How do I buy my own Cable Modem?

to admins: There are many similar threads but they were all 2 years old. So I thought is was okay to start a new thread.

Today I did a lot of housekeeping before I installed the Windows 10 Creators Update. After the update was in, I ran a full virus scan using Avast. The only thing that changed from last week is now I have 2 security vulnerabilities in my cable modem from Time Warner Cable / Spectrum. My paranoia assumes that TWC introduced the accessibility in their modem deliberately after our internet privacy was deleted last week.

Please note the key words in that warning.
"Upgrade your device's firmware, if possible."

I just got off the phone with tech support. It is not possible for a user to update a TWC modem and they automatically receive push updates "for my convenience" from TWC. They recently pushed a speed update from 15 to 24 Mbps (it's ok), but the Wi-Fi is unbelievably crappy. I'm sitting 5 feet away from the device, looking right at it and my phone can barely pick up any signal to check my email. Watching YouTube, streaming music or Wi-Fi calling is not an option. I know the answer is to buy my own modem. I learned that is one of first steps to get back a little bit of the privacy that was recently vaporized.

In the fine print TWC says "Sure! You can buy your own modem. But we will continue to charge you a lease fee after you give our modem back. No discounts are available, because the lease is lumped into the fees."

Up until now, the expense of buying a good modem while still paying for a shitty one stopped me from buying my own modem. I don't have a choice anymore.

I am experienced, but I have never done this before. Can someone suggest a decent router + Wi-Fi + modem (preferably at Micro Center) for around $ cheap? What specs should I look for in reviews? How do I set it up to be secure? I just learned that the modem must be 'activated' to connect to my ISP. TWC tech support offered to help me activate my new modem, but I am worried that their 'help' will probably include some spyware 'for my convenience'.

TWC has a list of compatible modems. I'm probably over thinking this. I read a few reviews, but I don't understand networking specs. Are these okay? Seeing as I am a 1 person house and my ISP can only give me 24 Mbps, top speed is not my priority, reliability and privacy are. I also plan to get PIA VPN services.

Don't buy an AIO device. Get the modem that's just a modem, then buy a good wireless router or a good access point and spin up you a pfsense box. It'll be more secure and work better than having an AIO.

7 Likes

Your ISP still controls the equipment upstream of your modem, and a lot of metadata is sent in the clear. Your ISP can see it if they really want to whether you control your modem or not. So the modem would actually be pretty low on my list of things important to privacy.

If you're going to depend on a device such as this for security, you will want a device from a manufacturer which provides clear end-of-support dates for their products and publishes patched firmware in a timely manner whenever vulnerabilities are identified in those products up until that date. Unfortunately, such a thing doesn't really exist in the consumer market.

But if I had to give some advice, I would say disable UPnP.

Typically, 'activation' of your modem should just consist of adding the MAC address (or other unique ID) of your modem to the whitelist of equipment which is allowed to connect to the ISP's network. This is supposed to prevent people from getting internet access without paying for it.

Thank you for your replies.

I'm sorry but you guys are still way over my head (and my needs) with these suggestions. They sound great for enterprise. Is all that stuff needed for a single user in a small apartment to access the internet? Won't my tin foil hat be sufficient?

I never bothered to look into pfSense until now. All I know about it is I see a lot of threads where other L1T members are having problems getting it to work. It seems like hunting mosquitoes with a bazooka for my requirements. What other benefits would a pfSense box provide to a single user like me? I guess my 1st move should be to watch @wendell 's video's about pfSense. I was never interested before.

Thanks for the clear explanations.
I know I have seen that before in the router config, but I have no idea what UPnP is.


My online needs are minimal. All I do is read the news, buy stuff on Amazon, watch YouTube and play Rocket League. I know that my shopping and news habits are what the ISP's most want to data mine. It seems like silly overkill to setup all of this gear just because I am paranoid about the results of a virus scan.

It's not that I am adverse to learning or experimenting with the unknown. But as an engineer, networking is not my field of expertise. If I am forced to learn networking , I might forget how to design welds.

A typical home router uses Network Address Translation (NAT) to allow devices on the local network to share one public IPv4 address. A side-effect of NAT is that devices out on the internet cannot initiate connections to devices behind the router. This is sometimes considered a security feature and "firewalls" are often confused with NAT for this reason, especially since often in the home the same device will do both.

When a device on your network needs to be able to accept connections from the internet (i.e. it wants to act as a server), you can configure "port forwarding" on your NAT device to pass the connection through. One of the features of UPnP ("universal plug and play") is that devices on your network can automatically configure this for you. Presumably firewall rules will also be created to allow the connection through, or else this would not be very useful.

However, if there is a malicious device on your network, it can abuse this feature to allow unwanted connections to itself or potentially other devices, defeating any security provided by the router. In other words, UPnP should only be enabled on the router if you totally trust all devices on your network.

1 Like

I didn't check until just now, but the warning that Avast gave you for CVE-2013-0229 actually relates to the UPnP service, and would probably be mitigated by disabling it. Ironically, the vulnerability could be considered less severe than the insecurity-by-design of the intended functionality of UPnP. Edit: the second one, CVE-2013-0230, is also related and much more severe. You should definitely disable UPnP in the modem if you have enough access to do so, then redo the scan and see if the warning goes away.

This also a good example of what I pointed out before, that makers of consumer electronics (or the ISP) often don't provide the necessary support for their products to be secure. In this case, the problem has been known for over four years and still has not been patched on your modem.

I know this will be controversial to some, but since you suspect your issues to be stemming from the recent legislation I would be remiss if I didn't try to warn you against buying and using WiFi.
It has been known as far back as the 90's that WiFi signals have a damaging effect on cells and can cause cancer.

Right, and that's no problem, I don't expect everyone to have or want to spin up their own stuff. Just buy yourself a good wireless router and you can be done just fine. You're about right though, it's a shotgun approach at privacy, but it works.

Edit: But we're always here to help out if you do decide to take that approach. Don't feel alone in the endeavor.

1 Like

Thanks. That's why I love this site.

You are awesome for resolving my issue!


I watched the video about making a pfSense box and the hardware seems simple enough. When Wendell started going into the configuration I got overwhelmed by all the acronymitis and started to zone out. Because I'm an engineer I hate tinkering with stuff if I don't know exactly what an acronym means and what it does.

I don't really have much of a network. My PC, my phone and occasionally I plug a PC I am repairing or of a friend visiting into my modem, always with a cable. Now I mostly want a new modem because connecting my phone to the TWC device is intermittent.

However I did check out another pfSense video about a tiny device sold by Netgate. The sg-1000 microfirewall is only $150 and includes 1 year of pfSense Gold, a $99 value. Essentially it is a 2 port pfSense box powered by a custom Raspberry Pi. The reviewer said it worked well, but when doing the (just as confusing) config the 1-core ARM CPU was a little slow. Something like this might be okay for me once I learn more about setting up pfSense configs.

https://netgate.com/products/sg-1000.html

I refuse to rent a modem from Comcast, but this company has throttled my speed claiming my DOCSIS 3.0 modem is End Of Life and that I will only get the speed I pay for if only I would just break down and rent one.
I have never gotten what I pay for from this horrible corporation, just lies.

Looks like you have solved it; you can always plug in another router to the cable modem's lan port and leave upnp on, configuring everything individually or manually on your new router. Don't mess with MAC address cloning if it confuses you, just use the second router on top of the first one and maybe DMZ the new router.

As previously stated, avoid the modem/router combos like STD's.

This one you linked under it

is lame at that price. What determines the amount of throughput on modems is how many dedicated QAM channels for the Down/Up it supports. That one is only 8/4, where this one, that is only 5$ more

Has 32 on the down and 8 on the up. This is significantly more throughput.

So the more, the better.

Lastly, just make sure the modem supports DOCSIS 3.0 and those are really the only 2 requirements for a good modem.

Far as I can remember you go out and buy a modem/router, the motorola surfboard for example, then you call up your ISP and after waiting a day and a half on hold you tell them you want to activate your modem. If I remember right they ask for your router's MAC address.
I did this 4 years ago or so with comcast so my information might be incorrect at this point.
Sorry if I am just repeating what the rest of you folks said, I have difficulty reading the text on this site.

There will be a list of known compatible modems* that your ISP certifies as compatible. Many others will probably also work.

You just plug it in to the same coax port and call them up, they should be able to activate it. Then obviously you can return the leased one and stop getting charged the monthly fee. Then obviously you'll also need your own router then too, or need to purchase a "wireless gateway" or 2 in 1 model.

As to the priacy aspects I'm not sure, not tech savvy enough to be helpful there

But I worked at comcast for a little while, shouldn't be any different at ATT. Look for the list of compatible devices then go from there.

1 Like