The other day I read that Comcast is launching a new plan to turn home internet users into unwilling participants in their new global wifi strategy. I'm sure that they will soon be touting how insanely awesome it will be to get "full strength" internet access virtually anywhere just by subscribing to this service. Other than the issues with taking a service that the consumer already pays for and carving out their bandwidth for other people, the security practitioner in me can't help but wonder what the security ramifications of sharing an internet connection like this actually means. Combine this with the default access to your cable modem that your service provider already has, and it paints a very scary picture of network security for the home user. It is no longer sufficient (if it ever was) to rely on your cable modem for network access controls. Thus, I am advocating in favor of placing a personal firewall between your cable modem and your network for all home internet setups.
Now, it's not as bad as you may think. It doesn't have to be some crazy expensive piece of equipment like you'd purchase for a business. Even the basic home gateways come with the ability to do Network Address Translation (NAT) which effectively turns your internet connection into a one-way pipe. All I'm saying is that instead of plugging your network devices directly into the cable modem for Internet access, you should use your own hardware and draw a clear "line in the sand" between your equipment and theirs. In addition, I would advocate that you should no longer consider the wifi access provided by the cable modem device as safe and should use your own equipment for this access. In other words, treat anything on the WAN side of your home gateway/personal firewall as untrusted and protect against it accordingly.
This post is going to be short and sweet as it's something I meant to put up here when I found it sometime back in mid-2011. I'm not even sure if Time Warner is still using these Ubee cable modems for their RoadRunner offering, but I'm sure that there are at least a few people out there who still have them. When you get the modem installed initially, they give you some default credentials. Something like user/user or admin/admin. Using these credentials, you are able to access the device and many of the features that it has to offer you. What you are not able to do is access the menus where you can change how the router is actually configured for internet access, change the master password, or prevent Time Warner from accessing your modem, and subsequently, your network. To fix this, you just need to know the following secret...
The real administrator username that comes configured on these modems when you get them from Time Warner is the last eight digits of the unit's MAC address sans the colons separating out the values. This is unique to your device, but can be found pretty easily by looking at the user interface that you do have access to. The password for this user is "c0nf1gur3m3". Use that and you should be in. Feel free to change the password while you're in there to keep the Time Warner folks out.
One other kinda secret thing to note is that if you do want to change how the router is configured for internet access, you will need to go to http://192.168.0.1/TlModeChange.asp on your router to do so. Once there, you can change it to Bridge mode, NAT mode, Router mode, or NAT Router mode depending on what you are looking to do with it. Hope you enjoyed this simple solution for getting the real administrator access to Time Warner RoadRunner's Ubee cable modem.
***Update: If the above isn't working for you on Time Warner Cable, try one of these suggestions from the comments:
- Username: admin / Password: cableroot
- Username: technician / Password: C0nf1gur3Ubee#
- Username: admin / Password: C0nf1gur3Ubee#