Tap vs Lightning Strike

Earlier this year my lab suffered a near lightning strike. A tree right outside the lab was struck by lightning, causing damage to multiple electronic and electrical devices outside and inside the building.

Outside, the lightning disabled an exterior lighting system and my phone lines. Inside, the lightning took a severe toll on the lab. The cable modem to the outside world was destroyed. The NIC on the lab firewall facing the cable modem was fried, along with a second NIC in the firewall. The NIC on a sensor watching a tap between the cable modem and firewall was also destroyed. So far, this is a grim story.

I have one good piece of news to report, and it involves the tap I mentioned sitting between the cable modem and firewall. The tap survived the lightning strike. More precisely, the tap continued to pass traffic even when its monitoring interface was damaged.

Had the tap been receiving traffic from the modem or firewall, it would have continued to pass it. This truly amazed me. Frequently monitoring practitioners worry that inserting a tap in their network architecture will introduce a single point of failure. In my experience, all of the components around the tap are more likely to fail. A well-engineered tap will continue to pass traffic -- perhaps even when struck by lightning!

The tap that survived my lab lightning strike was built by Net Optics. Congratulations to the Net Optics engineering and manufacturing teams for building quality hardware.

Comments

Joel Esler said…
Disclaimer:

Net Optics does not claim that their taps can survive a lightning strike, tornado, or any other strange act of God.

kthnkx.

/jk
Anonymous said…
Um so?

You are a big tap proponent - we get it. But I fail to see this as a reason for or against a tap. There are good and bad reasons to use a tap, a machine acting as a bridge, or a monitor port on a switch. I don't see your experience of the consumer grade cable modem getting blown to bits as relevant to pro's or cons list of any of the options.
John Ward said…
Rich,

Any device that "survives" a lightning strike should be treated with 0 confidence. Just because it still "works", doesn't mean its still working correctly. Take it from someone who worked in a TV/VCR repair shop. There are lots of small components in them that will cause issues that may not manifest themselves immediately. Diodes, Transisters, and IC chips are incredibly notorious for it. And most of these modern devices use flashable PROMS, programable gates, etc that are even more susceptible due to static sensitivity. I'd recommend getting a new one.
Anonymous said…
Maybe so John, but if it's passing frames and the FCS is correct, then I think it's safe to assume it's doing it's job. Atleast for now...
jbmoore said…
This is an old trick and physics backs it up. Tie some overhand knots in the cabling/phone line to the modem/dsl router. If the lightning comes from the outside via phone line, electrical induction will cancel out the current surge when it hits the knot. This was in a Minasi PC repair book I read about 10 years ago.Minasi claims that it saved a modem from a lightning strike after he tried it.
John Ward said…
This comment has been removed by the author.
John Ward said…
This comment has been removed by the author.
John Ward said…
When I was still working at the shop, we would usually get at least 3-4 months of steady business after big lightning strikes. It was usually a combination of people putting off getting immediate repairs, or sets working for a few months afterwards. Usually, voltage regulators and recitifer bridges would break down quicker due to something frying, usually a capacitor or resister. When one of those goes, a circuit "may" still operate, but not necessarily within tolerance. While the circuits and IC's that handle the frame captures and routing are still recieving the 5-10 V DC required to operate, that doesn't mean the power supply is operating 100% within tolerance. Especially if a component fried before the VR. Remember, Voltage Regulators are usually rated for several volts above the supplied voltage (example: a 9 volt VR will take as an input anywhere from 12 to 50 volts). So if you fried a resistor before the VR, it may still operate for a time, until the circuit breaks down. It's all well and good until you smell an electrical fire.

I'd recommend at the very least, replace the wall wart that came with it, if not scrapping the device entirely.
sithcookie said…
I don't see why everyone is having such a problem with this. Lighting strikes, a bunch of equipment gets fried. Except for this one piece. He writes about it, and everyone shoots him down.

Think of it this way: If this had been a production enviornment, with phones ringing off the hook and a bunch of angry users, you wouldn't be sitting there saying "well, it's working, but we should probably replace the A/C adapter that came with it, just in case some flashable EPPROM got scrambled". No, you would just be happy that it was working as you started fixing everything else around it that failed.

sheesh.
John Ward said…
Not worried about the flashable proms in the tap, Im more worried about the voltage regulator, recitifer bridge, and step down circuits being fried. Since its in a lab, who cares about accurate results, I'd be more worried about the fact that its in his house, he has children, and is a fire hazard. I think that outweighs any theoretical thoughts of "angry users". Im not shooting the guy down, Im speaking from experience in a situation where a guy has a lab in a house with children.
Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics