Security Basics mailing list archives
Re: Fiber optic vampire taps
From: "Talisker" <offthecuff () lineone net>
Date: Tue, 24 Dec 2002 10:22:47 -0000
Hi Fibre can be tapped, the first and most noticeable is to break the fiber insert your TAP and then re-enable the circuit. Intrusion Inc demonstrated a pretty cool Fiber TAP to me at http://www.intrusion.com/products/technicalspec.asp?lngProdNmId=39&lngCatId= 4 There are 2 problems with doing this covertly, the first is that the circuit has to be broken, but as you can fusion splice 4 new tails on in around 1 minute this will just be seen as a glitch by most and be ignored. However, most fiber circuits do have records regarding their losses which are available for scrutiny and can be compared, introduction of a fusion splice, if my memory serves me correctly, will introduce around 3dB loss. That is when I do a fusion splice experts reduce this significantly almost to the point where there is no significant loss. Optical Time Domain Reflectometers (OTDR) will graph losses over distance, this is a great security tool and you can see splices and TAPs in line. However, unless the losses are significant you need a benchmark OTDR graph for each fiber. Furthermore, fibers do degrade over time, especially in areas with X-Ray radiation (hospitals etc) therefore it would be difficult to identify if an anomaly was malicious or just degradation. As an OTDR plots over distance you can see where the problem is ie 300' from point A Back to the original question, vampire TAPs are feasible by removing the cladding and bending the fiber such that the refractive index is altered allowing some light to escape. 2 years ago when I asked an expert the same question I was told that the multiplexing and complex makeup of channels make it very difficult to reconstitute meaningful data, especially as today's bandwidth increases. Vampire TAPs are detectable with an OTDR. I used to use fiber transceivers which would alarm if the signal strength dropped, but after 12 months of 900 devices with 600KM of fiber alerting, the false positive rate was unmanageable. Hope this helps take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "Alvey Robert W KPWA" <AlveyRW () kpt nuwc navy mil> To: <nick () systemsecuritysolutions com>; <security-basics () securityfocus com> Sent: Monday, December 23, 2002 10:47 PM Subject: RE: Fiber optic vampire taps
In order to tap into a fiber line you have to break the sheath. The
signal
is entirely optic, if you don't break the sheath you can't even see the signal. However, even if someone does decide to break into it then
they've
got another problem, exactly how to do it, it's extremely difficult
because
any sort of tapping into the signal seriously degrades the link, that's if it doesn't go down entirely, and it would be immediately noticeable if someone was tapping into your fiber line. -----Original Message----- From: Nick Iglehart [mailto:nick () systemsecuritysolutions com] Sent: Friday, December 20, 2002 3:41 PM To: security-basics () securityfocus com Subject: Fiber optic vampire taps -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a client who has a fiber optic line between two buildings. There is no physical security and so they are concerned about someone tapping into the fiber line and capturing data. I read something a while back about tapping fiber optic lines without breaking the sheathing and now I can't seem to find anything but vague references to it. I have googled for hours and checked the sf archives
with
no luck. Anyone have any references to this? Any help is appreciated. Nick -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPgOqcKq/UK5/FuEgEQJrawCgqX64DN0KqFv4h373stMEcU70vB8AoMZ3 9YU6ysv+TwubV0jkbfAJ3K5n =LoN2 -----END PGP SIGNATURE-----
Current thread:
- Fiber optic vampire taps Nick Iglehart (Dec 23)
- Re: Fiber optic vampire taps Bennett Todd (Dec 23)
- RE: Fiber optic vampire taps David (Dec 30)
- Re: Fiber optic vampire taps Lee Brink (Dec 23)
- Re: Fiber optic vampire taps Brad Arlt (Dec 24)
- RE: Fiber optic vampire taps Bruce De Witte (Dec 24)
- Re: Fiber optic vampire taps Alessandro Bottonelli (Dec 30)
- <Possible follow-ups>
- Re: Fiber optic vampire taps Chris Berry (Dec 23)
- RE: Fiber optic vampire taps Alvey Robert W KPWA (Dec 23)
- Re: Fiber optic vampire taps Talisker (Dec 24)
- RE: Fiber optic vampire taps Hornat, Charles (Dec 24)
- RE: Fiber optic vampire taps ktyler (Dec 24)
- RE: Fiber optic vampire taps Chris Berry (Dec 24)
- RE: Fiber optic vampire taps Jimmy Sansi (Dec 27)
- RE: Fiber optic vampire taps Nick Iglehart (Dec 30)
- Re: Fiber optic vampire taps Meritt James (Dec 31)
- RE: Fiber optic vampire taps Jimmy Sansi (Dec 27)
- Re: Fiber optic vampire taps Bennett Todd (Dec 23)
- RE: Fiber optic vampire taps Chris Berry (Dec 27)
- RE: Fiber optic vampire taps Chris Berry (Dec 30)
- RE: Fiber optic vampire taps ONEILL David J (Dec 30)
- RE: Fiber optic vampire taps James Lee Gromoll (Dec 30)