Re: Fiber optic vampire taps

[Bennett Todd <bet () rahul net>]

I believe, if my memory isn't failing me, that I read mention of
this a few years back; perhaps research in AT&T? The cladding does
indeed have to be stripped clear, baring the naked fiber. Then the
fiber is carefully, delicately bent past its minimum rated radius of
curvature, in a little jig that holds a receiving fiber positioned
to pick up the light as it leaks out.

I suspect impedence matching would be tough, so I suspect the end
result would have a very low signal level. I don't know whether some
sort of optical amplifier, or perhaps custom NIC hardware with a
higher-than-usual sensitivity listening device, would be required to
actually decode the tapped the light.

I've never heard of these gizmos being available commercially.

This situation is why many regard fiber as intrinsically fairly
secure.

In principle, a detector could report on received light levels with
enough sensitivity to detect a successful attack on the fiber.
Another grade of kit I've not heard of for sale.

Perhaps it would be easier to do your own manual attenuation;
perhaps deliberately coil a little of the fiber at one end, gently
tightening the coil (past minimum recommended radius of curvature)
until the attenuation causes actual packet loss, then backing off
slightly; if you had a fiber that just _barely_ didn't work, any
attempt to tap it would push it badly into packet loss, so normal
network monitoring should be able to detect a tapping attempt.

The traditional solution, when you are concerned about such, is to
armor the whole fiber run in pressurized conduit, set alarms to go
off if the conduit pressure changes, then post guards keeping a
close enough watch to prevent someone from setting up a pressure box
to set up their tap.

-Bennett

Attachment: _bin
Description: