Monitoring customer owned cable modem with SNMP

I thought this feature was only blocked on gateways and phone modems. This protocol is read only and poses no threat. I would not think Cox would disable features on customer own equipment. I am very much interested in this thread. Let us know how it goes?

I sure will. I have been reading a fair amount and there are a number of Cox employees saying that it is disabled to prevent people from hacking their cable modems and uncapping them. I'm guessing they haven't heard of ReadOnly SNMP.

It just frustrates me that it seems Cox has locked me out of my own property.

I think I might hook up my SB6180 and test it. Last time I looked it worked. Maybe it just happened? Or maybe its a local thing?

Please do. I would love to be proven wrong.

I don't think you will be proven wrong. I think its a lost cause, but I have to say..I'm just so disappointed.  I make this promise though, the day they take the diagnostic screen away is the day I leave Cox. Period. I would not pay for service that I can't quantify. 

SNMP is disabled upon successful provisioning for security reasons.  Access to view statistics via the web browser is still possible via http://192.168.100.1

Those statistics don't allow me to track bandwidth usage.

And I am VERY curious what the security impact of allowing me to use ReadOnly SNMP is on my own hardware.

You shoudl be able to track that either at the router or worst case at each device with software readily available.  Access to the management functionality is locked out however for security reasons.

I already own a device that can be SNMP monitored it is the cable modem, but you guys have decided to strip out some of the functionality that I paid for. And nobody has been able to explain what the exact security threat of ReadOnly SNMP on the 192.168.100.1 interface is.

SNMP while can be set for read only can also be hacked and has been in the past.  I can understand how you must feel owning the device.  You're free to use it in any way you see fit however once connected to the ISP network it becomes subject to the terms and conditions for using said network.  While the pro's and con's of enabling SNMP at the modem can be debated for purposes of this discussion enabling it for customer use is not an option.

It must be nice to have a monopoly and be able to dictate terms to customers like that.

Do you happen to have a link to some documents that show this harm that can be done to your network with ReadOnly SNMP?

Such documentation really wouldn't add to this discuss in a practical manner.  One of the terms of connecting a modem to our network is that we maintain administrative control of the device.  If the customer needs that kind of control the device must be removed from the network.  It's analogous to owning a car.  You're free to do with it whatever you like however if you want to drive it on public roads you're subject to the terms and conditions for the roads we commonly refer to as traffic laws.  A more practical solution to the issue you're trying to solve would be to measure traffic at the router.  When it comes to security best pratices are to enable as little functionality as necessary.  While I agree it would be useful customer SNMP access is not necessary for the service we provide.

But when there is a long thread here with no resolution from Cox regarding your bandwidth tool being off by 100% it lends weight to the argument of me being able to monitor as much as possible.

And your statement that the documentation wouldn't add to the discussion makes me think that no such document exists or that it is a hypothetical threat only.

The reasons to allow or deny SNMP really aren't relevant to the topic here.  While it would be useful to some to have it enabled customer SNMP access to the modem is prohibited per policy at this time.  If you wish to track data usage that can be easily done at the router and/or device level.

But the best place to monitor it is at the modem since that is the only place with a true idea of the amount of data being transferred.