Fraud Prevention in DOCSIS Networks: Overview

Solutions
Digital Experience

DX Solution

DX Activate

Self-care Widgets

FCC Performance Testing
IP Resource Management

Telco Cloud

Edge Computing

MAP-T
Subscriber Insights

Monetization and Analytics Platform
Industry Report

Unlock new broadband value opportunities—get the Future of the Connected Home report.

Download Now
Products
Resource Orchestration

Auto Configuration Server

User Services Platform

DHCP Server

IP Address Management

Network Monetization and Analytics
Service Orchestration

Service Activation

Auto Configuration Server

User Services Platform
Industry Report

Unlock new broadband value opportunities—get the Future of the Connected Home report.

Download Now
Services
Services

Managed Services

Professional Services

Customer Support
Incognito Plus

Boost performance, reduce downtime, and strengthen your operations. Explore Incognito's Managed Services.

Learn More
Company
Company Info

About Us

Executive Team

Careers
Stay Connected

Newsroom

Blog

Events

Resources
Partner Program

Become a Partner
Career Opportunities

Join a growing team shaping the future of broadband. Explore Incognito's open positions.

Apply Now

SUBMIT RFP

CONTACT

Published on 21 May 2015

As an overview, these features include:

IP Verification: Only the intended cable modem identified as originating from the associated IP address may download the configuration file
Single Download Only: The configuration file may only be downloaded once
Randomly Generated Filenames: The configuration filename is a randomly generated hex string created on-the-fly during the DHCP process, which eliminates the possibility of guessing configuration filenames
Configuration File Expiry: If a configuration file is not downloaded, the filename and related information regarding that file are destroyed after a configurable amount of time (default: 60 seconds)
TLV 19 and 20: The solution offers the ability to include TFTP Timestamp and cable modem IP in configuration files

The above features provide much-needed security functionality:

The dynamically generated file never physically exists on the server’s hard drive. This means that the file cannot be modified or corrupted by entities that have access to this hard drive
Only the device can download the configuration file from the solution’s configuration file management (CFM) service, using the IP address that the DHCP service assigns to the configuration file
Only the DHCP service can generate a dynamic configuration file name and provide the “row” of information to the CFM service. The DHCP service has the required knowledge of the encoding algorithm, the shared secret configured on the DHCP and CFM services, and the lookup keys for the DOCSIS file-setting records
The DHCP service shares what it knows about the client with the CFM service by encoding this data in the configuration file name. The CFM can extract the data encoded in the configuration filename to determine how to generate the file
The data encoded in the configuration filename is kept private

Two TLVs aid in security and can only be used when dynamically generating files, as the values are for the TLVs can only be determined at download time. These are:

CFM Server Timestamp (TLV 19): Sending time of the configuration file, in seconds, as defined in RFC 868, used to prevent replay attacks with the old configuration files
CFM Server Provisioned Modem Address (TLV 20): The IP address of the modem requesting the configuration file, to prevent IP spoofing during registration