[Tfug] "Opening" a physical ethernet connection

Kramer Lee krameremark1 at gmail.com
Mon May 27 13:38:39 MST 2013


If you have a network line to an RJ-45 outside, and you pull the plug
on the network switch, but this is during monsoon season, and that
network cable is too close to a lightning strike, there is a good
chance that enough lightning energy will go right through the switch
and damage the network.  Direct strike lightning protection will
significantly increase the cost of this project.  A quick disconnect
network plug would be good for that application.

On 5/2/13, John M <hankscorpioarizona at gmail.com> wrote:
> Anything remotely close would be an ethernet extension type of device or
> transceiver that has a "switch on/off" capability.  But, I haven't see
> something like that.  The "use a cheap switch and power it on/off" would be
> your best bet.
>
> On Wed, May 1, 2013 at 9:05 PM, Bexley Hall <bexley401 at yahoo.com> wrote:
>
>> Hi Christopher,
>>
>>
>> On 5/1/2013 8:20 PM, Christopher Robbins wrote:
>>
>>>  Ideally, I want to be able to "unplug" a "physical ethernet
>>>>> connection" (i.e., a *cable*).  This prevents the service(s)
>>>>> available on that connection from being accessed *and*
>>>>> protects the fabric from "assault" (e.g., someone taking a
>>>>> line cord and connecting it to the pins of the connector
>>>>> thereby frying a port in an *expensive* switch).
>>>>>
>>>>
>>>> What about routing your connection through a cheap switch[1], and
>>>>
>>> >> power it via a wall switch.  Turn off the wall switch, the cheap
>>
>>> switch looses power and cannot talk to the rest of the network.
>>>> This only partially protects against your physical assault.  If
>>>> someone did plug mains power into the RJ45, then you'd be out a $20
>>>> switch, but not your fancier many-port managed switch on the other
>>>> side.
>>>>
>>>
>>> I may be a little late to the party...This sounds like an ideal
>>> solution.
>>>
>>
>> Yes, I was just hoping for a "two port switch" (bridge) designed
>> basically for this purpose.  I.e., if it is implemented robustly
>> (read:  bug free) it could remain powered *on* but simply refuse
>> to pass packets while a control input is "off", etc.  I.e., like
>> a "managed 2 port switch" that can be commanded to pass/inhibit
>> based on a signal supplied on a "pin"/control connector (so you
>> don't have to send a packet to it to get it to "inhibit")
>>
>> I suggested "yank the power" as this is relatively easy to control
>> *and* the switch is supposed to be well-behaved in that unpowered state.
>>
>>
>> Use cheap switches as an access layer, and shut the switches off as
>>> necessary.  Do ports have to be unplugged via an on/off switch, or
>>> is it okay if the connection is actually unplugged?
>>>
>>
>> If unplugging is an option, then you (i.e., I) could just unplug the
>> cable from the main switch and not need any such mechanism  :-/
>> The means by which the port is isolated needs to be "securable".
>> If an adversary can simply plug/unplug the cable/device/"protector"
>> in and subvert its function then you haven't gained anything.
>>
>> Ideally, you would locate the(se) device(s) someplace secure so
>> the user/adversary is forced to deal with the interface that it
>> wants to expose (while hiding the interface that it wants to
>> *protect*!).
>>
>> I'll have to see if I can reduce the cost of my "port module"
>> on the switch (actually a very large router) and fabricate it
>> in such a way that these are "disposable"... that way there are
>> no outboard devices to maintain, cable, configure, etc.  It also
>> means every port gets this same capability "for free".
>>
>>
>>
>> ______________________________**_________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/**listinfo/tfug_tfug.org<http://www.tfug.org/mailman/listinfo/tfug_tfug.org>
>>
>




More information about the tfug mailing list