[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sending mail via a script

On 7/18/19, David Wright <deblis@lionunicorn.co.uk> wrote:
> On Thu 18 Jul 2019 at 08:27:47 (-0000), Curt wrote:
>> On 2019-07-17, Dan Ritter <dsr@randomstring.org> wrote:
>> >>
>> >> Fibre is point-to-point, and any interference with it will cause a
>> >> significant drop in received signal, which will be investigated.
>> >
>> > And it will be located swiftly, thanks to time-domain
>> > reflectrometry:
>> >
>> > https://en.wikipedia.org/wiki/Optical_time-domain_reflectometer
>> >
>> I don't know, man.
>>
>> http://www.fods.com/optic_clip_on_coupler.html
>> https://www.linkedin.com/pulse/edward-snowden-cyber-espionage-fiber-optic-tapping-jabulani-dhliwayo

You might not be able to find a clip on coupler with tdm but I'm not
so sure about the rest.

>>  Once an attacker gains access to bare fiber on the victim’s network,

Which takes a lot of practice
  https://joshruppe.com/fiber-optic-tapping-mid-span-fiber-access/
or access to a fiber splice tray.

>> he can  clamp the tool and collect enough detectable optical power
>> without inducing enough loss in the network to alert the network administrators.

My guess is that if the network admins are monitoring rx power levels
on their fiber ports it'll be noticed.

>> The stolen  light is detected, converted from optics to electrical pulses using an
>> E-O
>>  converter and then analyzed using suitable network analysis software.
>>  Wireshark, free software typically used by network administrators for
>>  troubleshooting, is used to view contents of transmitted packets.

There isn't a whole lot you're going to see with wireshark these days.
2013? sure.  Now?  not so much.

> As usual, quotations have been beheaded and context lost:
>
>>   On Wed, 17 Jul 2019 21:50:47 +0100 mick crane <mick.crane@gmail.com>
>> wrote:
>>    "I have wondered about this, the actual infrastructure. I've
>>     noticed that the fiber optic cable is in places strung along with
>>     the electricity pylons. Presumably if you could somehow attach to
>>     that then you could be anybody?"

Not if the link is encrypted.  Otherwise it depends on if the network
is taking precautions against spoofed traffic (eg. unicast reverse
path forwarding check enabled).

But even if your "be anybody" traffic was allowed in, the chances are
really good that you wouldn't see the return traffic.

> Does viewing give you the means of a MITM attack?

Clearly not.  But if you could inject traffic then maybe you could win
the race and inject your spoofed traffic before the real stuff gets
there.

Regards,
Lee
Reply to: