5

Can a DSL or cable wire between my modem and the ISP be manipulated in any way at the hardware level to sniff the traffic data? For example by neighbours with physical access to the wires in a big appartment complex, a previous renter or a landlord?

So would it for any 3rd party be possible to access data from either a DSL or a cable line if they had access to it? If so, how would they do it, what information could they get and how could i prevent it?

I'm asking specifically about private bad actors, not the ISP itself or government levels.

Zimulak
  • 61
  • 5
  • Theoretically this should be possible as DSL does not incorporate any security. But the faster your DSL connection is the more expensive the necessary equipment gets for wiretapping a DSL connection. I would expect several thousand USD for such an equipment. For TV cable systems there is some security implemented as multiple users share the same line and without the security it would be possible to receive the data of all users connected to the same wire segment. – Robert Nov 04 '21 at 19:52
  • Apparently cable can be ARP-spoofed. – user253751 Nov 05 '21 at 09:25
  • Ask the opposite question: "is packet sniffing DSL impossible?" Since the answer is obviously "no", the answer to this question is obviously the opposite of that answer. – Ian Kemp Nov 05 '21 at 14:14

1 Answers1

10

Can a DSL or cable wire between my modem and the ISP be manipulated in any way at the hardware level to sniff the traffic data?

In theory, yes - the data isn't encrypted and the line code isn't a secret either.

In practice, that isn't too easy however. You could use off-the-shelf parts to terminate the DSL line, bridge to Ethernet and then create another DSL line towards the ISP (classic MitM). The Ethernet link in the middle can be easily tapped into and data can even be manipulated.

Alternatively, you could build custom hardware to tap into the line directly. Due to the non-trivial line codes the DSL variants use that would require quite sophisticated circuitry. This path can only provide readability, no manipulation.

The technical situation for cable modems (DOCSIS) is somewhat similar. In contrast to DSL, DOCSIS already provides provisions for encryption - how hard that encryption actually is depends on your ISP and can vary significantly (56-bit DES to 128-bit AES, albeit with only 1024-bit RSA). Without considerable background information, I wouldn't depend on that encryption.

In real life, neither method is very affordable. It's likely easier to try to break Wi-Fi encryption or even break into the house and tap an Ethernet cable.

what information could they get and how could i prevent it?

Everything that isn't properly encrypted. Make sure you encrypt all your sensitive data - use HTTPS, SSL/TLS, IPsec, ... - and protect your gear from being tampered with (to prevent an unauthorized root CA certificate from being installed).

Of course, all that is valid in respect to third parties - anyone who needs to physically tap your connection. Someone who's already within the loop - your ISP, your governmental authorities (depending on country) or similar don't have to put up with physical limitations but can much more easily tap into any flow.

Zac67
  • 386
  • 2
  • 8
  • Thanks very much for your answer. The MitM attack could then just read the data, right? Or could that link be used somehow to manipulate the data stream and ie send me to a malicious site? So I could stop any attempt by simply using a VPN? – Zimulak Nov 05 '21 at 06:36
  • 1
    @Zimulak I've added these aspects to the answer. Yes, proper VPN prevents all these venues, as does any proper encryption. – Zac67 Nov 05 '21 at 06:52
  • Is there any advantage to choosing a cable connection over DSL concerning this, if you had the choice? Or are they both unencrypted and manipulatable with the same difficulty level? – Zimulak Nov 05 '21 at 10:14
  • 1
    Very roughly, yes. DOCSIS directly supports encryption but within a wide range (56-bit DES to 128-bit AES, albeit with only 1024-bit RSA). For practical reasons, I wouldn't really make a big difference. – Zac67 Nov 05 '21 at 10:31
  • 4
    @Zimulak: Personally I'd say it does not actually matter – I'd consider link-layer encryption only "nice to have" but not something to rely on. If your data is not encrypted at a higher layer (e.g. TLS or SSH or IPsec) and you're relying just on link-layer encryption, then you'd have to worry about whether every single hop is tap-resistant (Wi-Fi from computer to modem, DSL from modem to the DSLAM that's ~500m away, fiber from the DSLAM to the ISP, fiber from one ISP to another…) In contrast, TLS or IPsec are end-to-end (at least mostly) and ensure security all the way to the server. – user1686 Nov 05 '21 at 10:32
  • Frankly, in many countries think it's worth considering that your connection is already effectively sniffed and MITM'd by your ISP and update your threat model accordingly. For example, the [lawful interception](https://en.wikipedia.org/wiki/Lawful_interception) requirements of many states effectively boil down to tapping all PPPoX sessions (c.f. Ciso's product guide on the subject, which permits tapping on layer 2 and layer 3 by default: https://www.cisco.com/c/en/us/td/docs/routers/10000/10008/feature/guides/lawful_intercept/10LIovr.html) – Landak Nov 05 '21 at 11:45
  • Thanks for all the information, it helps me a lot. I suppose in practice if you wanted to do a security check and wanted to include a check of wire manipulation the only way would be to visually check all accessible parts of the wiring? Or is there a technical solution? – Zimulak Nov 08 '21 at 08:25
  • 1
    @Zimulak There's only so much you can do with inspecting a deployed cable - depending on its length and path it might not even be possible really. In practice it's much easier to rely on encryption. – Zac67 Nov 08 '21 at 08:53
  • Sorry for picking your brain so much :) I'm in the process of evaluating risks and try to get an as realistic assessment as possible. If bridging to ethernet would be the least complex way to tap a DSL wire - what time and monetary expenditure are we talking about for an attacker to pull this off? And what kind of professional/education profile would be required? Could this be done with standard computer science knowledge? – Zimulak Nov 08 '21 at 18:55
  • 1
    @zimulak There's a pretty wide range. While VDSL bridges are widely available (~150€), ADSL or SDSL masters (the DSLAM side) are much harder to get by - I'd venture something like 1000€. There's no special education required, any enthusiast or network professional should be able to pull that off. Tapping in without giving away any hints on the link would be considerably harder though and would require an expert. – Zac67 Nov 08 '21 at 19:02
  • But you said it's not very affordable to do so and easier to break WIFi encryption? – Zimulak Nov 08 '21 at 19:32
  • 1
    .@Zimulak Yes - you'll need to get to the cable first and then again, 'affordable' is very relative. 'Breaking Wi-Fi encryption' can get very hard as well, unless the devices have weaknesses or - very commonly - the setup is flawed (weak passwords or protocols). However, attacking wireless encryption can be done from a distance, without pressure and without a trace. – Zac67 Nov 08 '21 at 19:58
  • Would an attacker still get my ip address if I'm using a VPN? Cause I'm thinking the ISP would still need connection to my modem and that connection can't run through the VPN tunnel. – Zimulak Nov 09 '21 at 07:59
  • 1
    I think there's a misunderstanding. A VPN connection creates a virtual network link as an overlay network. You can use that link for any kind of routing. If you route your Internet access through VPN and use a remote WAN gateway, any external service would see that gateway's IP address (assuming IPv4 SNAT) and not the one from your local WAN gateway. – Zac67 Nov 09 '21 at 08:04
  • But even when using a VPN the ISP must somehow connect to my modem. So there must be any data like an IP address, a MAC address or similar sent to the ISP that identifies my modem, that could then be used by an attacker who tapped my wire to try and directly hack my modem, right? So if anyone taps a wire there's the danger that he could try to attack my modem directly, right? – Zimulak Nov 09 '21 at 09:54