[Tfug] "Opening" a physical ethernet connection

Tyler Kilian vaca at grazeland.com
Mon May 27 21:00:01 MST 2013 

I'll add there are Ethernet grounding blocks to mitigate this issue.

On May 27, 2013, at 1:38 PM, Kramer Lee <krameremark1 at gmail.com> wrote:

> If you have a network line to an RJ-45 outside, and you pull the plug
> on the network switch, but this is during monsoon season, and that
> network cable is too close to a lightning strike, there is a good
> chance that enough lightning energy will go right through the switch
> and damage the network.  Direct strike lightning protection will
> significantly increase the cost of this project.  A quick disconnect
> network plug would be good for that application.
> 
> On 5/2/13, John M <hankscorpioarizona at gmail.com> wrote:
>> Anything remotely close would be an ethernet extension type of device or
>> transceiver that has a "switch on/off" capability.  But, I haven't see
>> something like that.  The "use a cheap switch and power it on/off" would be
>> your best bet.
>> 
>> On Wed, May 1, 2013 at 9:05 PM, Bexley Hall <bexley401 at yahoo.com> wrote:
>> 
>>> Hi Christopher,
>>> 
>>> 
>>> On 5/1/2013 8:20 PM, Christopher Robbins wrote:
>>> 
>>>> Ideally, I want to be able to "unplug" a "physical ethernet
>>>>>> connection" (i.e., a *cable*).  This prevents the service(s)
>>>>>> available on that connection from being accessed *and*
>>>>>> protects the fabric from "assault" (e.g., someone taking a
>>>>>> line cord and connecting it to the pins of the connector
>>>>>> thereby frying a port in an *expensive* switch).
>>>>> 
>>>>> What about routing your connection through a cheap switch[1], and
>>>>> 
>>>>>> power it via a wall switch.  Turn off the wall switch, the cheap
>>> 
>>>> switch looses power and cannot talk to the rest of the network.
>>>>> This only partially protects against your physical assault.  If
>>>>> someone did plug mains power into the RJ45, then you'd be out a $20
>>>>> switch, but not your fancier many-port managed switch on the other
>>>>> side.
>>>> 
>>>> I may be a little late to the party...This sounds like an ideal
>>>> solution.
>>> 
>>> Yes, I was just hoping for a "two port switch" (bridge) designed
>>> basically for this purpose.  I.e., if it is implemented robustly
>>> (read:  bug free) it could remain powered *on* but simply refuse
>>> to pass packets while a control input is "off", etc.  I.e., like
>>> a "managed 2 port switch" that can be commanded to pass/inhibit
>>> based on a signal supplied on a "pin"/control connector (so you
>>> don't have to send a packet to it to get it to "inhibit")
>>> 
>>> I suggested "yank the power" as this is relatively easy to control
>>> *and* the switch is supposed to be well-behaved in that unpowered state.
>>> 
>>> 
>>> Use cheap switches as an access layer, and shut the switches off as
>>>> necessary.  Do ports have to be unplugged via an on/off switch, or
>>>> is it okay if the connection is actually unplugged?
>>> 
>>> If unplugging is an option, then you (i.e., I) could just unplug the
>>> cable from the main switch and not need any such mechanism  :-/
>>> The means by which the port is isolated needs to be "securable".
>>> If an adversary can simply plug/unplug the cable/device/"protector"
>>> in and subvert its function then you haven't gained anything.
>>> 
>>> Ideally, you would locate the(se) device(s) someplace secure so
>>> the user/adversary is forced to deal with the interface that it
>>> wants to expose (while hiding the interface that it wants to
>>> *protect*!).
>>> 
>>> I'll have to see if I can reduce the cost of my "port module"
>>> on the switch (actually a very large router) and fabricate it
>>> in such a way that these are "disposable"... that way there are
>>> no outboard devices to maintain, cable, configure, etc.  It also
>>> means every port gets this same capability "for free".
>>> 
>>> 
>>> 
>>> ______________________________**_________________
>>> Tucson Free Unix Group - tfug at tfug.org
>>> Subscription Options:
>>> http://www.tfug.org/mailman/**listinfo/tfug_tfug.org<http://www.tfug.org/mailman/listinfo/tfug_tfug.org>
> 
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org

More information about the tfug mailing list