[Tfug] "Opening" a physical ethernet connection

John M hankscorpioarizona at gmail.com
Thu May 2 07:45:06 MST 2013 

Anything remotely close would be an ethernet extension type of device or
transceiver that has a "switch on/off" capability.  But, I haven't see
something like that.  The "use a cheap switch and power it on/off" would be
your best bet.

On Wed, May 1, 2013 at 9:05 PM, Bexley Hall <bexley401 at yahoo.com> wrote:

> Hi Christopher,
>
>
> On 5/1/2013 8:20 PM, Christopher Robbins wrote:
>
>>  Ideally, I want to be able to "unplug" a "physical ethernet
>>>> connection" (i.e., a *cable*).  This prevents the service(s)
>>>> available on that connection from being accessed *and*
>>>> protects the fabric from "assault" (e.g., someone taking a
>>>> line cord and connecting it to the pins of the connector
>>>> thereby frying a port in an *expensive* switch).
>>>>
>>>
>>> What about routing your connection through a cheap switch[1], and
>>>
>> >> power it via a wall switch.  Turn off the wall switch, the cheap
>
>> switch looses power and cannot talk to the rest of the network.
>>> This only partially protects against your physical assault.  If
>>> someone did plug mains power into the RJ45, then you'd be out a $20
>>> switch, but not your fancier many-port managed switch on the other side.
>>>
>>
>> I may be a little late to the party...This sounds like an ideal solution.
>>
>
> Yes, I was just hoping for a "two port switch" (bridge) designed
> basically for this purpose.  I.e., if it is implemented robustly
> (read:  bug free) it could remain powered *on* but simply refuse
> to pass packets while a control input is "off", etc.  I.e., like
> a "managed 2 port switch" that can be commanded to pass/inhibit
> based on a signal supplied on a "pin"/control connector (so you
> don't have to send a packet to it to get it to "inhibit")
>
> I suggested "yank the power" as this is relatively easy to control
> *and* the switch is supposed to be well-behaved in that unpowered state.
>
>
> Use cheap switches as an access layer, and shut the switches off as
>> necessary.  Do ports have to be unplugged via an on/off switch, or
>> is it okay if the connection is actually unplugged?
>>
>
> If unplugging is an option, then you (i.e., I) could just unplug the
> cable from the main switch and not need any such mechanism  :-/
> The means by which the port is isolated needs to be "securable".
> If an adversary can simply plug/unplug the cable/device/"protector"
> in and subvert its function then you haven't gained anything.
>
> Ideally, you would locate the(se) device(s) someplace secure so
> the user/adversary is forced to deal with the interface that it
> wants to expose (while hiding the interface that it wants to
> *protect*!).
>
> I'll have to see if I can reduce the cost of my "port module"
> on the switch (actually a very large router) and fabricate it
> in such a way that these are "disposable"... that way there are
> no outboard devices to maintain, cable, configure, etc.  It also
> means every port gets this same capability "for free".
>
>
>
> ______________________________**_________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/**listinfo/tfug_tfug.org<http://www.tfug.org/mailman/listinfo/tfug_tfug.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20130502/14149c61/attachment-0002.html>

More information about the tfug mailing list