back to article FYI: You can blow Intel-powered broadband modems off the 'net with a 'trivial' packet stream

Broadband modems using Intel's bungled Puma 6 chipset can be overloaded and virtually knocked offline by a trivial trickle of packets, it is claimed. Effectively, if there's someone you don't like, and they are one of thousands upon thousands of people using a Puma 6-powered home gateway, and you know their public IP address, …

  1. kain preacher

    First atom chips that commit Seppuku and chip sets that crap out.

    1. asdf

      Intel and low margins go together like peanut butter and turds.

  2. Gordon Pryra

    I spoke to Virgin

    And (as usual) I came away with the belief that if they did not only have BT as their competition, they would go out of business in 2 weeks. In fact, if Sky were no so pricey they could put Virgin out of the game (they wont because they are probably happy with the prices and dont want a price war)

    I have asked Virgin about updates for the chipset on their superhub 3 and the "network specialist" told me to put it in modem mode and use my own router.....

    Admittedly in the past I have taken the piss a bit, asking semi-trained help desk questions way outside of their levels of competence, but the response from Virgin is pathetic.

    To first pretend that there is nothing wrong then to give false advise is hardly great business practice UNLESS you know your customers have no choice.

    Sky understand how shit Virgin are, so their prices are ridiculous, BT are just shoddy offering sport for the idiots and "you can use now TV for the rest!!!"

    1. Anonymous Coward
      Anonymous Coward

      Re: I spoke to Virgin

      By "idiots" do you mean "people who like different things than you do"?

      Apparently watching sport is quite popular. Who knew?

      1. John Brown (no body) Silver badge

        Re: I spoke to Virgin

        "Apparently watching sport is quite popular. Who knew?"

        So the idiocracy is popular? Personally, I'd just offer them more cake!

      2. Gordon Pryra

        Re: I spoke to Virgin

        Yes

    2. phuzz Silver badge

      Re: I spoke to Virgin

      We had to take ours our of modem mode because that was causing it to lose connection every fifteen minutes, which now means we're stuck using the 'Super'-hub as an actual router and wifi hub. It is rubbish at these jobs.

      1. TheVogon

        Re: I spoke to Virgin

        "We had to take ours our of modem mode because that was causing it to lose connection every fifteen minutes"

        That fault on the SH3 (Ethernet port periodically shutting down) has bene fixed in recent deployed firmware.

  3. TheVogon

    Modem mode doesn't mitigate these issues. I have had to buy a SH2 AC from eBay as Virgin don't have any...

    1. ravenstar68

      No one should EVER buy a Virgin Media modem from a third party.

      I cannot stress this enough - Virgin Media will NOT activate any device that they have not provided to you DIRECTLY. You need to request your money back or report the seller to eBay.

  4. wyatt

    All I would like is the option from any provider for a modem only service, I'll provide the router. It must be cheaper than a 'hub' and would reduce the number of faults they have reported? My first BT contract I had a Voyager 220v and it was great. Friend had a Modem from VM and it was also great, then they swapped it to a hub and the service went crap.

    1. gnasher729 Silver badge

      I have a BT Hub Infinity Homehub 5. Somewhere in my cupboard. It was replaced with an OpenReach modem from eBay for about £3, and a pre-previous generation Apple Airport Extreme from eBay for £40. Works absolutely fine with 7 or 8 devices plus the odd visitor, unlike the BT hub which would just break down and need to be rebooted once a week. (Symptom: Sad wife saying "Why is the internet not working")

    2. CrazyOldCatMan Silver badge

      All I would like is the option from any provider for a modem only service, I'll provide the router

      You can do that - it just involves picking a proper ISP rather then one in the race to the bottom category..

      My current ISP (Zen) is one such ISP as was my previous ISP (IDNet). AAISP is also viable.

      1. Anonymous Coward
        Anonymous Coward

        More accurately it involves picking any ISP other than Virgin and Sky.

        The Virgin network requires the modem to authenticate onto the network, and it is tied to a customer account. Unless Virgin change their processes to allow you to supply your own modem, or unless they go back to offering a proper cable modem (which would *not* get around this issue if Virgin picked a Puma 6 modem to offer to customers), you are stuck with the super turd.

        Sky make it extremely difficult to use third party equipment since they insist on using a unique authentication system for the router.

        The rest of the big boys - BT, TalkTalk, Plusnet etc really couldn't give two hoots as to what router you use. They will want you to plug it back in if you are reporting a fault, but that's fair enough (and yes, even Zen do that - I only know too well how they kept trying to blame my equipment for their network fault - Zen never sent me a router as you had to pay full price when I signed up, and they wouldn't loan me one, so that was that)

      2. TheVogon

        "My current ISP (Zen) is one such ISP as was my previous ISP (IDNet). AAISP is also viable."

        And how much do they charge for 300Mbs downstream / 30 up?

        1. Ken Hagan Gold badge

          "And how much do they charge for 300Mbs downstream / 30 up?"

          Why is this relevant? According to the article, you aren't getting anything within several orders of magnitude of those figures.

          1. psychonaut

            you are if you dont have a sh3.

            im on the 200 / 10 and its just fine thanks. could do with a bit more upload but its ok.

            there is unfortunately noone anywhere near price wise to touch virgins fibre if it has a sh2 in modem mode

            then add a pair of Ubiquiti long range ac access points and i have 200mb everywhere wirelesly for my ac wireless clients. bloody lovely.

            i cant tell you how good the ubiquiti gear is, and ive tried quite a few different access points in many different properties .at home i have them it in the loft, not even drilled through the upper most ceiling, just hanging from the roof in the loft. penetration to ground floor is amazing, speed is awesome. buy some

            1. TheVogon

              "im on the 200 / 10 and its just fine thanks. could do with a bit more upload but its ok."

              Setup a free broadband quality monitor at Think Broadband and you will see how bad the latency is. Also the Puma 6 drops 1% and 7% on DNS packets - and that will impact you even if you hadn't realised. Try the GRC DNS benchmark...

          2. TheVogon

            "According to the article, you aren't getting anything within several orders of magnitude of those figures."

            Please let me know where it says that In the article?!

            You must definitely do get close to the claimed figures on virgin. The issue is latency spikes, not bandwidth...

            1. Ken Hagan Gold badge

              "Please let me know where it says that In the article?!"

              Well we can start with the title: "blow ... off the net".

              My point is that if your choice of ISP results in you using a modem that gets DOS-ed of the net entirely then it does not matter how fast that ISP promised to deliver bits. You are getting 0 Mb/s and any ISP that offers a better modem will deliver more bandwidth.

            2. AlbertH

              Virgin on the ridiculous

              Unfortunately, Virgin cap your usage and deliberately cripple your connection if you exceed their paltry allowance. They also sell all your browsing information to "Phorm". Their DNS is poisoned, and their "service" is a joke, with week-long outages and no recompense for the abused subscriber.

  5. Anonymous Coward
    Anonymous Coward

    The penalty for realtime imbecilitis

    Well, that is the penalty you get when you implement NAT and stateful firewall in consumer grade hardware instead of using the OS one.

    I used to do some CPE work in my previous life and I have observed how a couple of product directors were having a massive boner discussing the wonderful hardware offloads in the upcoming Intel CPE Cable hardware. I told them that they are out of their mind to use them. Even a measly 400-500MHz Arm or MIPS chipset can happily handle it at the rates in Cable, so there is absolutely no point to use the hardware offload. And most importantly - it is something tested by nearly 2 decades of use now, IT WORKS(tm).

    It did not stick - the idiots went on to use the offload (I can bet the same happened in other places).

    Stupidity is contagious, especially amidst CPE product management and especially in Cable.

    1. TheVogon

      Re: The penalty for realtime imbecilitis

      "Well, that is the penalty you get when you implement NAT and stateful firewall in consumer grade hardware instead of using the OS one."

      What ever hardware you use, it runs an OS. Cheap"consumer grade" hardware - for instance the ASUS RT66 can have a firewall / QoS enabled throughput of well over 600Mbs / 30,000+ connections.

      1. asdf

        Re: The penalty for realtime imbecilitis

        >ASUS RT66 can have a firewall / QoS enabled throughput of well over 600Mbs / 30,000+ connections.

        Not using Linux HTB or HFSC it can't. Perhaps with cake but 600Mbs is pushing it even with cutting edge hardware little lone an RT66. If it has QOS at that speed more than likely its garbage QOS.

        1. This post has been deleted by its author

        2. This post has been deleted by its author

        3. asdf

          Re: The penalty for realtime imbecilitis

          Down vote me but here you go.

          https://www.bufferbloat.net/projects/attachments/150817135028_cake-battlemesh-v8.pdf

          (see page 14 where even an WRT1900ACv2 can only do 300Mbps throughput even with cake, significantly less for HTB). For the record I have tried cake personally on my WNDR3800 and found it not to be stable at least with PPPoE but I'm on slow ass 20Mbps DSL with a very pathetic upload so HTB+FQ_Codel works perfect for me. Also any qdisc that doesn't do rate limiting (PIE, FQ_Codel) is by itself nearly worthless. Your router has to own where the packets get queued (own the queue) or your QOS is worthless.

        4. TheVogon

          Re: The penalty for realtime imbecilitis

          "Not using Linux HTB or HFSC it can't. Perhaps with cake but 600Mbs is pushing it even with cutting edge hardware little lone an RT66"

          Wrong.again, it can do that easily on the native firmware. See the benchmarks at SmallNetBuilder.

        5. TheVogon

          Re: The penalty for realtime imbecilitis

          To save you having to Bing it, here are some "consumer" device throughput test results:

          Test Description

          RT-N66U

          WAN - LAN

          732 Mbps

          LAN - WAN

          729 Mbps

          Total Simultaneous

          810 Mbps

          Maximum Simultaneous Connections

          34,925

          Firmware Version

          3.1.0.3.90

          1. asdf

            Re: The penalty for realtime imbecilitis

            Ok that's great. Now show me what qdisc you have on those interfaces. With no real QOS and offloads sure 600Mbps no problem. The claim was QOS and 600+Mbps in a cheap consumer router. Do this run say a half dozen torrents full bore (make sure download saturated) and ping 8.8.8.8. If you can't keep every ping under say 100ms (being generous here) then your QOS isn't.

            1. asdf

              Re: The penalty for realtime imbecilitis

              If you are able to do it (and you truly were maxing out both your download and upload) then you should really thank your ISP because unless you are limiting your download and upload to about 90% or so of their max its your ISP equipment (or someone downstream) doing the QOS because more than likely you no longer own the queue.

            2. asdf

              Re: The penalty for realtime imbecilitis

              > Now show me what qdisc

              Also since virtually no consumer grade store bought routers run any of the BSDs pretty safe to request the qdisc used. If you can log into your router with telnet or ssh do a tc -s -d qdisc at the command line and post the result. More than likely it says it doesn't know the command tc which means no real QOS.

              1. Voland's right hand Silver badge

                Re: The penalty for realtime imbecilitis

                Now show me what qdisc

                It is not the CPU grunt which is the issue in consumer hardware preventing good QoS at 600MB (I agree with several posters which said it does not work).

                It is something NO consumer router has. Timer precision. The higher the bandwidth, the higher the timer precision required. MIPS hardware used in most consumer routers simply does not have the timers needed to do QoS at 600MBit. You may be able to police and traffic shape a couple of buckets with HTB with rough precision (in the 10s of MBits range), but definitely no proper QoS as required by high-end video conferencing, audio, etc.

                Compared to that, the timer precision on x86 is more than sufficient to do policing and QoS down to 10s of Kbits range at 1Gbit.

                Now, on offloads. The offloads DO NOT FIX THAT. They do stuff which absolutely not needed if you use a Linux software load like accelerated forwarding, firewall, nat (all of that with ridiculously small tables). They do not however, have the ability to run a proper Qdisc on that at least in most consumer hardware. The few attempts at QoS in that are just drivel produced by a Chinese firmware engineer which has no clue whatsoever how QoS works (and it, by the way, is rocket science).

                1. This post has been deleted by its author

                  1. This post has been deleted by its author

                2. asdf

                  Re: The penalty for realtime imbecilitis

                  >It is not the CPU grunt which is the issue in consumer hardware preventing good QoS at 600MB (I agree with several posters which said it does not work).

                  >It is something NO consumer router has. Timer precision.

                  Perhaps but my guess is it also has to do with the cpu not able to handle the massive amount of interrupts when dealing with network traffic at that speed even with the offloads (QOS also still has to peel apart multiple packets as well with offloads if its to be effective). As for x86 I agree that if I wasn't so cheap and actually had super fast internet I almost assuredly would be running x86 (perhaps with *BSD) for my main router (and no shitty Atom cpu for sure). But capped at 26 Mbps down and 1 up DSL, my WNDR3800 running Cerowrt with htb + fq_codel runs like a dream. Nobody in the house ever complains about anyone else using internet even when I am torrenting several large Linux isos. When I see lag in games (rare) its almost always server side.

            3. TheVogon

              Re: The penalty for realtime imbecilitis

              ""The claim was QOS and 600+Mbps in a cheap consumer router"

              No, it was that Firewall + NAT was not realistic on consumer grade hardware. I have shown that you are wrong on that.

              I then added some specifics - that are also correct - in fact I under specified what the hardware can achieve. And yes that's with QoS enabled.

              How effective the QoS is - is an entirely different question and is unrelated to your original claim - which didn't mention QoS...

              1. asdf

                Re: The penalty for realtime imbecilitis

                >Not using Linux HTB or HFSC it can't. Perhaps with cake but 600Mbs is pushing it even with cutting edge hardware little lone an RT66. If it has QOS at that speed more than likely its garbage QOS.

                My original claim. Show me where its wrong. At this point if you are not a network guy its best to move on. Those terms I am using is how Linux does proper QOS. When you implied using stock firmware told me all I needed to know. I have not seen any consumer hardware that didn't come with DD-WRT or OpenWRT do proper QOS. If the manufacturers knew what they were talking about we wouldn't have all these articles about their security fails and general incompetence.

              2. This post has been deleted by its author

              3. asdf

                Re: The penalty for realtime imbecilitis

                >I then added some specifics - that are also correct - in fact I under specified what the hardware can achieve. And yes that's with QoS enabled.

                Want to know something funny. I bet for most ordinary people's use cases they are much better off with properly set up QOS on a sub 100 Mbps connection, than phantom broken QOS on a much faster connection which is what they get if they are not using a proper PC to do their routing/QOS. Especially cost wise and if there is teens/20s in the house endless downloading shit no matter how fast the connection. I never see lag spikes people with these fancy expensive internet modems/service do. Must really suck paying five to ten times more for internet and then get tea bagged by me in some first person shooter because I don't lag.

          2. asdf

            Re: The penalty for realtime imbecilitis

            Basically the TL;DR version is QOS in stock firmware for consumer routers is garbage (much like almost all stock firmware itself). Its a check box in the UI that does little for real world use.

    2. asdf

      Re: The penalty for realtime imbecilitis

      > the idiots went on to use the offload

      Offloads are evil and cause bufferbloat but as Cerowrt found out the hard way they become necessary with cheap hardware much over a few hundred mbs if you want to run decent QOS.

  6. MoreBeerPlease

    I almost feel sorry for VM

    I too have had many conversations with VM over the previous known issue with the Puma6 using Hub3.

    On one of my many calls I had a very interesting chat with a 2nd level network guy who struggled to stick to the official company line.

    Although the front line call centre numpties aren't aware that there is an issue, the network guys are.

    He would like to send me an old Superhub2 or Superhub 2ac but there aren't any in stock and the few they did have hanging around have all been sent out to irate gamers. So it's not that they won't send out old kit, it's that they can't.

    Also and this will upset the very sensible crowd who just want a modem that does one thing well, VM want to get rid of separate Tivo/V6 and Hubs and just have one box in the house that does everything. The telephony sockets on the back of the hub3 are a sign of things to come.

    So maybe I should say I do feel sorry for the few competent techies who work there.

    Guess what arrived in the post yesterday, another unasked for Hub3. I'll add it to the pile. Is this the future of consumer distribution using the consumer as localized warehouses?

    1. Anonymous Coward
      Anonymous Coward

      Re: I almost feel sorry for VM

      Guess what arrived in the post yesterday, another unasked for Hub3. I'll add it to the pile.

      How much would you get on Ebay for it? Seriously.

      1. asdf

        Re: I almost feel sorry for VM

        >How much would you get on Ebay for it?

        Probably more a few days ago.

        1. ravenstar68

          Re: I almost feel sorry for VM

          Until the buyer comes back complaining it won't work because Virgin won't activate it.

  7. Natalie Gritpants

    Can you disable IPv4 on these devices?

    Just throwing away IPv4 packets shouldn't slow it down.

    1. Conall O

      Re: Can you disable IPv4 on these devices?

      blocking off said ports using a hardware firewall could be an option I suppose. Not exactly difficult to buy one on the cheap either ( for home use) ~£40-50.

      1. TheVogon

        Re: Can you disable IPv4 on these devices?

        How are you going to insert a hardware firewall into a Docsys 3 coax stream?!

    2. Richard 12 Silver badge

      Re: Can you disable IPv4 on these devices?

      Virgin don't support IPv6, so it wouldn't get you very far.

  8. AJames

    Meh

    We already know that these modems are defective and should be replaced by the ISPs since Intel's mitigation measures in firmware are not very effective.

    Anyone is vulnerable to a targeted denial-of-service attack. This exploit, if true, makes it a little easier to kill modems with a Puma 6 chipset, but you would still need to be targeted by someone willing to keep up a significant data stream. Honestly it doesn't significantly increase your risk.

    1. Richard 12 Silver badge

      Every machine on the Internet is subjected to regular probing attacks by the myriad of botnets out in the wild.

      Such attacks occur very frequently as scanning the whole of IPv4 doesn't really take that long when you have a thousand compromised hosts.

      A decent router/firewall will dump them and the botnet component moves on without much incident.

      A bad one gets owned by one of the various attacks attempted.

      These are likely to get shut down until it moves on.

      Better than being taken over, but very annoying.

      1. asdf

        >A bad one gets owned by one of the various attacks attempted.

        Which is why your first step after getting your internet facing router setup is to download the Kali Linux iso and get on the internet outside your router (phone internet etc). Get your router wan side ip address, boot up Kali then do the complete scan with Armitage and finally do a Hail Mary attack. Any ports open you don't recognize and especially any sessions open then best to return your hardware unless you can put LEDE on it in which case do so.

  9. Anonymous South African Coward Bronze badge

    And things will just go from bad to worse....

  10. Anonymous Coward
    Anonymous Coward

    Try complaining to Watchdog....

  11. John Smith 19 Gold badge
    Unhappy

    So any hardware using Puma 6 as it's processor family is f**ked basicall?

    I wonder who knew about this?

    And how long?

    1. Anonymous Coward
      Anonymous Coward

      Re: So any hardware using Puma 6 as it's processor family is f**ked basicall?

      Intel Inside is now what embedded engineers/devs have nightmares about.

  12. arctic_haze

    The photo

    Isn't it Jenna Coleman?

  13. This post has been deleted by its author

  14. 404

    I learned something today...

    Hughesnet and Exede Satellite don't suck as bad as I thought.... it was their fucking equipment!

    Thanks Intel!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like