Slashdot Mirror

← Back to Stories (view on slashdot.org)

Misusing Ethernet To Kill Computer Infrastructure Dead

Posted by timothy on from the might-want-to-pull-out-some-of-these-cables-frank dept.

Some attacks on computers and networks are subtle; think Stuxnet. An anonymous reader writes with a report at Net Security of researcher Grigorios Fragkos's much more direct approach to compromising a network: zap the hardware from an unattended ethernet port with a jolt of electricity. Fragkos, noticing that many networks include links to scattered and unattended ethernet ports, started wondering whether those ports could be used to disrupt the active parts of the network. Turns out they can, and not just the ports they connect to directly: with some experimentation, he came up with a easily carried network zapping device powerful enough to send a spark to other attached devices, too, but not so powerful -- at least in his testing -- to set the building on fire. As he explains: I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Over a 3 meters cable I connected a network HDD and over a 100 meters cable I connected my “deathray” device. I decided to switch on the device and apply current for exactly 2 seconds. The result was scary and interesting as well. The network switch was burned instantly with a little “tsaf” noise. There was also a buzzing noise coming from the devices plugged-in to the network switch, for a less than a second. There was a tiny flash from the network HDD and the laptop stopped working. It is not the cheapest thing in the world to test this, as it took all of my old hardware I had in my attic to run these experiments. I believe the threat from such a high-voltage attack against a computer infrastructure is real and should be dealt with.

7 of 303 comments (clear)

  1. Stupid FUD by slacka · · Score: 3, Insightful

    If a malicious user gain physical access to your network, a high-voltage attack is the least of your worries. Network sniffers and other tools can quickly own your entire network doing far more monetary damage then some fried networking equipment.

    1. Re:Stupid FUD by TWX · · Score: 3, Insightful

      Not all interfaces that are patched are necessarily live. Not all interfaces that are patched will let just any MAC address on to the network. Not all interfaces that will let one new MAC address on to the network will allow for MAC table flood attacks as they will cut-off the interface if too many MAC addresses attempt to use the interface too quickly. There are means to reduce the problem if one wants to take the time to implement and maintain them, and if the organization will hire enough people to do the job.

      --
      Do not look into laser with remaining eye.
  2. Re:Surge suppressor by penguinoid · · Score: 3, Insightful

    Yup! But then there's two questions
    1) will the surge protector protect against this device
    2) who has surge protectors on each of their ethernet ports?

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  3. Re:Simon Travaglia would be proud by JMJimmy · · Score: 3, Insightful

    Hammer breaks computer hardware! News at 11.

    Fire destroys shit! OMG

    I mean seriously, yes this is possible but you could do damage to a network in innumerable ways. Until the problem is actually happening there's no sense protecting against it. At most I could see someone trying this with a school network to get out of having to do a test or a disgruntled employee... it's not going to be a frequent thing.

  4. Re:Running power through wires shock!! by Anonymous Coward · · Score: 5, Insightful

    Or they're disconnected at the switch end in the wiring closet until needed.

  5. Re:Running power through wires shock!! by Anonymous Coward · · Score: 3, Insightful

    " If you're following Information Security best practice you shouldn't have any unconnected sockets in your office"

    As in, "If you're following Information Security best practice you shouldn't provision for expansion or unexpected demand".

    Sure.

    No, you provision sockets and wire them to the network room. Then you have a bundle of unpatched terminals in the panel. Someone authorized comes in and needs the socket you patch in to the switch and it goes live. When they're done you remove the cable and the socket is dead again. 5 seconds on either end protects your network from unauthorized devices

  6. Re:Simon Travaglia would be proud by Anonymous Coward · · Score: 2, Insightful

    Google is your friend.

    No. Google pretends to be your friend. Big difference. Luckily there are less devious alternatives. Stop saying "Google" when you mean "search the web". Thank you :-)