On 7/18/19, David Wright <deb...@lionunicorn.co.uk> wrote: > On Thu 18 Jul 2019 at 08:27:47 (-0000), Curt wrote: >> On 2019-07-17, Dan Ritter <d...@randomstring.org> wrote: >> >> >> >> Fibre is point-to-point, and any interference with it will cause a >> >> significant drop in received signal, which will be investigated. >> > >> > And it will be located swiftly, thanks to time-domain >> > reflectrometry: >> > >> > https://en.wikipedia.org/wiki/Optical_time-domain_reflectometer >> > >> I don't know, man. >> >> http://www.fods.com/optic_clip_on_coupler.html >> https://www.linkedin.com/pulse/edward-snowden-cyber-espionage-fiber-optic-tapping-jabulani-dhliwayo
You might not be able to find a clip on coupler with tdm but I'm not so sure about the rest. >> Once an attacker gains access to bare fiber on the victim’s network, Which takes a lot of practice https://joshruppe.com/fiber-optic-tapping-mid-span-fiber-access/ or access to a fiber splice tray. >> he can clamp the tool and collect enough detectable optical power >> without inducing enough loss in the network to alert the network >> administrators. My guess is that if the network admins are monitoring rx power levels on their fiber ports it'll be noticed. >> The stolen light is detected, converted from optics to electrical pulses >> using an >> E-O >> converter and then analyzed using suitable network analysis software. >> Wireshark, free software typically used by network administrators for >> troubleshooting, is used to view contents of transmitted packets. There isn't a whole lot you're going to see with wireshark these days. 2013? sure. Now? not so much. > As usual, quotations have been beheaded and context lost: > >> On Wed, 17 Jul 2019 21:50:47 +0100 mick crane <mick.cr...@gmail.com> >> wrote: >> "I have wondered about this, the actual infrastructure. I've >> noticed that the fiber optic cable is in places strung along with >> the electricity pylons. Presumably if you could somehow attach to >> that then you could be anybody?" Not if the link is encrypted. Otherwise it depends on if the network is taking precautions against spoofed traffic (eg. unicast reverse path forwarding check enabled). But even if your "be anybody" traffic was allowed in, the chances are really good that you wouldn't see the return traffic. > Does viewing give you the means of a MITM attack? Clearly not. But if you could inject traffic then maybe you could win the race and inject your spoofed traffic before the real stuff gets there. Regards, Lee
