I have been thinking . . . (dangerous, I know
)
So take a typical UK deployment of GPON, equivalent to that which Alex (A* UK) has recently been connected. Let us consider the hardware of that optical circuit. At the head-end building there are OLTs. Those OLTs have many line-cards. There are many SFP/SFP+ optics plugged into the line-cards. There is one particular optic to which is connected a single-mode fibre that exits the building and, ultimately, reaches a 1:32 splitter. From that splitter one single mode fibre eventually reaches the ONT in Alex's domain (via a CBT and an aerial drop).
If I am remembering correctly, the optics plugged into the OLTs' line-cards use the 1490 nm wavelength for the "go" (transmit) and the 1310 nm wavelength for the "return" (receive). The (up to 30) ONTs use the inverse; the 1310 nm wavelength for the "go" (transmit) and the 1490 nm wavelength for the "return" (receive).
When a new ONT is commissioned its serial number is registered with the OLT to which it is ultimately connected and the ONT is given permission to send (transmit) by its OLT peer in a particular time-slot.
Suppose that there is an evil doer.
Evil doer wishes to DoS the PON. All evil doer needs to do is to obtain an optic equivalent to that used on the OLT's line-cards. Insert the optic into a simple media convertor (such as a
Planet GT-905A). Connect the optic to the fibre where an ONT would normally be connected and power on the media convertor.
If there is sufficient optical coupling across the splitter, Alex's ONT and the (up to) 28 other ONTs connected to the PON will be "blinded" by the signal from the evil doer's optic on the 1490 nm wavelength.
End result -- DoS for all connected to that PON.