[sleepy_keita]

PON uses passive splitters to allow multiple access -- you can't disconnect a fibre at the office without also taking down the neighborhood you're sharing the physical fibre with. The article, as I understand it, is how it's trivial to bruteforce other sessions once you have root in the ONU.

[moe4joey]

Fiber can be connected at the PON usually, a lot of FTTH providers use splitters that are in a neighborhood. This is never done, for obvious reasons (usually the ONT is just set to a "locked" state if someone doesn't pay).

I'm not sure about how well these exploits would work on the fiber ISP I used to work - most of the protections for "bad" ONT behavior is related to the light (a laser being stuck on or something else) in which case the ONT will throw an alarm and be disconnected automatically and a technician usually goes out and replaces it, restarts it, or they fix the fiber itself.

There were some protections against malicious behavior as well, but you could certainly tell the vendor designed much more for physical issues with the ONT that could harm other customers rather than someone hacking the ONT.

(AFAIK our ONTs didn't have an HTTP interface, but they were a lot different than the ones mentioned in this write up and were controlled via proprietary vendor software - still interested to know if they were able to be owned like this)

[matt-p]

You have to assume an ont is rooted/third party when designing pon, this is pure bad design nothing more.

OLT should inject vlans based on Mac/ID of the ONT+pon port, the only real vulnerability in ones I've designed is if someone on the same pon knows someone else's SN and thier service was subscribed but ont unplugged.