Slashdot Mirror

← Back to Stories (view on slashdot.org)

Misusing Ethernet To Kill Computer Infrastructure Dead

Posted by timothy on from the might-want-to-pull-out-some-of-these-cables-frank dept.

Some attacks on computers and networks are subtle; think Stuxnet. An anonymous reader writes with a report at Net Security of researcher Grigorios Fragkos's much more direct approach to compromising a network: zap the hardware from an unattended ethernet port with a jolt of electricity. Fragkos, noticing that many networks include links to scattered and unattended ethernet ports, started wondering whether those ports could be used to disrupt the active parts of the network. Turns out they can, and not just the ports they connect to directly: with some experimentation, he came up with a easily carried network zapping device powerful enough to send a spark to other attached devices, too, but not so powerful -- at least in his testing -- to set the building on fire. As he explains: I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Over a 3 meters cable I connected a network HDD and over a 100 meters cable I connected my “deathray” device. I decided to switch on the device and apply current for exactly 2 seconds. The result was scary and interesting as well. The network switch was burned instantly with a little “tsaf” noise. There was also a buzzing noise coming from the devices plugged-in to the network switch, for a less than a second. There was a tiny flash from the network HDD and the laptop stopped working. It is not the cheapest thing in the world to test this, as it took all of my old hardware I had in my attic to run these experiments. I believe the threat from such a high-voltage attack against a computer infrastructure is real and should be dealt with.

8 of 303 comments (clear)

  1. Re:Simon Travaglia would be proud by Falconhell · · Score: 5, Informative

    Yep, in the 90's
    https://en.m.wikipedia.org/wik...

  2. Re:Surge suppressor by TWX · · Score: 5, Informative

    Even more importantly there are lightning arrestors that are designed to provide a ground-path for lightning when it strikes an outside-mounted AP, camera, or manages to find an underground or aerial pathway between buildings outside of the building's cone of protection, and they even have models that can allow PoE to traverse the device. I'm not sure what happens with lower voltage and amperage though, where the threshold for the device failing-safe and shunting to ground is, nor am I sure of what happens to the cable itself if 120V or 240V with a theoretical maximum of around 20A for household outlets is applied. The Cat5/5e/6/6a cabling is rated to 600V, but 26AWG to 24AWG wire is not very large and cannot handle the same current as a 12AWG wire for the same amount of time. My assumption is that even with a lightning arrestor it'd probably melt the cable up to that arrestor before the electrical circuit breaker shuts off the service to the outlet being used to cause this.

    There's a good reason why it's against code to install high voltage wiring and low voltage cabling in the same pathway.

    I'm actually curious how much protection is built into the switch. Typically a certain number of ports are grouped to an ASIC, and the switches have to be able to handle a degree of dirty signal anyway, so it's possible that a single household high voltage spike might not hurt the switch or might only burn out a few ports as one ASIC cooks-off. I'm not exactly going to test this out though.

    --
    Do not look into laser with remaining eye.
  3. Re:Simon Travaglia would be proud by Falconhell · · Score: 5, Informative

    Original episode from 94

    http://bofh.ntk.net/BOFH/0000/...

  4. Re:Surge suppressor by __aaclcg7560 · · Score: 3, Informative

    From my experience with surge protectors on UPSes, a 1Gb connection is reduced to a 10/100Mb connection. Not sure if that has changed in recent years.

  5. Re:Simon Travaglia would be proud by rainwalker · · Score: 5, Informative

    Yep. Etherkillers have been around since forever. The oldest link I could find in 30 seconds is one one from 1999, but I'm sure I had one before than, and I certainly didn't come up with the concept. It's nice that he re-invented the etherkiller, but man, Google is your friend.

  6. Re:Running power through wires shock!! by Tailhook · · Score: 3, Informative

    If you're following Information Security best practice you shouldn't have any unconnected sockets in your office, and they should be audited at least every 3 months.

    So you've raised the bar for the attacker from "zap any random RJ45 jack" to "unplug something and zap that RJ45 jack"? Or am I missing something?

    --
    Maw! Fire up the karma burner!
  7. optocouplers by Spazmania · · Score: 4, Informative

    Which switch? The expensive ones are supposed to have optocouplers on the data ports to prevent just this sort of problem. You kill the port but the switch (and everything attached) lives on.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    1. Re:optocouplers by msauve · · Score: 4, Informative

      No, regular Ethernet (i.e. copper) connections are almost always transformer isolated. A typical spec for the isolation they provide is 1500 VRMS for 60 seconds. But, even if using optoisolators weren't cost prohibitive, they only increase the breakover voltage, which doesn't prevent someone from causing deliberate damage using even higher voltages.

      If you want to avoid the issue, use fiber connections instead of copper.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law