Eircom Getting Ready To Install Snooping Equipment.

spongebob

For a variety of reasons , not entirely unconnected with and in no particular order :

Herr Flick
P 2 P networks
VOIP
Streaming Technologies and Pay per View content

Eircom are proposing to modify the reference interconnect so that all the modems supplied by DSL providers who are resellers of their DSL product ......meaning everybody more or less ........ will have to deploy equipment that is TR-069 compatible . Any other kit out there will either be flashed or will be replaced by TR-069 compatible kit. They will migrate their own kit to TR-059 compatibility at the same time . The 2 standards work very well together, they may both be downloaded , along with all other DSL standards by the way, from Here

TR-069 equipment is sent out preconfigured as are all DSL modems from all Irish ISP's . Once deployed on the customer premises they are then Remotely Managed from the Local Telephone exchange.

There are some useful features in there such as fault diagnostics ....as we all know Eircom are quick to fix these faults in a professional manner but there are far more intruiging features. CPE means Customer Premises Equipment by the way.

TR-069 Is

A protocol for communication between a CPE and Auto-Configuration Server (ACS) that encompasses secure auto-configuration as well as other CPE management functions within a common framework.

It also supports standardisation and secure remote modification of firmware .

The CPE WAN Management Protocol provides tools to manage downloading of CPE software/firmware image files. The protocol provides mechanisms for version identification, file download initiation (ACS initiated downloads and optional CPE initiated downloads), and notification of the ACS of the success or failure of a file download.

and

1.4 Architectural Goals
The protocol is intended to provide flexible support for various business models for distributing and managing CPE, including:
• CPE provided and managed by the network provider.
• CPE purchased in retail with pre-registration to associate the specific CPE with a service provider and customer account (a mobile-phone like model)
• CPE purchased in retail with post-installation user registration with a service provider.
The protocol is intended to provide flexibility in the connectivity model. The protocol is intended to provide the following:
• Allow both CPE and ACS initiated connection establishment, avoiding the need for a persistent connection to be maintained between each CPE and an ACS.
• Allow one or more ACS servers to serve a population of CPE, which may be associated with one or more service providers.
• Optimize the use of connections that are established to minimize connection overhead by allowing multiple bi-directional transactions to occur over a single connection.
The protocol is intended to support discovery and association of ACS and CPE

• Provide mechanisms to allow an ACS to securely identify a CPE and associate it with a user/customer. Processes to support such association should support models that incorporate user interaction as well as those that are fully automatic.
The protocol model to allow an ACS access to control and monitor various parameters associated with a CPE. The mechanisms provided to access these parameters is designed with the following premises

Then as we see the Architectural Goals provide for quite a high level of "Diagnostics" to be captured and sent to the central server in the basement of Eircom HQ , these include.

3. The CPE may have a default ACS URL that it may use if no other URL is provided to it. Once the CPE has established a connection to the ACS, the ACS may at any time modify the ACS address Parameter stored within the CPE (Internet¬Gateway¬Device.¬Management¬Server.¬URL). Once modified, the CPE MUST use the modified address for all subsequent connections to the ACS

Yah , where could that other ACS be then ? Anyway, HTTPs , SSH and RPC can be enabled between the CPE and 'an' ACS at this point.

Page 46 of 109 in the standard document.

A.4.1.5 Upload
A.4.1.5 Upload
This method may be used by the Server to cause the CPE to upload a specified file to the designated location.
Table 49 – Upload arguments
Argument Type Description
CommandKey string(32) The string the CPE uses to refer to a particular upload. This argument is referenced in the methods TransferComplete and GetQueuedTransfers.
FileType string(64) An integer followed by a space followed by the file type description. Only the following values are currently defined for the FileType argument:
“1 Vendor Configuration File”
“2 Vendor Log File”
The following format is defined to allow the unique definition of vendor-specific file types:

Vendor Log File locked into an ACS , OK

It will allow interleaving to be set to the line conditions rather than globally which is a good thing I suppose. It will log the following variables.

Data¬Path string - O Indicates whether the data path is fast (lower latency) or interleaved (lower error rate).
Interleave¬Depth unsignedInt - O ADSL Interleaved depth. This variable is only applicable if DataPath = Interleaved.
Line¬Number int[1:] - O Signifies the line pair that the modem is using to connection. LineNumber = 1 is the innermost pair.
Upstream¬Curr¬Rate unsignedInt - C The current payload bandwidth (expressed in Kbps) of the upstream DSL channel.
Downstream¬Curr¬Rate unsignedInt - C The current payload bandwidth (expressed in Kbps) of the downstream DSL channel.
Upstream¬Max¬Rate unsignedInt - C The current attainable rate (expressed in Kbps) of the upstream DSL channel.
Downstream¬Max¬Rate unsignedInt - C The current attainable rate (expressed in Kbps) of the downstream DSL channel.
Upstream¬Noise¬Margin int - C The current signal-to-noise ratio (expressed in 0.1 db) of the upstream DSL connection.
Downstream¬Noise¬Margin int - C The current signal-to-noise ratio (expressed in 0.1 db) of the downstream DSL connection.
Upstream¬Attenuation int - C The current upstream signal loss (expressed in 0.1 dB).
Downstream¬Attenuation int - C The current downstream signal loss (expressed in 0.1 dB).
Upstream¬Power int - C The current output power at the CPE's DSL interface (expressed in 0.1 dBmV),
Downstream¬Power int - C The current received power at the CPE's DSL interface (expressed in 0.1 dBmV),

Then there is this voucher caper on Page 91

C.1 Overview
The CPE WAN Management Protocol defines an optional mechanism for securely enabling or disabling optional CPE capabilities. Unlike Parameters, the Voucher mechanism provides an additional layer of security for optional capabilities that require secure tracking (such as those involving payment).
A Voucher is a digitally signed data structure that instructs a CPE to enable or disable a set of Options. An Option is any optional capability of a CPE. When an Option is enabled, the Voucher may specify various characteristics that determine under what conditions that Option persists.
C.2 Control of Options Using Vouchers
An Option may be disabled, enabled, or enabled with expiration. An Option that is enabled with no expiration stays enabled until the Server explicitly disables it. An Option that is enabled with expiration stays enabled only for the duration specified in the Voucher. After the specified duration period, the CPE MUST disable the Option itself.
An Option may also be defined as either transferable or non-transferable. If not otherwise specified, an Option enabled by a Voucher is non-transferable. A transferable Option is one that is maintained with the CPE regardless of any subsequent changes of service provider.
Each Voucher, which may contain instructions to enable or disable one or more Options, MUST be digitally signed using the XML-Signature format [13]. Before applying the instructions in the Voucher, a CPE MUST validate the signature and authenticate the signer.
A Voucher is specific to a single CPE and cannot be used on a CPE other than the one indicated in the Voucher. This ensures that the mechanism used to distribute Vouchers can be used to ensure that only those CPEs that have properly appropriated an Option can enabled that Option.

The porn customisation feature on Page 96 .....or is that E Banking ?

D.1 Overview
To support web-based applications or other CPE-related web pages on a back-end web site for access from a browser within the CPE’s local network, the CPE WAN Management Protocol provides an optional mechanism that allows such web sites to customize their content with explicit knowledge of the customer associated with that CPE. That is, the location of users browsing from inside the CPE’s LAN can be automatically identified without any manual login process.
The protocol defines a set of optional interfaces that allow the web site to initiate communication between the CPE and ACS, which allows a web site in communication with that ACS to identify which CPE the user is operating behind. This allows the web site to customize its content to be specific to the associated broadband account, the particular type of CPE, or any other characteristic that is known to the ACS.

It can be integrated with ENUM to a degree. Thats where Comreg come in.

If the ACS is controlled by Eircom or Flick we can kiss our asses goodbye. If the ACS is ported out beyond the Eircom Wholesale cloud and run ..... along with ENUM ..... by a broad interest control then we may have a future.

For the moment its creepy ......utterly creepy........ and it may be nodded through by an overimpressed Comreg (under pressure from Flick) so that they can get their dearly held ENUM project off the ground.

M

Paddy20

Oh my God, what's happening. I'm off to hide under my duvet. My life is no longer mine, is anything sacred anymore :eek: Goodnight.

GerardKeating

Muck wrote:

Eircom are proposing to modify the reference interconnect so that all the modems supplied by DSL providers who are resellers of their DSL product ......meaning everybody more or less ........ will have to deploy equipment that is TR-069 compatible .

This would be anti-competitive and breach a lot of EU law.

Also they cannot stop us using our own modems.

fatherdougalmag

NTL - we need you now more than ever.

vibe666

so the rat isn't gone. he was just at MI6 getting his '00' rating. sneaky fvcks.

Ripwave

fatherdougalmag wrote:

NTL - we need you now more than ever.

What, you didn't know that NTL have been doing this type of thing from Day 1?

maxheadroom

I'm sorry, but can someone break this down for the more stupid in the audience (ie, me)? What are the implications here?

jwt

GerardKeating wrote:

This would be anti-competitive and breach a lot of EU law.

Also they cannot stop us using our own modems.

Wasn't it the case that Eircom could dictate what equipment could be connected to their network. If you refused they could refuse use of the network?

Not sure what the story is now.

John

spongebob

It means Eircom are planning to replace user configurable DSL modems with Eircom configured DSL modems with :

Advanced diagnostics capacity
No user confguration
No user acccess to the configuration
Monitoring tools built in
No alternative to these devices if you want DSL
Reconfiguration at any time they choose and in any manner they choose
No independent oversight of how and when the monitoring capacity is used because we have a really useless regulator .

Alternatively they could opt for TR-064 capable devices which allow the end user to easily configure the modem themselves (like a .ins file for analogue modems ) and to view and modify the DSL modem configuration from their side as they wish but it seems they will do this from the Network side using TR-069 only .

M

maxheadroom

Muck wrote:

It means Eircom are planning to replace user configurable DSL modems with Eircom configured DSL modems with :

Advanced diagnostics capacity
No user confguration
No user acccess to the configuration
Monitoring tools built in
No alternative to these devices if you want DSL
Reconfiguration at any time they choose and in any manner they choose
No independent oversight of how and when the monitoring capacity is used because we have a really useless regulator .

Well, as ripwave has already pointed out, this is exactly how ntl do business and nobody's up in arms about it. breaking it down:

Muck wrote:

Advanced diagnostics capacity
No user confguration
No user acccess to the configuration

This would seem to mean that you plug it in, it grabs its config from the network, and it just works. Why is this undesirable? There should be no need to fiddle with the settings if the device can configure itself.

Muck wrote:

Monitoring tools built in
No independent oversight of how and when the monitoring capacity is used because we have a really useless regulator .

What kind of monitoring can they do at CPE that they can't easily do at Broadband Access Server?

Muck wrote:

No alternative to these devices if you want DSL

Well, why should they support a device that they havent validated?

Muck wrote:

Reconfiguration at any time they choose and in any manner they choose

Just like NTL - they can push a new config file to your modem at any time they want. Some people have noticed this recently as a speed increase

Moriarty

jwt wrote:

Wasn't it the case that Eircom could dictate what equipment could be connected to their network. If you refused they could refuse use of the network?

From my reading of the bitstream service provisions, eircom wholesale currently have no intrest what-so-ever in what equipment is being used after the microfilter. The microfilter is where they consider the bitstream service terminates for customer premises.

spongebob

maxheadroom wrote:

Well, as ripwave has already pointed out, this is exactly how ntl do business and nobody's up in arms about it. breaking it down:

Breaking it down.

1. TR-069 together with some further Local Network Discovery and mapping features that will become bolt on standards next month is a far more intrusive technology than DOCSIS which is what NTL use.

2. NTL do not have Significant market power

3. Cable Modems are not supposed to be inherently secure like DSL because 20-30 houses share a segment anyway and always have (meaning that you may INTERCEPT YOUR NEIGHBOURS FROM INSIDE YOUR HOUSE in many cases depending on where you are ) . With DSL you have an exclusive tail from the DSLAM in the local exchange and no sharing of segments .

4. Exclusive Eircom control of the ACS is anti competitive in the extreme . The model should either allow each reselling carrier their own ACS or maybe a single central carrier neutral ACS , there is nothing to stop Flick from having his own ACS either but Flick will rely on the Brits to run it for him and on the Eircom ACS to divert traffic into it . Flick also wants to ban Prepaid Mobile cards save where bought using ID so this is a DSL version of his control freakery. .

My opinion is that there should be one ACS and that the different carriers may load their 'packaging' on to it but that it does not belong to Eircom . There is nothig to preclude full co-operation with law enforcement either .....on production of a legal instrument such as a tapping order signed by Flick as he is supposed to do.

This could be under a kind of INEX body, a carrier neutral one .

My 2c

M

Paddy20

"Mess with Muck, at your peril" :eek:

Ripwave

Muck wrote:

on production of a legal instrument such as a tapping order signed by Flick as he is supposed to do.

You might want to explain to people who don't know who "Herr Flick" is.

(And "that nice man from Dublin 4" probably wouldn't help them much).

vinnyfitz

Ripwave wrote:

You might want to explain to people who don't know who "Herr Flick" is.

(And "that nice man from Dublin 4" probably wouldn't help them much).

D6 actually.


I think Muck is referrring to the Minister for Justice and Homeland Security

Ripwave

vinnyfitz wrote:

D6 actually.

Since when did Dublin South East reach into Dublin 6?

(They must have moved Ranelagh when I wasn't looking!)