Canadian Broadband → Re: GPON security concerns vs cable

From what I understand of cable networks, because the modems are all authenticated, it becomes harder (not impossible) for someone to put a device to capture all info from the local segment. I'm sure there's also encapsulation on the cable as well with some encryption (I hope)

The GPON\ONT is a curious question because if you just had a media changer to go from SM fibre to cat5/6 and just plugged it into a computer, what could you get from a network capture.

Bell still uses PPPoE for profile and connection info over FTTH so you'll have some encapsulation there but still curious. I'll try this one day if I get my hands on a media changer.

From what I gather, the ONT is doing some kind of filtering. It gets all the frames but filters out everything not destined to this particular ONT.
I'd think that to eavesdrop in this particular context, it would take a rogue ONT that would not filter any frame out?

I don't want to try it myself, I'm curious and want to know more about the possibility and finding out how easy/hard it is to accomplish to better understand how serious of a security concern this could be.

I'm sure its about as much a security concern as its for someone getting onto your home network via WiFi if it's behind a proper WPA2 passkey: almost irrelevant.

I'm sure its completely doable with someone invested the time, funds and effort into attempting to eavesdrop on a HFC or GPON network. But how likely is that? Where's the motivation?

If the a government ministry or agency wanted your information, they'd just go to your ISP instead of snooping, if the ISP was willing.

Criminals? Yeah... they're gonna rather attack a target where there's some financial or substantial gain. There's easier ways for fishers or Nigerian "royalty" to get a hold of bank information too.

So unless you've pissed someone off that's really knowledge in networks, I don't think you have much, if any, to fear from someone eavesdropping on your connection if its HFC or GPON.

In any case, my thinking has always been, if someone is really concerned about privacy, they shouldn't have a home internet connection and not sign up social media networks, email services, etc. Expecting absolute privacy and security of privacy on the internet is a pipe dream.

Since the signal from a GPON is not Ethernet, you're not going to get anything from a media convertor. A media convertor is to convert the media (fiber) to another media (copper.) It is not a protocol convertor.

I'm pretty sure Bell is using EPON, with Internet on VLAN 35, TV on VLAN 36 and telephone on (if I remember...) VLAN 34.

Unless they're encapsulating over ATM, which would be odd...

GPON uses GPON Encapsulation Method (GEM) to carry whatever other L2/L3 protocol goes on top so there is nothing strange about Bell using Ethernet-over-GEM which appears to be the standard application.

Almost exactly the same happens on cable where Ethernet gets framed over DOCSIS.

Gotcha.

Bell is GPON.