[Tfug] "Opening" a physical ethernet connection

John Hubbard ender8282 at yahoo.com
Wed May 1 19:20:12 MST 2013 

On 5/1/2013 4:33 PM, Bexley Hall wrote:
> On 5/1/2013 4:17 PM, Bender wrote:
>> Why don't you really tell us what you are trying to do?
>
> Ideally, I want to be able to "unplug" a "physical ethernet
> connection" (i.e., a *cable*).  This prevents the service(s)
> available on that connection from being accessed *and*
> protects the fabric from "assault" (e.g., someone taking a
> line cord and connecting it to the pins of the connector
> thereby frying a port in an *expensive* switch).

What about routing your connection through a cheap switch[1], and power 
it via a wall switch.  Turn off the wall switch, the cheap switch looses 
power and cannot talk to the rest of the network. This only partially 
protects against your physical assault.  If someone did plug mains power 
into the RJ45, then you'd be out a $20 switch, but not your fancier 
many-port managed switch on the other side.

If its vandalism that you are worried about I'd ask you to really think 
about whether someone plugging mains into an rj-45 is that likely.  What 
is the technical knowledge needed to plug mains power into RJ-45.  Does 
your average vandal have that much technical knowledge.  The only place 
that I'd worry about knowledgeable vandals is high school technology 
classes.  Realistically, if those are your opponents,  I'd give up.  
Whatever you do I suspect you'll loose that battle.  Those guys are crafty.

I'd be happy to see this discussion devolve into a discussion about how 
best to attack a 'hardened' network...  Its bound to be interesting.

[1] 
http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&N=100010066+4093+0&QksAutoSuggestion=&ShowDeactivatedMark=False&Configurator=&IsNodeId=1&Subcategory=30&description=&hisInDesc=&Ntk=&CFG=&SpeTabStoreType=&AdvancedSearch=1&srchInDesc=

-- 
-john

To be or not to be, that is the question
                 2b || !2b
(0b10)*(0b1100010) || !(0b10)*(0b1100010)
         0b11000100 || !0b11000100
         0b11000100 || 0b00111011
                0b11111111
255, that is the answer.

More information about the tfug mailing list