Firewall BEFORE the modem.

Would it be possible to purchase a firewall that comes before the modem? For example a fire wall that only accepts a coaxial cable or fiber optics.

Not sure how it would work but im thinking it would be able to block packets that arent coming from the isp or something. This way the MODEM is only interacting with the ISP.

There is a serious problem going around not many people know about and that is MODEM hardware hacking.

If anyone knows a great solution to the modem protection problem please let me know I really want to keep my modem safe.

 

If no fire wall exists that you can use as defence for your modem is there a modem that has a built in firewall to fight attacks against the network?

 

A lot of modems do include a firewall. All of the ISP supplied modems I've had also have a firewall in them. Unfortunately, all of these modems also have an undocumented open port that can't be closed by configuration. I'm not aware of any firewall that you can install ahead of a modem. If there was, I'm not sure if such a device would be that useful. There are modems available as PCI cards. Smoothwall used to have a DSL modem available through their site that could be made part of a hardware firewall. I've never tried it.

 

Thanks for the knowledgeable reply. I noticed a Cisco modem card today when i was looking for the answer. Do you think most ISP can let me use one?

 

I don't know if or how many have policies that require you to use their equipment. A residential service provider might prohibit you running a server and would be hesitant to let you use equipment that would make that possible. For the most part, you just need to duplicate the settings used by their modem. The hard part might be getting access to those settings. If you duplicate their settings and don't use it to defeat restrictions on how you use the service, it's unlikely that most ISPs would notice the change.

 

a modem integrated into a discrete firewall device will still operate in front of the packet filtering functionality built into said firewall. as far as compatibility, contact your cableco and ask them for a hardware compatibility list. most cablecos have a list of tested, compatible CPEs that can be used with their systems.

 

You should ask your ISP. You will need correct settings for modem and will probably have to inform ISP of new device, telling them new device's MAC address, so they can configure things on their site.

 

Hello,

There are no firewalls which go in front of the coax (aka WAN or HFC) connection of cable modems. For one thing, these might interfere with the ability of the cable provider to manage the modem.

Your best bet, as far as any security goes, is to probably invest in a DOCSIS 3.0 cable modem (assuming your cable provider support this latest version of the standard and allows you to provide your own modem), which they then become responsible for provisioning and managing.

Even when the cable modem is provided by you, the cable company is responsible for its settings and connectivity, and in the event of a hacking incident, they would be responsible, not you, for remediating it. Of course, you would probably still want to file a report with both local law enforcement and your state's public utilities commission (or its equivalent outside the United States) if you were the victim of a cable modem-based hack.

Regards,

Aryeh Goretsky