[AusNOG] Simon Hackett's presentation from Comms Day yesterday - NBN fibre on copper prices

John Edwards jaedwards at gmail.com
Mon Jul 22 13:45:25 EST 2013


On Mon, Jul 22, 2013 at 12:14 AM, Paul Brooks <pbrooks-ausnog at layer10.com.au
> wrote:

>
> > I am pretty sure the OLT can do something about this in 2013.
> Nope - upstream on GPON every terminal transmits upstream on precisely the
> same
> frequency, and the whole system relies on each one keeping to its timeslot
> so that
> only a single terminal's upstream laser is active at any moment. One rogue
> ONT
> activating its upstream laser out-of-sequence or on permanently will stomp
> over all
> upstream comms from every other terminal on that splitter, blinding the
> OLT receiver -
> and there's nothing the OLT can do about it.
>

I was referring to rate limiting - but why would someone continue to
operate a CPE that doesn't work? Today a rogue DSL CPE could potentially
put 240V AC on to the DSLAM, or blast 30Mhz of noisy VDSL2 for no good
reason, which would probably upset the experience of neighbours.

Presumably the "rogue" CPE would simply fail, at which time the user would
likely put it back in the box, provide a rant to ebay feedback and
grudgingly head to the nearest retailer for an "I told you so" replacement.

In the 1/20000 times this becomes an extended outage, it would be easy to
narrow down - one could logically disconnect the known behaving CPE's from
the network, providing a list of physical splitter ports to go and
disconnect. There's a big if about record-keeping for splitter ports here,
but it's not technically impossible.

Similar broadcast security scenarios have played out on FTTH networks
before, from rogue DHCP servers to wacky russian routers that copy the
nearest mac address (too bad if that happens to be the ISP's gateway!).
Granted - laser interference probably can't be solved in firmware on the
OLT.


> The security concerns with user-subverted
> GPON CPE are significantly greater as each CPE sees every packet destined
> to all the
> other CPE on the PON.


This concern still exists with managed CPE. Every NBN fibre connected
household is still sharing data with its neighbours whether the CPE is
registered on the network or not.

If someone is willing to go to the effort of subverting CPE, what stops
that same person from doing the same thing on today's NBN? Why risk hacking
"property of NBNco" boxes when others are available? Hacking consumer kit
sounds like doing it the hard way - just grab a GPON SFP and connect it to
something that supports wireshark.

John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130722/0c86ba84/attachment.html>


More information about the AusNOG mailing list