dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2775
rockwell4
join:2012-11-27

rockwell4

Member

Tapping fiber

I've read that it's not easy to tap an FTTP line, but it looks like if you crack open the ONT, you could simply insert an 1x2 splitter and voila! Would someone please explain why this isn't possible? Optical splitters are cheap on Amazon. How much of the signal (if any) would be available?

Dream Killer
Graveyard Shift
Premium Member
join:2002-08-09
Forest Hills, NY

1 edit

Dream Killer

Premium Member

the way pon works is through passive splitters and the ont discards downstream data not meant for that ont. upstream data works in a round robin basis through tdma.

i assume vz encrypts the signal to prevent eavesdropping. as for why you can't simply drop in a splitter and add another ont, it's probably becasuse each ont has to authenticate.
nh5
join:2006-01-21
Old Bethpage, NY

nh5 to rockwell4

Member

to rockwell4
Hopefully this becomes a interesting thread, I've seen sporatic posts throughout the web about ONT modification, wondering if its possible to clone a ONT or determine if Verizon is actually encrypting our data.
buckweet1980
join:2011-12-31
Saint Petersburg, FL

buckweet1980

Member

Plus to even do this would require hardware that can tune to the different wavelengths in use.. That kind of hardware isn't cheap at all.

Cost alone would prevent most people from doing it.
McBane
join:2008-08-22
Wylie, TX

McBane

Member

It's not like that's your standard ethernet FDDI cable. Maybe physically, but the ONT turns it into your standard ethernet signal, it comes in as a PON signal that only the ONTs can use.

Why would you want to split that FTTP cable yourself anyway? You would just need another ONT, and Verizon wouldn't let you do that yourself to begin with. They have to provision that new ONT before they let you on the network. It's not like you can just split and start stealing cable like the old coax networks.
rockwell4
join:2012-11-27

rockwell4

Member

I'll read up on commercial ONTs a bit, but it seems that it is a device that could be stolen or purchased. Given that you have a 2nd ONT, and the aforementioned cheap splitter, could you surreptitiously capture traffic? Moreover, since the ONT gets multiple customers' signals as part of the PON traffic, could you tune the 2nd ONT and see other customer traffic? Thanks!
serge87
join:2009-11-29
New York

serge87 to rockwell4

Member

to rockwell4
I know we're talking in hypotheticals but isn't this illegal or at the minimum against VZ TOS?

nycdave
MVM
join:1999-11-16
Melville, NY

nycdave to rockwell4

MVM

to rockwell4
said by rockwell4:

I'll read up on commercial ONTs a bit, but it seems that it is a device that could be stolen or purchased. Given that you have a 2nd ONT, and the aforementioned cheap splitter, could you surreptitiously capture traffic? Moreover, since the ONT gets multiple customers' signals as part of the PON traffic, could you tune the 2nd ONT and see other customer traffic? Thanks!

No, not possible.

birdfeedr
MVM
join:2001-08-11
Warwick, RI

birdfeedr to rockwell4

MVM

to rockwell4
said by rockwell4:

since the ONT gets multiple customers' signals as part of the PON traffic, could you tune the 2nd ONT and see other customer traffic?

It's easier to get a wiretap order then just feed the mirrored signal straight from the CO.

There isn't a great enough need to do so to feed the budget required to brute force the system. Cheaper to buy a judge.
McBane
join:2008-08-22
Wylie, TX

McBane to rockwell4

Member

to rockwell4
On PON networks the traffic is encrypted between the ONT and OLT (Head end router). Even if you split and sniffed the traffic you would need a quantum computer to decrypt it, which is something that is not readily available unless you are a research scientist. Same concept as how the cable internet networks operate, just much different on the physical layer since we're not using coax here for delivery.
rockwell4
join:2012-11-27

rockwell4

Member

Thanks McBane. Does GPON offer/do the same encryption as BPON?
Expand your moderator at work
McBane
join:2008-08-22
Wylie, TX

McBane to rockwell4

Member

to rockwell4

Re: Tapping fiber

Yes basically everything BPON and above offers the encryption, which is everything Verizon uses for FiOS since they currently only deploy BPON and GPON.
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona to rockwell4

Member

to rockwell4
I don't know if it would be encrypted, but I'd think there's some sort of 'authorization' of the ONT that happens at time-of-turn-up.. I'm sure the ONT has some sort of unique identifier, like a MAC -- and that unique identifier is then explicitly allowed to pass traffic over the fiber. I'm sure you couldn't take an ONT you found lying around, and stick it on a tap & have it work.. Like was said before, this is not like walking into a wiring closet, and plugging into a CAT5 jack, getting an IP, and off-you-go...
nh5
join:2006-01-21
Old Bethpage, NY

nh5 to McBane

Member

to McBane
considering how exploitable most DOCSIS networks are wouldn't be surprised if you could clone a ONT and get it online.
rockwell4
join:2012-11-27

rockwell4

Member

Thanks for the replies. While knowing how to do a tap isn't that important to me, I would like to understand at a technical level why it won't work. I need this to address executive worries. Thanks again.
prairiesky
join:2008-12-08
canada

prairiesky to rockwell4

Member

to rockwell4
fiber can be tapped, it happens all the time. even an unbroken fiber can be tapped. There is equipment out there that can detect if a fiber has been tapped and even if the cable has moved a mm.

Basically it comes out as light pulses. making sense of those light pulses is a completely different story.

is the signal usable? depends on the strength. adding in a splitter will drop it by just over 3 db. So if you're on the fringe, it could push you over the edge.
serge87
join:2009-11-29
New York

1 recommendation

serge87

Member

said by prairiesky:

There is equipment out there that can detect if a fiber has been tapped and even if the cable has moved a mm.

Interesting. Do you have any sources where I can learn more about this?

Navillus5
@verizon.net

Navillus5 to rockwell4

Anon

to rockwell4
FTTP networks are extremely secure. Cloning an ONT or "finding" a spare does nothing for you. Each ONT is authenticated to the PON fiber it is on. The authentication is from the OLT (CO side) to the ONT. The ONT can only talk to the OLT if there is a spare slot AND the OLT is expecting that ONT to be on the PON fiber. Until the OLT allows the ONT on the PON, no downstream information other than communication commands for authentication can be read. Once the OLT allows the ONT on to the PON system, it can only read the information intended for that ONT. So to truly "tap" the fiber, you need to be on the provisioning side of the system.

PoloDude
Premium Member
join:2006-03-29
Aiken, SC

PoloDude to rockwell4

Premium Member

to rockwell4
I think the bigger question you need to address with your executives is;
Why are they so concerned about someone going through the technical difficulties (also i'm sure breaking several wiretapping and business espionage laws) to get at their data. If they are still concerned, you then need to look at more secure ways at transmitting that data over the fiber. High level encryption etc.
OwlSaver
OwlSaver
Premium Member
join:2005-01-30
Berwyn, PA

1 recommendation

OwlSaver to rockwell4

Premium Member

to rockwell4
If security is your concern, I would not worry about the last mile - I would worry about the data once it leaves Verizon's network. Verizon (and AT&T) can offer you highly secure data/voice services, for a fee.
LFHC
join:2012-11-04
Collinsville, VA

LFHC to rockwell4

Member

to rockwell4
I seen this post and thought it was interesting, Something none of you have mentioned as far as being able to tap into a customers data you wouldn't need to ever touch the fiber Now I have never had FIOS but based on the ONT's they have a ethernet jack you could easily put a splitter there and have access to their network. someone correct me if im wrong, Like I said ive never had FIOS so that doing it that way might not be possible.
buckweet1980
join:2011-12-31
Saint Petersburg, FL

buckweet1980

Member

said by LFHC:

I seen this post and thought it was interesting, Something none of you have mentioned as far as being able to tap into a customers data you wouldn't need to ever touch the fiber Now I have never had FIOS but based on the ONT's they have a ethernet jack you could easily put a splitter there and have access to their network. someone correct me if im wrong, Like I said ive never had FIOS so that doing it that way might not be possible.

Very valid statement and ethernet sniffing is easily done. For most installs the ONT is within the user's premises, so physical access has to be gained inside the home/facility. There are times that they are installed externally, but once again physical access close to the user premises has to be gained.

danclan
join:2005-11-01
Midlothian, VA

danclan

Member

#1 You would need the ethernet port to be active -it's usually not
#2 If it was active you would need to hide the splitter and any run away from the ONT since its pretty visible when additional wires are coming out of it.

Security of the ONT and its fiber or copper is the least of your concerns when a little social engineering and spyware installed on your PC would grant me far more and better access than any tap would.

battleop
join:2005-09-28
00000

battleop to buckweet1980

Member

to buckweet1980
If there is a certain risk vs. reward expensive equipment may be a good investment. It may be out side of the reach of an average hobby hacker but not for someone who has criminal intentions.

PoloDude
Premium Member
join:2006-03-29
Aiken, SC

PoloDude

Premium Member

If someone wants your data , there are far better ways to get it then tapping your FiOS line. The only thing that can be gotten from that is live data transmissions. Think of the REAMS of data that is flowing at any time on a business circuit.