1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MOCA Network Security

Discussion in 'TiVo Series3 HDTV DVRs' started by zabolots, May 29, 2009.

  1. zabolots

    zabolots Member

    75
    0
    May 24, 2007
    NW Chicago...
    I know a few people here are running with MOCA adapters to provide ethernet to their Tivo units. I'm hoping somebody can answer this for me.

    How secure is a home network with MOCA? Obviously, the devices are connected to the coax in the home, which in turn runs out to the street and is connected to the nearest "hub" in the neighborhood. Is there some type of filter that you put on the inbound coax line to prevent the MOCA signals from leaving your house? Alternately, is there some security setup to be done on the MOCA devices themselves to encrypt data so only local devices can see each other?

    Thanks...Scott
     
  2. sinanju

    sinanju Member

    654
    1
    Jan 3, 2005
    MoCA uses DES encryption.

    Of course, if you have FiOS, the coax doesn't leave the house.
     
  3. zabolots

    zabolots Member

    75
    0
    May 24, 2007
    NW Chicago...

    So do you need to configure each MoCA box in the house to use the same encryption key? I thought it was simple plug-and-play.
     
  4. aaronwt

    aaronwt UHD Addict

    19,194
    26
    Jan 31, 2002
    Northern...
    Yes. Just like wireless. But it's still basically plug and play. You just have to enter the decryption key during setup.
     
  5. fyodor

    fyodor Member

    523
    0
    Sep 19, 2006
    It's my (non-authoritative) understanding that the signal is designed specifically so it doesn't make it through the feeds entering back through your home/unit.

    Also, I've never been able to get it to work back through amplified splitters, so insofar as you have one of those at your drop, you're probably protected.

    You also need someone be living nearby also with a moca adapter connected to their cable.

    F
     
  6. skillmey

    skillmey New Member

    5
    0
    Feb 27, 2009
    If you have FioS, you can't turn the password on if you want to stay connected to their network. However, you don't have to worry about security since the cable is isolated from other homes.

    If you don't have FioS, you can just enable a password on each device. Although it's not likely that the signal is going to go all the way from one house to the next, but it really depends on the cable network. So if you're paranoid, turn it on.
     
  7. DCIFRTHS

    DCIFRTHS I dumped SDV / cable

    2,119
    0
    Jan 6, 2000
    New York
    I never understood how a person could see another person's "computer", without sniffing packets, even if you both connect to the same node :confused:

    I imagine that the node would have to allow broadcasting of all upstream traffic, on the cable, before it converts the RF to light. Is this a reasonable guess?
     
  8. wmcbrine

    wmcbrine Ziphead

    10,369
    22
    Aug 2, 2003
    Sniffing packets is not especially difficult, so I see no need for that qualifier. But also, a lot of stuff, like Windows file sharing and even TiVo MRV/TTG, uses broadcast packets to find other systems. This shouldn't be a problem as long as you're behind a NAT, but it's possible (and used to be common) to hook up a PC directly to a cable modem. In such a case, you could open up "Network Neighborhood" and literally see your neighbors' systems.
     
  9. Jun 1, 2009 #9 of 22
    DCIFRTHS

    DCIFRTHS I dumped SDV / cable

    2,119
    0
    Jan 6, 2000
    New York
    Ah... I didn't consider that people hooked their computer(s) directly to a cable modem without a firewall in between. I have never considered doing something like that.

    Even when I first got symmetrical DSL (approximately 1999) from Covad, and Northpoint) I used software firewall solutions (Black Ice / Zone Alarm). That was long time ago, so my dates are approximate. It also doesn't help that my memory isn't as sharp as it once was ;)

    grc.com was one of my favorite websites.
     
  10. flynz4

    flynz4 New Member

    55
    0
    Jun 20, 2009
    Portland, OR
    I have Verizon Fios, and I am upgrading my DVRs. I currently have 3 Verzion (Motorola) DVRs (with internal MoCA) that will be replaced by 3 Tivo HDs (one is XL) and 3 NIM 100's.

    My question is around security. In my current setup:

    1. Fiber enters the ONP attached to the garage
    2. ONP is connected to my Verizon Actiontec home router with coax (internal MoCA)
    3. ONP is also connected via coax to each of my three television set top boxes (internal MoCA)
    4. Actiontec router has a NAT firewall
    5. Actiontec router drives my internal wired and wireless home network
    It seems to me that by definition... my wired/wireless home network is behind the NAT firewall... and that my television set top boxes (MoCA) are outside of the NAT firewall. Doesn't that create a security risk since I have equipment connected outside of my NAT firewall?

    /Jim
     
  11. socrplyr

    socrplyr Active Member

    1,080
    2
    Jul 19, 2006
    The internal MoCA adapter in the actiontec router is on the internal side of the router.
     
  12. wmcbrine

    wmcbrine Ziphead

    10,369
    22
    Aug 2, 2003
    You're concerned about people hacking your set-top boxes? Seriously? :rolleyes:

    Anyway, no -- as far as the IP network is concerned, your STBs are also behind the firewall. IP traffic flows from the STB to the router, and from the router to the ONT (note: not "ONP"). Only QAM video goes directly from the ONT to the STBs. If you doubt it, disconnect the router, and you should see VOD stop working.
     
  13. flynz4

    flynz4 New Member

    55
    0
    Jun 20, 2009
    Portland, OR
    I am not worried about someone hacking my STB... I am worried about someone bypassing my NAT in the router. I also stand corrected on "ONT" (instead of "ONP").

    The thing that is confusing to me, is that the WAN input to my Actiontec router is the coax cable. Also, this same coax cable is what connects the router to the STBs. So you are saying that somehow, this coax input to my router is simultaneously on the WAN and LAN side of the router.

    My next question is in regard to the NIM 100 boxes. Can I connect other equipment (ex: a PC) to the RJ45 jacks in addition to the new Tivo units? If so... is there still no security concern? In practice, I am not really considering adding other devices at this time... but I am curious about their operation.

    /Jim
     
  14. wmcbrine

    wmcbrine Ziphead

    10,369
    22
    Aug 2, 2003
    Even if the STBs were outside the NAT (which they aren't), that would not constitute a security risk. Only the STBs themselves would be vulnerable; there would be no path from them to the inside of the NAT.

    There is no difficulty in the single jack serving as both LAN and WAN interfaces, nor does that constitute a security risk, either. And yes, you can hook up anything you want to the MoCA adapters.
     
  15. flynz4

    flynz4 New Member

    55
    0
    Jun 20, 2009
    Portland, OR
    Thanks. The answer is non-intuitive to me, but I realize that your answer must be correct. When I look at my IP address assignments... I can see that my STBs are indeed on the LAN side of my router.

    Next question: When I disconnect my 3 Verizon (Motorola) STBs, and attach the 3 Tivos through the new NIM 100's... is there any setup necessary for the NIM 100's... or is it simply plug and play?

    /Jim
     
  16. fyodor

    fyodor Member

    523
    0
    Sep 19, 2006
    It's completely plug and play. As far as the Tivo knows, it's directly connected to your router.
     
  17. fyodor

    fyodor Member

    523
    0
    Sep 19, 2006
    Keep in mind, that just because they're sharing a physical medium, doesn't mean that they can communicate. So even if though there is a physical link between them, the devices connected through the MoCA adapter can't communicate with the ONT. They need to communicate with your router, which can communicate with the ONT.

    F
     
  18. flynz4

    flynz4 New Member

    55
    0
    Jun 20, 2009
    Portland, OR
    Yes... this was the confusing part. I guess we are programmed to believe that the WAN and the LAN would be on different physical medium. Thanks again for both of your replies!

    /Jim
     
  19. danis123

    danis123 New Member

    2
    0
    Dec 17, 2013
    Many people have upgraded from other cable providers to FIOS. Many of the old cable providers had runs going to each TV set which all terminated at spliters located outside the house (mounted to the side of the house). In that case the FIOS COAX is run from the ONT & Router (as the router is just connected to a splitter inside the house which goes to the ONT and the outside splitter) to the outside splitter. If verizon does not encrypt their MOCA then what stops someone from just attaching a MOCA network adapter to the splitter outside of the house and getting onto your network behind the NAT?????
     
  20. unitron

    unitron Active Member

    16,389
    2
    Apr 28, 2006
    semi-coastal NC
    A big mean dog?
     

Share This Page