Slashdot Mirror
Misusing Ethernet To Kill Computer Infrastructure Dead
Some attacks on computers and networks are subtle; think Stuxnet. An anonymous reader writes with a report at Net Security of researcher Grigorios Fragkos's much more direct approach to compromising a network: zap the hardware from an unattended ethernet port with a jolt of electricity. Fragkos, noticing that many networks include links to scattered and unattended ethernet ports, started wondering whether those ports could be used to disrupt the active parts of the network. Turns out they can, and not just the ports they connect to directly: with some experimentation, he came up with a easily carried network zapping device powerful enough to send a spark to other attached devices, too, but not so powerful -- at least in his testing -- to set the building on fire. As he explains:
I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Over a 3 meters cable I connected a network HDD and over a 100 meters cable I connected my “deathray” device. I decided to switch on the device and apply current for exactly 2 seconds. The result was scary and interesting as well. The network switch was burned instantly with a little “tsaf” noise. There was also a buzzing noise coming from the devices plugged-in to the network switch, for a less than a second. There was a tiny flash from the network HDD and the laptop stopped working. It is not the cheapest thing in the world to test this, as it took all of my old hardware I had in my attic to run these experiments. I believe the threat from such a high-voltage attack against a computer infrastructure is real and should be dealt with.
This sounds like something ripped right from the BOFH stories...
Fiber optic cable to all devices would nullify this sort of attack.
If a malicious user gain physical access to your network, a high-voltage attack is the least of your worries. Network sniffers and other tools can quickly own your entire network doing far more monetary damage then some fried networking equipment.
I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Then I took my pen-testing device aka “hammer”. I decided to vigorously apply. the device to the switch and the laptop. The result was scary and interesting as well. The network switch was a heap of twisted metal after a lot of "banging" noise. It resisted the attack for considerable time due to hard metal shell. The laptop stopped working much faster, after only some application of the device. It is not the cheapest thing in the world to test this, but very satisfying. I believe the threat from such a blunt object attack against a computer infrastructure is real and should be dealt with.
Even more importantly there are lightning arrestors that are designed to provide a ground-path for lightning when it strikes an outside-mounted AP, camera, or manages to find an underground or aerial pathway between buildings outside of the building's cone of protection, and they even have models that can allow PoE to traverse the device. I'm not sure what happens with lower voltage and amperage though, where the threshold for the device failing-safe and shunting to ground is, nor am I sure of what happens to the cable itself if 120V or 240V with a theoretical maximum of around 20A for household outlets is applied. The Cat5/5e/6/6a cabling is rated to 600V, but 26AWG to 24AWG wire is not very large and cannot handle the same current as a 12AWG wire for the same amount of time. My assumption is that even with a lightning arrestor it'd probably melt the cable up to that arrestor before the electrical circuit breaker shuts off the service to the outlet being used to cause this.
There's a good reason why it's against code to install high voltage wiring and low voltage cabling in the same pathway.
I'm actually curious how much protection is built into the switch. Typically a certain number of ports are grouped to an ASIC, and the switches have to be able to handle a degree of dirty signal anyway, so it's possible that a single household high voltage spike might not hurt the switch or might only burn out a few ports as one ASIC cooks-off. I'm not exactly going to test this out though.
Do not look into laser with remaining eye.
This is absolutely nothing new. Back in the early 1990s, I worked with a guy who had "adapters" which were 120VAC to coax Ethernet, 120VAC to serial, 120VAC to thicknet, and 120VAC to SCSI.
One place I worked at had someone use customized surge suppressors on Ethernet drops that went from a public area to a private area, because they were afraid of this.
This is nothing new... This is in the same category of stuff like sticking blobs of Superglue into the locks on a building as part of a "denial of service" attack.
These days, the fix is easy... if really worried and wireless isn't an option, go with single mode fiber if concerned that someone is going to use a network drop for an attack. If someone blows out the NIC on the other end with a 100+ laser, it will only blow out the SFP.
in terms of networking, most 48 volt injectors have caps to dump 'high' voltages. standard network switching however might not expect potentially disastrous voltages. At best, you might be able to fry a switch-worth of connectivity for a few hours or a day but id expect that would be it.
I ran into this problem in an industrial setting. part of the factory contained a particularly nasty unshielded induction furnace. the network card on the machine that controlled SCADA for that furnace had a cable run that was just close enough to pick up a current and fry about a motherboard a month. The solution was a fibre card, ironically provided by the furnace maker.
Good people go to bed earlier.
...means that you can destroy said hardware. What kind of news is that ?!?
Non-Linux Penguins ?
I need a citation for that Nortel claim. PoE at the source is capped 36 watts, which is something like seven tenths of an amp spread across all four pairs.
Do not look into laser with remaining eye.
Lightning fried an entire sheriff's department I had the joy of supporting some years ago. Not just NICs, since most were built onto the motherboards. Not just switches, but UPSs, radios, telephone systems, lighting, even the main UHF antenna disappeared. They dispatched out of a car for a few days.
We got their network and PCs replaced about 4 hours before the software people arrived and rebuilt the 911 system. The base station was replaced a half hour or so before we finished. Emergencies. God help me I love them so.
deleting the extra space after periods so i can stay relevant, yeah.
From my experience with surge protectors on UPSes, a 1Gb connection is reduced to a 10/100Mb connection. Not sure if that has changed in recent years.
A few years ago, I helped design and build a production-line test system for RJ-45 jacks, and the test spec required us to "HIPOT" test by applying 2,250 volts to the network connections with the shell grounded, verifying that there was no appreciable current leaked to ground. I assume from your description that you applied a fairly high current across the signal lines, which would certainly burn out the windings on the RJ-45 jack isolation transformer was at the other end of that specific cable. How you got the damage to propagate beyond a single RJ-45 termination is something of a mystery to me.
Anyone here remember an old phone phreaker toy that would send a zap down a phone line to cook a modem or a phone and break some FCC laws at the same time? heh I remember them being nicknamed "Piss Boxes", but they may have had a more proper name. This is like a network Piss Box. heh
"Never give up, for that is just the time and place when the tide will change." -Harriet Beecher Stowe ^_^
Yup! But then there's two questions
1) will the surge protector protect against this device
2) who has surge protectors on each of their ethernet ports?
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
I was about to ask how come the spark wasn't stopped in its tracks by the optocouplers in the RJ45-to-board junctions. Then I read TFA (I know, right?!) and saw the pictures.
I don't know what the voltage was, but to maintain a spark over a 5cm air gap I guess it was pretty high. That means optocouplers can't help if you can just jump over them. 5cm could easily cover a small switch, unless once it reaches another RJ45 it can jump another 5cm (i.e. it can cover as much distance as it pleases), in which case it can fry the switch and jump and fry all the connected devices, and other switches and their devices, until the voltage drops enough to be unable to do these jumps anymore.
That leaves this exercise for the reader: how much damage would a Tesla coil plugged into a switch in a datacenter do? :) Sure, it might look suspicious when you pull your truck next to the Ethernet port, but just imagine.
"Everybody's naked underneath" -- The Doctor
The OP mentioned an "Ethernet Taser" being plugged into the wall to take out the security guards. Hence, you need POE to power that device
On this planet, we have electrical potential storage devices we call "batteries".
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Or they're disconnected at the switch end in the wiring closet until needed.
90% of people who use the term "best practice" are idiots that couldn't independently think their way out of a wet bag.
" If you're following Information Security best practice you shouldn't have any unconnected sockets in your office"
As in, "If you're following Information Security best practice you shouldn't provision for expansion or unexpected demand".
Sure.
No, you provision sockets and wire them to the network room. Then you have a bundle of unpatched terminals in the panel. Someone authorized comes in and needs the socket you patch in to the switch and it goes live. When they're done you remove the cable and the socket is dead again. 5 seconds on either end protects your network from unauthorized devices
Misusing Ethernet To Kill Computer Infrastructure Dead
Great, you've killed it dead. Now I have to fix it alive.
systemd is Roko's Basilisk.
If you're following Information Security best practice you shouldn't have any unconnected sockets in your office, and they should be audited at least every 3 months.
So you've raised the bar for the attacker from "zap any random RJ45 jack" to "unplug something and zap that RJ45 jack"? Or am I missing something?
Maw! Fire up the karma burner!
You couldn't possibly be as stupid as you are trying to make yourself appear to be. She disabled the fucking Ethernet ports with a taser. She didn't plug a frigging taser into the Ethernet ports to disable securtiy guards. The OP never mentioned security guards. Again. No fucking security guards. You made them up, and now you are refusing to admit you made them up.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Which switch? The expensive ones are supposed to have optocouplers on the data ports to prevent just this sort of problem. You kill the port but the switch (and everything attached) lives on.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.