Cable television networks such as those provided by Comcast Cable Communications, Inc., of Philadelphia, Pa., Cox Communications of Atlanta Ga., Tele-Communications, Inc., of Englewood Colorado, Time-Warner Cable, of Marietta Ga., Continental Cablevision, Inc., of Boston Mass., and others provide cable television services to a large number of subscribers over a large geographical area. The cable television networks typically are interconnected by cables such as coaxial cables or a Hybrid Fiber/Coaxial ("HFC") cable system which have data rates of about 10 Mega-bits-per-second ("Mbps") to 30+ Mbps.
The Internet, a world-wide-network of interconnected computers, provides multi-media content including audio, video, graphics and text that typically requires a large bandwidth for downloading and viewing. Most Internet Service Providers ("ISPs") allow customers to connect to the Internet via a serial telephone line from a Public Switched Telephone Network ("PSTN") at data rates including 14,400 bps, 28,800 bps, 33,600 bps, 56,000 bps and others that are much slower than the about 10 Mbps to 30+ Mbps available on a coaxial cable or HFC cable system on a cable television network.
With the explosive growth of the Internet, many customers have desired to use the larger bandwidth of a cable television network to connect to the Internet and other computer networks. Cable modems, such as those provided by 3Com Corporation, of Santa Clara, Calif., Motorola Corporation, of Arlington Heights, Ill., Hewlett-Packard Co., of Palo Alto, Calif., Bay Networks, of Santa Clara, Calif., Scientific-Atlanta, of Norcross, Ga. and others offer customers higher-speed connectivity to the Internet, an intranet, Local Area Networks ("LANs") and other computer networks via cable television networks. These cable modems currently support a data connection to the Internet and other computer networks via a cable television network with a data rate of up to 30+ Mbps, which is a much larger data rate than can be supported by a modem used over a serial telephone line.
However, most cable television networks provide only unidirectional cable systems, supporting only a "downstream" data path. A downstream data path is the flow of data from a cable system "headend" to a customer. A cable system headend is a central location in the cable television network that is responsible for sending cable signals in the downstream direction. A return data path via a telephone network (i.e., a "telephony return"), such as a public switched telephone network provided by AT&T, GTE, regional Bell Operating Companies and others, is typically used for an "upstream" data path. An upstream data path is the flow of data from the customer back to the cable system headend. A cable television system with an upstream connection to a telephony network is called a "data-over-cable system with telephony return."
An exemplary data-over-cable system with telephony return includes customer premise equipment (e.g., a customer computer), a cable modem, a cable modem termination system, a cable television network, a public switched telephone network, a telephony remote access concentrator and a data network (e.g., the Internet). The cable modem termination system and the telephony remote access concentrator together are called a "telephony return termination system."
The cable modem termination system receives data packets from the data network and transmits them downstream via the cable television network to a cable modem attached to the customer premise equipment. The customer premise equipment sends response data packets to the cable modem, which sends response data packets upstream via public switched telephone network to the telephony remote access concentrator, which sends the response data packets back to the appropriate host on the data network. In a two-way cable system without telephony return, the customer premise equipment sends response data packets to the cable modem, which sends the data packets upstream via the cable television network to the cable modem termination system. The cable modem termination system sends the response data packets back to the appropriate host on the data network.
As a cable modem is initialized in a data-over-cable system, it registers with a cable modem termination system to allow the cable modem to receive data over a cable television connection and from a data network (e.g., the Internet or an Intranet). The cable modem forwards configuration information it receives in a configuration file during initialization to the cable modem termination system as part of a registration request message. A cable modem also helps initialize and register any attached customer premise equipment with the cable modem termination system.
A cable modem termination system in a data-over-cable system typically manages connections to tens of thousands of cable modems. Most of the cable modems are attached to host customer premise equipment such as a customer computer. To send and receive data to and from a computer network like the Internet or an intranet, a cable modem and customer premise equipment and other network devices have a network address dynamically assigned on the data-over-cable system. Many data-over-cable systems in the prior art use a Dynamic Host Configuration Protocol ("DHCP") as a standard messaging protocol to dynamically allocate network addresses such as Internet Protocol ("IP") addresses. As is known in the art, the Dynamic Host Configuration Protocol is a protocol for passing configuration information to network devices on a network. The Internet Protocol is an addressing protocol designed to route traffic within a network or between networks.
As a cable modem is initialized, it will obtain a network address such as an Internet Protocol address (e.g., with a Dynamic Host Configuration Protocol) and send the network address to the cable modem termination system. The cable modem termination system stores the network address for the cable modem in an internal table. When customer premise equipment attached to a cable modem is initialized, it will also obtain a network address such as an Internet Protocol address. The network address for the customer premise equipment is stored in an internal table on the cable modem. The network address for the customer premise equipment is also stored on the cable modem termination system with a network address for a cable modem the customer premise equipment is associated with. When data arrives for the customer premise equipment from a network like the Internet or an intranet, the cable modem termination system uses the internal tables to route the data to the customer premise equipment. A network address from the data will be used to compare with network addresses from the internal tables on the cable modem termination system. The cable modem termination system will look up a network address from the data and determine that it is for customer premise equipment. Since the cable modem termination does not have direct connections to customer premise equipment, it will send the data to a cable modem associated with the customer premise equipment. The network address for the cable modem is determined from an internal table on the cable modem termination system that associates a cable modem with a customer premise equipment.
There are several problems associated with registering customer premise equipment and other network devices from a cable modem. The cable modem termination system relies on the cable modems associated with a customer premise equipment to register the network addresses of associated customer premise equipment. If the cable modem termination system has to re-boot itself, or a connection between the cable modem termination system and cable modem needs to be re-set or re-established due to a problem, the cable modem and any associated customer premise equipment have to be re-registered with the cable modem termination system. The re-registration includes sending additional registration messages to the cable modem termination system for the cable modem, customer premise equipment and other associated network devices.
A rogue cable modem could send the cable modem termination system network addresses that were not legitimacy assigned in the data-over-cable system, thereby allowing the data-over-cable system to be compromised. For example, after discovering a cable modem termination system has re-booted, a rogue cable modem may send a cable modem termination system a network address for a rogue network device on another computer network. Thus, the rogue network device may receive services on the data-over-cable system without paying for the services causing the data-over-cable system to lose money. The rogue cable modem may also send the cable modem termination system a network address for another legitimate network device on the data-over-cable system that may cause the legitimate network device to be overloaded with unwanted data. In addition, a rogue cable modem may send the cable modem termination system a network address for a customer computer that can be used to "hack" or otherwise attack the data-over-cable system, yet appear to be legitimate.
In data-over-cable systems from the prior art, there is no process to detect or prevent a rogue cable modem from registering rogue network addresses with a cable modem termination system after a re-boot of the cable modem termination system or the re-establishment of a connection to a cable modem. Thus, data-over-cable systems from the prior art are vulnerable to attack by allowing a rogue cable modem to register one or more rogue network addresses with a cable modem termination system.