I work in the computer security industry, as many of you know, keeping a intruder out of a network is not easy. Keeping up with patching all devices on a network is also difficult. This does not include risk from unknown / zero day vulnerabilities. To have a better security position, security admins are looking for ways to better block outgoing network traffic in addition to using firewalls to block incoming traffic.
Blocking outgoing blacklisted IP addresses would be ideal, but for starters I wonder if there is a way to see the outgoing packets from the cable modem.
I wonder if there is any way to put a linux computer between the Cable Modem (CM) and the Cable provider (CMTS) using a splitter or something so that the linux computer can watch outgoing traffic. Since many cable modems have built in wifi, I would need the monitoring computer to sit between the CM and CMTS. Solution needs to work no matter what cable modem a user owns.
Looking forward to your expert wisdom!
It will depend on the CMTS in use. The Cisco CMTS has built in router. So I don't think it's possible to have something in between to monitor traffic.
Only the downstream traffic and as long as BPI isn't being used.
Leo