
Cisco EPC3212 VoIP Cable Modem
Cisco EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
Cisco Model DPC3010 DOCSIS 3.0 8x4 Cable Modem
Cisco Model DPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
Cisco Model EPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA

Advisory ID: ciscosa-20140716-cm
First Published: 2014 July 16 16:00 GMT
Last Updated: 2014 July 18 17:55 GMT
Version 1.1: Final

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm

But, no sweat…

View attachment 25659

EDIT:
PS:

Cisco has released software updates that address this vulnerability.

More info:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm







- Patrick
==========

I actually found this security issue myself only bit ago. 2016, March

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre

The following Cisco product are vulnerable:

Cisco Cable Modem with Digital Voice Model DPC2203
Cisco Cable Modem with Digital Voice Model EPC2203

Noooo.... -_-
That SHOULD be my Scientific Atlanta EPC2203? Only with different name?

In your opinion, my ISP would fix this mess themselves by downloading and stuffing this upgrade into all modems under their control? Nothing for me to do or check myself? Out of my hands, trust ISP in this case?

Hey Patrick... nice of you to post a portrait of yourself! (You knew that was coming... LOL) I think I'll copy it to our "Mug Shot" forum with your name. (Just kidding.)

On a serious note... I have to agree with Bryan about using a router whether or not it's needed at this time. The hardware firewall provided by a good router is just another safety net in the chain of things.

As for a router recommendation, I did some extensive looking around and reading of reviews and came up with an "Archer TP-Link C7 model AC 1750" ($86.00 from B&H in NY). Dual band and includes two USB ports for a printer.

Thank you for advice! Router it will be then. I need to check the shops near me to see what they have. TP-Link should be one brand sold around here.

 

[chscag]

In your opinion, ISP provider would fix this mess themselves by downloading and stuffing this upgrade into all modems under their control? Nothing for me to do or check myself? Out of my hands, trust ISP in this case?

Lots of luck with that thought. ;D Most ISPs have no idea what a Mac is much less provide you with support for your modem. I have yet to run across an ISP that was really helpful in resolving connection problems, be it for a modem or router they supplied. If your modem requires a firmware update it will be up to you to hunt it down and install it. Sometimes, the ISP can provide an over the air update (as Verizon FIOS does) but that's not the norm.

 

[Gramek]

Lots of luck with that thought. ;D Most ISPs have no idea what a Mac is much less provide you with support for your modem. I have yet to run across an ISP that was really helpful in resolving connection problems, be it for a modem or router they supplied. If your modem requires a firmware update it will be up to you to hunt it down and install it. Sometimes, the ISP can provide an over the air update (as Verizon FIOS does) but that's not the norm.

You are dealing with an amateur here so...


A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.

The vulnerability is due to improper input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.

Cisco has released software updates to its service provider customers that address the vulnerability described in this advisory. Prior to contacting Cisco TAC, customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.

So if I'm using Mac, this security patch would not be installed into my modem? Does it really matter what is attached to the modem? I was under impression ISP would just shove new upgraded firmware into modem through their connection and that's that?