[BBLISA] Wired to wireless?
Dean Anderson
dean at av8.com
Mon May 3 22:30:02 EDT 2010
Hi Scott,
It depends on the technology, and to what extent you (or the cracker)
are willing to go to to get neighboring traffic. In every case, at some
level of effort, the answer is always: yes, given some caveats, though.
On Cable/DOCSIS networks, the answer is yes, but the standard CPE won't
show it to you. The cable provider won't be happy to discover anyone
mucking about with home-brew DOCSIS equipment, that is, _if_ they
discover it. (think pirate cable boxes--they do exist).
On DSL networks, it depends on the choices made by the carrier. DSL
carries ethernet over ATM. So you little DSL box has an ATM config.
Change that, and you can see different providers if you know/guess the
VCI/VPI config numbers. Most of the time, basically, you are on a big
ethernet switch. Standard switch-spoofing techniques apply. VZ in NE
(where I'm at uses PPPoE to dynamically authenticate and assign IP
numbers, and can timeout the PPP connection when you aren't sending
traffic. But its still a big ethernet switch on top of the DSL/ATM
layer.
FIOS is probably the same, but fiber tapping is an uncommon skill. It is
possible to tap fiber by bendig the fiber and capturing excess light
without breaking the connection. There is a common belief by 'spurts'
that fiber is impossible to tap, but like a lot of those "common
beliefs", the beliefs aren't actually based in true fact, but only on
the mere fact that the 'spurt' just doesn't have the skills or knowledge
necessary. In theory, a single photon could be sent where a tap would be
detected. But in practice, real lasers send many millions of photons per
bit of data, and there is no way to determine if some were lost due to
tapping.
One can't encrypt everything in IP. DNSSEC can still be spoofed. And
most people don't verify the certificates used on SSL connections.
A T1 can be easily tapped if you are but willing to open a manhole cover
or climb a pole. Microwave links (up to OC48) can be tapped by 'merely'
placing a satellite in orbit behind one of the towers (light and
microwaves go off into space, tangent to the surface of the earth).
Probably innumerable other ways to tap things, too. Your wired
connection isn't really any more secure than wireless. But for some
reason people are a lot more comfortable with wired. There is a reason
that banks/gvt/etc encrypt the links and don't depend on the security of
IP.
So use encryption and check that the certificates are the right
certificates. Nothing else matters: Not DNS, Not DNSSEC. Don't worry
about anything else. If there is spoofing of anything anywhere, the
cert won't be the right cert. If you didn't get the right cert, it
doesn't matter what was spoofed. If the certificate verifies, you are
good; not matter what.
But most likely, your neighbors on the block aren't looking at your
traffic.
--Dean
On Mon, 3 May 2010, Scott Ehrlich wrote:
> A question for the comm techies out there -
>
> You have a wired network via a major provider - comcast, verizon, rcn,
> etc, at your home.
>
> Your neighbor (someone on your street) also subscribes to the same
> provider. Can they see your traffic? Can you see theirs?
>
> I ask because I just don't trust wifi enough for home use. I am
> wondering, though, how far my information goes when it leaves my cable
> modem? How do the providers handle it - or is it under DOCSIS
> rules?
>
> If my data is isolated from me to the headend, protected from the
> neighbors or anyone else on the network, then I would feel a bit
> better.
>
> Thanks for any good educational insight on this. Depending on the
> answer, it _might_ help sway me to consider wifi at home.
>
> Scott
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>
>
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 256 5494
More information about the bblisa
mailing list