cable modem cloning

[caveman]

Is this a new security threat.
Last week I could not access the internet or emails.
Virgin Media (UK) said my cable modem had been cloned and there were several users on my account and blocking me from using it. My emails accounts were also being used by others who had taken up spare account space. Then finally Microsoft popped up to tell me I was a victim of software counterfeiting and after failing a validation test it seems that my Windows XP is no longer on my computer, but some other one that should not be there.
A Google search revealed forum sites that specialise in creating and selling software to clone modems by finding their MAC number and even selling them on Ebay.
I would appreciate any help with this problem as I cant find any similar threat under this section.

[google junky]

I'm pretty sure I can assume that you had no firewall.(that would be a great idea)
They evidently had a lot of time to spend in your computer to do everything you said they did.
There isn't much a person can't do if they are allowed in the computer.

I did some searching on it and found it being talked about here Cable Modem Sniffer
This has been around for awhile it seems. The first post on that board was Feb 2006. You are just one of the lucky ones to get targeted I guess.

If you click on any of these results then you will get a better feel of what is going on.
site:www.tcniso.net/forum/ sniff - Google Search

I can only tell you what I found. This is the first time I have ever heard of it.
I would also suggest a firewall. Zone Alarm has a version for free.
Firewall Freeware, Free Firewall Protection Software, Firewall Shareware: ZoneAlarm® Free Firewall Software.

[caveman]

Afraid you got the wrong assumption Google Junky. My Windows firewall has been in place (and switched on) for years. I have an AVG virus protection which does a full scan every day.

Techy team at Virgin media indicated that access could be gained by cable cloning which would not be affected by a firewall or anti-virus.

I had read that thread from Cable Modem Sniffer. Why are these people not shut down ?

[google junky]

Hey caveman,

Honestly Windows Firewall is just something to make you feel safe. I would still advise using Zone Alarm and disable Windows Firewall. That is just my opinion though.

I did a lot of reading since my last post and you are correct. This type of hack is almost impossible to stop. It seems that you can only slow them down and hope you did enough to make them not be interested any longer in trying. I also read, and I'm not sure it is still a fact, that DSL wasn't able to be hacked this way. Like I said, I don't know this to still be true or not.

I found a good read for you that is exactly what I think you are looking for as far as answers. Besides the fact that your ISP should be working with you to help fix this.

Sniffing (network wiretap, sniffer) FAQ
Read these first:
2.3 How can I configure my local network to make sniffing harder?
2.4 Can I buy adapters that do not support sniffing?
2.5 How can I detect a packet sniffer?

The rest of the page has some really good information as well.
Although I am a novice at networks, I hope this helps in some way.

Good luck in all you do,
Google Junky

[wige]

As Google Junky noted, Windows Firewall is not an effective firewall. Even the Windows development team has acknowledged this in the past. That firewall is intended only to close inbound ports. If spyware or other malware affected your computer, it could easily circumvent WF, since the firewall does not monitor outgoing traffic.

I would recommend taking a few steps. First, assume your computer has been compromised, and have a friend download Avast anti-virus onto a thumb drive. If you already use Avast, have them download AVG instead. Also download the latest antivirus definitions from that site. And finally, download Comodo Firewall Pro. This software is not the easiest to use, in fact it is a pain to use, but it monitors everything.

Disconnect your computer from the network, and completely uninstall your antivirus software. Connect the memory stick, and install the new antivirus from there. Some viruses can "neuter" a new installation of antivirus software if it is done over the internet; this process will prevent that. Update the virus definitions using the update you put on the memory stick. AVG and Avast should both give you the option of updating from a local file. Reboot and scan the computer thoroughly. Once the computer is clean, install Comodo Firewall. The firewall will alert you to any and all network-using applications, and anything those applications try to do on your computer. Watch for any suspicious activity. I would recommend keeping Comodo for at least a week, before switching to something more user friendly, so you can be reasonably sure you have caught everything.

You may also want to consider a hardware firewall (router). You can usually get one fairly inexpesively, and with proper password protection it can add an extra perimeter of security to your computer.

Cloning of your MAC address is not extremely difficult, provided you have a modem that will allow the user to specify a mac address to use. All the software and hardware in the world is unlikely to protect you from this because first, your modem sits in front of the protective hardware/software, and second, it has to respond to requests for its MAC address originating from its network node so that traffic can be routed properly. It falls to the service provider to protect against this.

As far as the Windows Validation, Microsoft applies its validation in a counter-intuitive way. The last OS to validate is considered legitimate. I encountered this recently, when I replaced the hard drive on one of my company's computers. I entered the validation code from another computer by mistake after running the manufacturer's restore disk. The code was accepted, but then the computer that the code was originally used on popped up a counterfeit warning. In your case, it is possible your code was not stolen, but rather someone used a key generator to guess a validation code, and it matched yours. You would need to contact microsoft to resolve the issue. Make sure you have the verification sticker and the original install disk. The sticker should be somewhere on the computer itself.

[SisterSledge]

wige, you da'man!

[seopo]

Just to add to wige comments, disable system restore before restarting your pc

My Computer > Properties > System Restore

[Martinscholes]

Or an inside job? Must be great to be able to have access to everyone's Broadband systems, at source, as it were.

"Nah, squire! Someone must've cloned yer systum!"

[puamana]

Interesting posts... thanks for the info, as I'm currently using a cable modem for internet access.

I am using AVG antivirus with Firewall...
rather than the Windows Firewall, but apparently that will not
protect me from cable sniffers...

alas.

I'll check out the FAQs as you suggest.

- Puamana