"It's being reported by users from the DSLReports forum that the Puma 6 Intel cable modem variants are highly susceptible to a very low-bandwidth denial-of-service attack," writes Slashdot reader Idisagree. The Register reports: Effectively, if there's someone you don't like, and they are one of thousands upon thousands of people using a Puma 6-powered home gateway, and you know their public IP address, you can kick them off the internet, we're told... According to one engineer...the flaw would be "trivial" to exploit in the wild, and would effectively render a targeted box useless for the duration of the attack... "It can be exploited remotely, and there is no way to mitigate the issue."
This is particularly frustrating for Puma 6 modem owners because the boxes are pitched as gigabit broadband gateways: the devices can be potentially choked and knocked out simply by receiving traffic that's a fraction of the bandwidth their owners are paying for... The Puma 6 chipset is used in a number of ISP-branded cable modems, including some Xfinity boxes supplied by Comcast in the US and the latest Virgin Media hubs in the UK.
The original submission also notes there's already a class action lawsuit over the performance of cable modems with Intel's Puma 6 chipset, and adds "It would appear the Atom chip was never going to live up to the task it was designed for."
The class action lawsuit is not because the chipset is easily subject to DoS attacks. The lawsuit is because the chipset is unsuitable for the purpose for which it was sold and marketed. Any modem based on the chipset may suffer latency of 200ms or more and lose roughly 6% of all the data that is supposed to pass through it.
The fact that the chipset is subject to a DoS attack that uses a (relatively) trivial amount of bandwidth is just another reason to avoid modems that use it.
Why not? It's supposed to be reasonable secure against such actions. Would you also consider it unreasonable to sue the makers of a "high security lock" that would unlock if you jiggled the door knob?
It works the other way around. There's a guy with a YouTube channel about lock picking who says the Big Name in "secure" padlocks has sued him over some of his videos showing how easy they are to defeat.
Courts are empirically rigged in favor of the corporate interests, against the People, so this isn't terribly surprising.
Atom chip? (Score:2)
Given that my Atom server has no problem saturating both gigabit network ports at the same time somehow I doubt the problem is the performance of the Atom chip referenced as being beefed up in the summary and more due to a crappy implementation of Puma 6 itself.
It's not the Atom cores, it's the bolted on NAT accelerator with 2048 max entries + 30s timeout for UDP "connections" + firmware too stupid to fall back to software NAT when the hardware table is full.
So you just spoof 2048 UDP packets every 30s and they can't send a single packet? That IS trivial.
Why does a cable modem need a NAT accelerator? It shouldn't be doing NAT to begin with, right? That's the router's job...
I have access to a Puma6-based device and sure, the dual-core Atom is fast enough to do a lot of stuff, but the single ARM-core is excruciatingly slow. And guess what? All the cable-management stuff is relegated to the ARM-core, the web-UI runs on the ARM-core, nearly everything runs on it and the x86-cores, in the meantime, just sit idle -- they are only used for NAS-functionality, streaming DVB-C content and Google Music. It's ridiculous how stupid the whole thing is. The box is also ridiculously easy to
It's not the bandwidth, it's the packets per second.
The SPS is tied directly to the PPS, thus the PPS is at fault. If you bothered looking at the dozens of test screencaps in the thread, you'd know this.
A modem is NOT a router! (Score:2)
I take it this stupid article refers to NAT routers, and not cable modems at all.
Anyone with the slightest bit of savvy runs a straight cable modem connected to a completely separate router. And, having suffered with various commodity routers such as Netgear, they all suck donkey balls. Do what I did. Break down and get a real Sonicwall TZ-170 (used/surplus of course).
"The problem appears to be that the x86 CPU in the modem is taking on too much work while processing network packet"
I have a Puma6 device (Linksys CM6190) in bridge mode with a Ubiquity router/firewall and the test site doesn't trigger any issues with increasing latency. I think most ISPs use a management VLAN on the modem as well, but it doesn't seem like that would trigger issues on the customer side.
It's not the router, it's the shitty hardware accelerator that can't fail back to software mode when the hardware locks up due to shitty tables.
I take it this stupid article refers to NAT routers, and not cable modems at all.
These devices are actually both routers and cable-modems.
Whew. (Score:3)
Got scared there for a second then I remembered we can't get gigabit here.
Puma 6 chipset has been used in modems/gateways since 2012. Here is a partial list of potentially impacted products:
Arris SB6190
Arris TG1672G
Arris TM1602
Super Hub 3 (Arris TG2492LG) (commonly - virgin media)
Hitron CGN3 / CDA / CGNV series modems:
Hitron CDA-32372
Hitron CDE-32372
Hitron CDA3-35
Hitron CGNV4
Hitron CGNM-3552 (commonly - Rogers)
Hitron CGN3 (eg CGN3-ACSMR) 2013 link
Hitron CGNM-2250 (commonly - Shaw)
Linksys CM3024
Linksys CM3016
TP-Link CR7000
Netgear AC1750 C6300 AC1900
Netgear CM700
Telstra Gateway
Potentially *MUCH* worse (Score:2)
There is apparently a packet spray pattern that causes the CableModem (CM) portion of the Puma 6 to reboot. (likely segfault) The CM on a puma 6 is run by an ARM Cpu (not the x86 atom), the problem is with broken hardware optimization -- specifically the overflow handling on a fairly small table (2032 entry) likely built of CAM (content addressable memory) intended to accelerate external/internal mappings. That table has entries inserted when any packet arrives with a new address. Spew enough packets from e
