US Telco Support > Verizon > Verizon Fiber Optics > Tapping fiber

Tapping fiber

the way pon works is through passive splitters and the ont discards downstream data not meant for that ont. upstream data works in a round robin basis through tdma.

i assume vz encrypts the signal to prevent eavesdropping. as for why you can't simply drop in a splitter and add another ont, it's probably becasuse each ont has to authenticate.

reply to rockwell
Hopefully this becomes a interesting thread, I've seen sporatic posts throughout the web about ONT modification, wondering if its possible to clone a ONT or determine if Verizon is actually encrypting our data.

Plus to even do this would require hardware that can tune to the different wavelengths in use.. That kind of hardware isn't cheap at all.

Cost alone would prevent most people from doing it.

It's not like that's your standard ethernet FDDI cable. Maybe physically, but the ONT turns it into your standard ethernet signal, it comes in as a PON signal that only the ONTs can use.

Why would you want to split that FTTP cable yourself anyway? You would just need another ONT, and Verizon wouldn't let you do that yourself to begin with. They have to provision that new ONT before they let you on the network. It's not like you can just split and start stealing cable like the old coax networks.

I'll read up on commercial ONTs a bit, but it seems that it is a device that could be stolen or purchased. Given that you have a 2nd ONT, and the aforementioned cheap splitter, could you surreptitiously capture traffic? Moreover, since the ONT gets multiple customers' signals as part of the PON traffic, could you tune the 2nd ONT and see other customer traffic? Thanks!

reply to rockwell
I know we're talking in hypotheticals but isn't this illegal or at the minimum against VZ TOS?

reply to rockwell

reply to rockwell

reply to rockwell
On PON networks the traffic is encrypted between the ONT and OLT (Head end router). Even if you split and sniffed the traffic you would need a quantum computer to decrypt it, which is something that is not readily available unless you are a research scientist. Same concept as how the cable internet networks operate, just much different on the physical layer since we're not using coax here for delivery.

Thanks McBane. Does GPON offer/do the same encryption as BPON?

reply to rockwell

Re: Tapping fiber

reply to rockwell
I don't know if it would be encrypted, but I'd think there's some sort of 'authorization' of the ONT that happens at time-of-turn-up.. I'm sure the ONT has some sort of unique identifier, like a MAC -- and that unique identifier is then explicitly allowed to pass traffic over the fiber. I'm sure you couldn't take an ONT you found lying around, and stick it on a tap & have it work.. Like was said before, this is not like walking into a wiring closet, and plugging into a CAT5 jack, getting an IP, and off-you-go...

reply to McBane
considering how exploitable most DOCSIS networks are wouldn't be surprised if you could clone a ONT and get it online.

Thanks for the replies. While knowing how to do a tap isn't that important to me, I would like to understand at a technical level why it won't work. I need this to address executive worries. Thanks again.

reply to rockwell
fiber can be tapped, it happens all the time. even an unbroken fiber can be tapped. There is equipment out there that can detect if a fiber has been tapped and even if the cable has moved a mm.

Basically it comes out as light pulses. making sense of those light pulses is a completely different story.

is the signal usable? depends on the strength. adding in a splitter will drop it by just over 3 db. So if you're on the fringe, it could push you over the edge.

reply to rockwell
FTTP networks are extremely secure. Cloning an ONT or "finding" a spare does nothing for you. Each ONT is authenticated to the PON fiber it is on. The authentication is from the OLT (CO side) to the ONT. The ONT can only talk to the OLT if there is a spare slot AND the OLT is expecting that ONT to be on the PON fiber. Until the OLT allows the ONT on the PON, no downstream information other than communication commands for authentication can be read. Once the OLT allows the ONT on to the PON system, it can only read the information intended for that ONT. So to truly "tap" the fiber, you need to be on the provisioning side of the system.

reply to rockwell
I think the bigger question you need to address with your executives is;
Why are they so concerned about someone going through the technical difficulties (also i'm sure breaking several wiretapping and business espionage laws) to get at their data. If they are still concerned, you then need to look at more secure ways at transmitting that data over the fiber. High level encryption etc.
--
“My horse fights with me and fasts with me because if he is to carry me into battle, he must know my heart and I must know his or we shall never become brothers.
-Plenty Coups, Chief of the Crow”