Charter HFC Engineer?

Any Charter HFC engineers on the list? I've been hitting my head on the
wall with first tier support that involves the Ubee DDW365 cable modem
Charter deploys that reboots when IP space sitting behind the cable modem
is port scanned on port 161 (snmp).

This all started when my original cable modem (SMC) was swapped out with
the Ubee and I noticed the Internet would randomly go out during the day
for about a minute or two and tracked it down to the Ubee modem rebooting
throughout the day (lights flashing on the modem indicating boot up). A
tech came out and swapped it with another Ubee, and the same issue, random
reboots. After researching this issue, I found a post from April 2016 (
http://www.dslreports.com/forum/r30695574-Remote-triggered-modem-reboot) by
someone posting about port scanning through the Ubee cable modem and the
port scan causing the Ubee to reboot when it hit port 161. Apparently this
person wasn't able to get through to Charter tech support about the problem
either and gave up. After reading this post, I was able to confirm my Ubee
was susceptible to this bug and would reboot by simply telneting to IP
space on port 161 behind the modem. I figured my random reboots were
related to random people port scanning my IP space throughout the day. I
called support to let them know and got them to bump it up to their
manager, who then referred it to a "technical specialist" that ended up
blocking port 161 on my cable modem.

That fixed the problem with the random reboots and my connection is now
stable! However support seems to think blocking the port on my modem is a
long term fix

They don't seem to understand that the long term fix should be escalating
this up the chain so an appropriate engineer can work with Ubee to get the
firmware fixed in the modem or the tens of thousands (or millions?) of
other Charter customers with this modem currently suffering through
unstable Internet. And what's to stop someone from continuously port
scanning all of the Charter IP space and essentially DOSing those customers
with this Ubee modem?

I'd appreciate if someone from Charter would contact me off list please, I
have zero confidence this is actually going to get fixed the right way for
myself or at all for all the other Charter customers with the Ubee modem
deployed.

Thanks ...

Have hope, I suspect someone will respond.

(Can you send me your IP address off-list, I’d like to check against the OpenSNMPProject dataset as well).

I’ve seen something similar with the Netgear device that Comcast Business deploys. It followed device swaps but I think it’s related to internal traffic vs external and have not yet chased down what triggers it.

- jared

Hi Gabriel,

I¹m going to contact you off-list regarding this one.

Ed

On 8/25/16, 1:39 AM, "NANOG on behalf of Gabriel Kuri"
<nanog-bounces+edwin.mallette=charter.com@nanog.org on behalf of
gkuri@ieee.org> wrote:

Not to be unhelpful, but SNMP is a UDP protocol, you can't "telnet" to port 161 and be talking to the snmp deamon on the device because it's not listening for that. If you do get a connection, there's really something wrong....

Mike,

SNMPv3 uses TCP.

Also, I never said I had a daemon listening on port 161, the cable modem
would simply reboot if it saw a TCP SYN packet destined to port 161 to IP
address space sitting behind my cable modem.

FYI - Charter engineers responded to me indicating it's a known bug with
this Ubee modem and Ubee is working on a new revision of firmware to fix
the bug.

SNMPv3 uses TCP.

FWIW, TCP is one of many possible transports for SNMPv3. UDP is by far
the commonest in my experience, though.

FYI - Charter engineers responded to me indicating it's a known bug with
this Ubee modem and Ubee is working on a new revision of firmware to fix
the bug.

Ouch. I'll have to check whether the Ubee unit on my Comcast Business
connection is similarly affected. SNMP-related bugs are a dime a dozen,
but this one sounds really awful.

-jeff