Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Networking Network Power Security

Misusing Ethernet To Kill Computer Infrastructure Dead 303

Some attacks on computers and networks are subtle; think Stuxnet. An anonymous reader writes with a report at Net Security of researcher Grigorios Fragkos's much more direct approach to compromising a network: zap the hardware from an unattended ethernet port with a jolt of electricity. Fragkos, noticing that many networks include links to scattered and unattended ethernet ports, started wondering whether those ports could be used to disrupt the active parts of the network. Turns out they can, and not just the ports they connect to directly: with some experimentation, he came up with a easily carried network zapping device powerful enough to send a spark to other attached devices, too, but not so powerful -- at least in his testing -- to set the building on fire. As he explains: I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Over a 3 meters cable I connected a network HDD and over a 100 meters cable I connected my “deathray” device. I decided to switch on the device and apply current for exactly 2 seconds. The result was scary and interesting as well. The network switch was burned instantly with a little “tsaf” noise. There was also a buzzing noise coming from the devices plugged-in to the network switch, for a less than a second. There was a tiny flash from the network HDD and the laptop stopped working. It is not the cheapest thing in the world to test this, as it took all of my old hardware I had in my attic to run these experiments. I believe the threat from such a high-voltage attack against a computer infrastructure is real and should be dealt with.
This discussion has been archived. No new comments can be posted.

Misusing Ethernet To Kill Computer Infrastructure Dead

Comments Filter:
  • by RogueyWon ( 735973 ) on Wednesday September 23, 2015 @10:21AM (#50582345) Journal

    This sounds like something ripped right from the BOFH stories...

  • Fiber (Score:3, Funny)

    by unixcorn ( 120825 ) on Wednesday September 23, 2015 @10:24AM (#50582387)

    Fiber optic cable to all devices would nullify this sort of attack.

  • Stupid FUD (Score:4, Insightful)

    by slacka ( 713188 ) on Wednesday September 23, 2015 @10:26AM (#50582401)

    If a malicious user gain physical access to your network, a high-voltage attack is the least of your worries. Network sniffers and other tools can quickly own your entire network doing far more monetary damage then some fried networking equipment.

    • by Luthair ( 847766 )
      This was my thought also. Effectively this is only vandalism and there are easier ways to cause monetary damage.
      • On it's own, yes. But it can be a powerful tool in a scenario where physical infiltration in required.

        Breaking into a CCTV monitored target all of a sudden becomes much easier if you can use this attack to fry the hub that the IP-Cameras are connected to. or the machines that power the surveillance monitors in the watchman's booth. Bonus points if security has been outsourced to a company that does monitor several facilities from a central office. Precious minutes gained while the team investigating why all

    • If a malicious user gain physical access to your network, a high-voltage attack is the least of your worries. Network sniffers and other tools can quickly own your entire network doing far more monetary damage then some fried networking equipment.

      An ISP or other service provider would suffer greatly from a attack like this on their hardware infrastructure that could result in considerable damage in the form of many pissed off customers. Damage to reputation has a cost as well.

      Sometimes the network switch IS the real-time revenue generator, so try not to assume what kind of attack would have a larger impact.

    • Re:Stupid FUD (Score:4, Insightful)

      by TWX ( 665546 ) on Wednesday September 23, 2015 @10:49AM (#50582625)
      Not all interfaces that are patched are necessarily live. Not all interfaces that are patched will let just any MAC address on to the network. Not all interfaces that will let one new MAC address on to the network will allow for MAC table flood attacks as they will cut-off the interface if too many MAC addresses attempt to use the interface too quickly. There are means to reduce the problem if one wants to take the time to implement and maintain them, and if the organization will hire enough people to do the job.
      • by Luthair ( 847766 )
        MAC filtering is pretty pointless, it provides about as much security as closing (not locking) your front gate at home to keep thieves out.
        • by TWX ( 665546 )
          And an analogy that doesn't actually explain the technical fault is useless.
        • by mlts ( 1038732 )

          Done right, it can be useful. Things like manufacturer MAC blocking and having one MAC per port is a way to ensure someone doesn't attach a switch or Wi-Fi AP to an internal network.

          On some networks like POS networks, it is one extra security measure, just because someone can't unplug a cash register, plug in their laptop and go at that segment. Not foolproof (as one can figure out the POS's MAC and spoof it), but it does stop the guy who wants to plug into a network jack because the public store wireless

    • by mlts ( 1038732 )

      My sentiments exactly. There is a lot more someone can do who has physical access, is willing to face felony level malicious mischief charges and is willing to end any chance of a meaningful career in IT (heck, a meaningful career anywhere, for that matter.) Just walking up to a rack and yanking all drives out will bring a data center to its knees. Yes, some data centers actually take the time to use the locks on the equipment, but most don't bother since the locks tend to be engineered to hold plastic b

    • Yeah, I don't think "malicious intruder" is the right way to cast this. I've been worried about precisely this problem for a different reason. One of my network cables goes to the roof to a parabolic antenna shooting wifi to another building. It occurred to me that a lightning strike hitting that antenna could ride up the continuous copper provided by the ethernet cables and switches and do a lot of damage to a lot of equipment. What's the best way to isolate the antenna from the rest of the network? A
      • by radish ( 98371 )

        I have cat-5 running through my attic and it does seem very sensitive to lightning. Don't think I've had any direct hits but at least 2 instances where there seems to have been a surge in one of the runs. Both cases resulted in burnt out ports on both the device and the switch, but no further damage. I have no idea what I can (easily) do about it.

    • by eth1 ( 94901 )

      If a malicious user gain physical access to your network, a high-voltage attack is the least of your worries. Network sniffers and other tools can quickly own your entire network doing far more monetary damage then some fried networking equipment.

      The thing is that this kind of attack can be done quickly and un-detectably. Some access-layer switch hardware has hundreds of ports. Ten seconds unobserved in a cubicle would be all you need to plug a cable with a mains plug at one end, and RJ45 at the other into the relevant ports, pull it back out, and stuff it back in your laptop bag. $1k per work area x 400 switch ports (plus the expensive switch) is a lot of money to go poof with 10 seconds of effort, not to mention the 400 people that will now be sit

    • If a malicious user gain physical access to your network, a high-voltage attack is the least of your worries. Network sniffers and other tools can quickly own your entire network doing far more monetary damage then some fried networking equipment.

      Exactly. If attackers want to physically destroy your network, there are a million different ways to do it. They could just as easily set the building on fire, or shoot out a power transformer. But their goal is to exploit it.

      Consider the evolution of malware.

  • More adoption of PoE will make this sort of thing even worse.

    • by TWX ( 665546 )
      How so? There are lightning arrestors that can allow PoE current levels to pass through. Old arrestors actually would block PoE, I know from experience retrofitting inter-building copper trunks...
  • Lightning strike fried the onboard NIC on one of my PCs once.
    • Lightning fried an entire sheriff's department I had the joy of supporting some years ago. Not just NICs, since most were built onto the motherboards. Not just switches, but UPSs, radios, telephone systems, lighting, even the main UHF antenna disappeared. They dispatched out of a car for a few days.

      We got their network and PCs replaced about 4 hours before the software people arrived and rebuilt the 911 system. The base station was replaced a half hour or so before we finished. Emergencies. God help me

  • by sinij ( 911942 ) on Wednesday September 23, 2015 @10:32AM (#50582459)
    I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Then I took my pen-testing device aka “hammer”. I decided to vigorously apply. the device to the switch and the laptop. The result was scary and interesting as well. The network switch was a heap of twisted metal after a lot of "banging" noise. It resisted the attack for considerable time due to hard metal shell. The laptop stopped working much faster, after only some application of the device. It is not the cheapest thing in the world to test this, but very satisfying. I believe the threat from such a blunt object attack against a computer infrastructure is real and should be dealt with.
    • The protection provided by the hard case can be bypassed by the use of a torsion device applied at the point where the metal plates are affixed to each other. The "screws" can be removed, or "driven" from the case.

  • It happens all the time.

  • Obviously there was a hole in one of his rigged cables and it let the smoke out of the interweb tubes.
  • by mlts ( 1038732 ) on Wednesday September 23, 2015 @10:44AM (#50582577)

    This is absolutely nothing new. Back in the early 1990s, I worked with a guy who had "adapters" which were 120VAC to coax Ethernet, 120VAC to serial, 120VAC to thicknet, and 120VAC to SCSI.

    One place I worked at had someone use customized surge suppressors on Ethernet drops that went from a public area to a private area, because they were afraid of this.

    This is nothing new... This is in the same category of stuff like sticking blobs of Superglue into the locks on a building as part of a "denial of service" attack.

    These days, the fix is easy... if really worried and wireless isn't an option, go with single mode fiber if concerned that someone is going to use a network drop for an attack. If someone blows out the NIC on the other end with a 100+ laser, it will only blow out the SFP.

    • by lowen ( 10529 )

      Given enough power on the transmit laser, you can blow out more than the sfp. Research the term 'fiber fuse' or watch https://www.youtube.com/watch?... [youtube.com] for a hilarious holiday themed destruction of fiber with excessive light. (There are other videos on youtube; this one is just too funny to pass up.

  • by nimbius ( 983462 ) on Wednesday September 23, 2015 @10:48AM (#50582613) Homepage
    in terms of networking, most 48 volt injectors have caps to dump 'high' voltages. standard network switching however might not expect potentially disastrous voltages. At best, you might be able to fry a switch-worth of connectivity for a few hours or a day but id expect that would be it.

    I ran into this problem in an industrial setting. part of the factory contained a particularly nasty unshielded induction furnace. the network card on the machine that controlled SCADA for that furnace had a cable run that was just close enough to pick up a current and fry about a motherboard a month. The solution was a fibre card, ironically provided by the furnace maker.
  • Normally there's a transformer on either end of the cable. Whatever they fed "2 seconds of current" through, it wasn't that. WTF.

    • by fisted ( 2295862 )

      Just to avoid ambiguity, of course the transformers are part of the PHY, not part of the cable.

  • ...means that you can destroy said hardware. What kind of news is that ?!?
    • by OzPeter ( 195038 )

      ...means that you can destroy said hardware. What kind of news is that ?!?

      It's click bait news to help sell the site to whoever the new owners will be.

      What does Dice care (if it ever did) about the quality of stories on here.

    • Well, it calls attention to something that I certainly wasn't sure about.

      Obviously, I have an ethernet port exposed in a building, I would certainly expect that if somebody applied current it would probably kill the switch.

      What I wouldn't have been certain about was what other impact it might have.

      The experiment showed that not only was the switch killed, but also another laptop connected to the switch, and not just that laptop, but also the external hard drive connected to the laptop.

      So the risk of an open

      • but also the external hard drive connected to the laptop.

        To be fair, the HDD was connected to the switch, not the laptop.

      • Yeah companies should think a bit about what could happen if something like a kiosk was connected to their network in a public area.

  • by RHenningsgard ( 4042591 ) on Wednesday September 23, 2015 @11:03AM (#50582767)
    A few years ago, I helped design and build a production-line test system for RJ-45 jacks, and the test spec required us to "HIPOT" test by applying 2,250 volts to the network connections with the shell grounded, verifying that there was no appreciable current leaked to ground. I assume from your description that you applied a fairly high current across the signal lines, which would certainly burn out the windings on the RJ-45 jack isolation transformer was at the other end of that specific cable. How you got the damage to propagate beyond a single RJ-45 termination is something of a mystery to me.
  • by KatchooNJ ( 173554 ) <Katchoo716@gmail . c om> on Wednesday September 23, 2015 @11:04AM (#50582787) Homepage

    Anyone here remember an old phone phreaker toy that would send a zap down a phone line to cook a modem or a phone and break some FCC laws at the same time? heh I remember them being nicknamed "Piss Boxes", but they may have had a more proper name. This is like a network Piss Box. heh

  • I was about to ask how come the spark wasn't stopped in its tracks by the optocouplers in the RJ45-to-board junctions. Then I read TFA (I know, right?!) and saw the pictures.

    I don't know what the voltage was, but to maintain a spark over a 5cm air gap I guess it was pretty high. That means optocouplers can't help if you can just jump over them. 5cm could easily cover a small switch, unless once it reaches another RJ45 it can jump another 5cm (i.e. it can cover as much distance as it pleases), in which case

  • Aside from etherkiller [fiftythree.org] being old, you could just as easily set the building on fire if you wanted to kill infrastructure.

    This requires you to be in the same building if not the same room as the device you are trying to kill. If you have physical access to a machine... etc...

  • by wonkey_monkey ( 2592601 ) on Wednesday September 23, 2015 @11:32AM (#50583029) Homepage

    Misusing Ethernet To Kill Computer Infrastructure Dead

    Great, you've killed it dead. Now I have to fix it alive.

  • Network switch? What kind? consumer? enterprise? I can shutdown unused ports on enterprise network switches. Does it still kill the switch if the shock is applied?

    This article was clickbait and nothing more.

    What's next? Aiming a water hose at a wireless access point?

  • You'd only be able to attack one circuit at a time, I suppose, but outlets are everywhere. Much easier to fry devices that way.

  • This reminds me back in the days of "phreaking" and "boxes" (eg red box, blue box, beige box), there was a rumored "blotto box" which amounted to attaching a generator to someones TNI or to a big green box and running for the hills.

  • Back in my day we called this a bullet. "Death ray" sounds megalomaniacal.

  • There's a BOFH reference or anecdote in there somewheres... Gotta be...

In 1750 Issac Newton became discouraged when he fell up a flight of stairs.

Working...