@Herby I also referred to the screenshot from @ElectricBoi, which is in English. #Peanuts I can only agree with you to a limited extent, as this is not allowed to happen with incumbents and the corresponding corporate identity (corporate wording). Someone probably translated freely instead of using the translation table.
@Rattenjunge wrote:
Were you somehow informed that your connection is now capable of 10 Gbit or did you simply test this yourself?
You will be informed and you will receive a kit. Otherwise it won’t work.
@Rattenjunge
I asked the call center directly and then ordered the corresponding module + fiber optic.
A week ago, when I selected the speed test in Internet Box 3, I was told that no speed test was available yet. Now the test seems to be working. It breaks off every now and then, or the display often jumps back to “0” when uploading, but I assume the data is somewhat correct. It’s crazy to think that about 4 years ago I was still on a copper cable with 3500kbit/s!
Yes, of course it’s just a gimmick, the PC and PS4 are only equipped with 1Gbit/s network cards and a few devices are connected to the WLAN. Nevertheless… I like fiber optic technology and Swisscom 🙂
Hello Chainsaw,
That’s the connection between IB3 and Swisscom Server. What kind of values do you get from the CN Lab Speedtest or similar?
Thanks and greetings
@Wunauckie53 probably +/- about [this one](https://community.swisscom.ch/t5/Internet-Allgemein/Erste-Experiences-mit-10-Gbit-s-XGS-PON- Anschluss/m-p/611787#M59252). But only if the PC on which the speedtest.net test was started has a network card > 1 GBit/s and it is connected directly to the 2.5 GBit port of the IB3 😉
@Wunauckie53 As kaetho writes, I only have devices with 1Gbit/s network cards. Of course, on Speedtest.net I always get around 900Mbit/s on the “optimal server” if I connect a laptop and other devices to the router and run the speed test on all of them at the same time, and such values everywhere. But I don’t have that many devices to create/test a permanent download of a total of 4 or 5 Gbit/s, for example. But with the connection between IB3 and server (router test) there are sometimes “only” 6000 Mbit/s in the evening, and then easily over 8000 Mbit/s late in the evening or at night depending on the load. Actually, I could have stayed with the old 1Gbit/s subscription because I rarely reach these limits, but in Kundencenter they made it palatable to me with “New 10Gbit/s”…
However, I don’t know whether I would have done it if I had found out about XGS-PON technology beforehand. Despite encryption and huge amounts of data, I have a bad feeling when my data is sent as a broadcast to up to 31 other sockets instead via the fiber optic directly into my apartment, but that’s probably unjustified paranoia on my part 🙂 And I haven’t really looked into the techniques 100% either. Still fascinating when I remember the 90s when people were still “dialed in” with the 56K modem…
I don’t find your risk considerations on the subject of broadcast completely absurd, but at least with
So ultimately it’s all a question of the quality of the Anschluss encryption used.
In addition, there is the actual connection encryption used for most data streams, e.g. SSL for website visits.
You should certainly never classify a risk as 0.0, but the additional data protection risk caused by XGS-PON can certainly be assessed as “ultra-mega-hyper” small.
Hobby-Nerd ohne wirtschaftliche Abhängigkeiten zur Swisscom
Thank you Werner for your explanation. I find it all incredibly exciting/interesting. And with 31 neighbors, if that many are attached to the “same Anschluss” at the same time, there would have to be a bad hacker who has the technology, the necessary knowledge and malicious intentions at the same time. And then I would have to do things via the Internet that would be interesting to a hacker or that he could do something with. Every WLAN is really more dangerous, or if I were a potential attack target, attackers would probably attack the PC / operating system directly before tinkering with an OTO box.
To be honest, I think the safety aspect is secondary. As far as I know, XGS-PON uses AES for US (upstream) and DS (downstream). I haven’t researched the implementation but regardless of the key length, I think the session keys are renewed regularly. Of course, the “Master Secret” exchange must also be designed to be secure, but since the standard is very young, I assume that it has been implemented using current methods. “DH” “PFS” are the keywords. This probably takes place when registering the ONT (end device/modem/router) on the OLT (“device” in the headquarters that manages the PON line/remote station), since the OLT also includes the new ONT in this process -Distribution must accommodate. (XGS-PON uses a “Time Division Multiplex” procedure, which means that each participant is provided with time slots)
If we now make a layout order:
- 32 participants (I assume that Swisscom always “tops up” if possible, otherwise it is less economical).
- Without access to the BEP (Building entry point), the shafts with the splitters or other physical access, it is only possible to listen to the encrypted download of the end devices.
- In order to intercept a line, you need specific hardware and corresponding software that also understand the XGS-PON protocol stack and can therefore extract the encrypted payload from the remaining traffic.
- With Brut Force I consider decrypting even with small key lengths (128bit) to be absolutely hopeless with the hardware available today. (I think you can vary the key length should this be fundamentally different in the future).
- There are no known attacks for the cryptographic methods used that I have found so far in the ITU standard document.
So in my opinion, even if you invest a lot of money in it, it is not possible today to decrypt traffic on an XGS-PON line for other participants. In addition, many activities are then encrypted again (e.g. on an HTTPS site, or STMPS, IMAPS, etc.)
In my opinion, the likelihood that one of your neighbors will exert this criminal energy is unlikely. In addition, what a potential attacker can gain should normally be in proportion to the effort he has to put in.
Anyone interested in the standard:
https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-G.9807.1-201606-I!!PDF-E&type=items
What I consider to be much more likely and problematic are disturbances of an unintentional or intentional nature. In a PONG strand you can easily put the entire PONG strand out of operation using very simple hardware with light in the right wavelength and it is very time-consuming for the operator to find the cause find. Especially if the splinters are not in the central office but, as usual, in some street shaft.
I think that may be one reason why Swisscom doesn’t have more than 32 participants connected on one line. But of course that’s just speculation, I have no contact with Swisscom and I’m outside the industry.
Thank you Chicheitti30 for this detailed and interesting answer and the link. Also the thing about wanted/unwanted disruptions. But the chance of something happening in this regard is really lower than many other things or “disruptive factors” or “security risks” that can happen. Still extremely exciting and interesting. I don’t work in this area, but I am extremely enthusiastic about modern technologies, especially when I remember 56K modems and the times back then 🙂