RE: Network cables as security devices

["Andrew J. Luca" <andrewluca () mediaone net>]

In 1993 we did this at one of my former employers.  We initially tried and
failed just as you did and you are correct that this is due to the link
integrity checking present in most 10Base-T adapters.  There are a couple of
ways around this.  First, you could simply turn this off.  Many adapters and
workstations allow this to be set as an option.  The other choice is to use
an outboard transceiver (Yes, they still make these) through an AUI
connector.  You can cut the pins on the circuit board in order to prevent
the transmit back to the host.  This worked for us on a 10Base-2
transceiver.

        The other option with which we had limited success is to connect the other
pair to a false hub.  This way, the host has the ability to transmit but is
transmitting somewhere else.  This is a kludge but works to complete the
circuit in a way that the card will like.

        Your other option would be to figure out how to simulate the transmit
signal and install this circuit with proper resistance to simulate the other
hub.  This is cleaner but is much more complicated (and likely more
expensive) than the kludge.

Just my opinion.
Drew

-----Original Message-----
From:   owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]
On Behalf Of Bruce K. Marshall
Sent:   Wednesday, August 19, 1998 5:16 PM
To:     firewall-wizards () nfr net
Subject:        Network cables as security devices

I'm not sure that it has been mentioned on this list, but on several
occasions I have followed discussions where secure logging systems, IDS,
services, etc. needed additional security.  One piece of advice often
appears to be cutting the "transmit" wires in the network cable.

    At first glance it sounds logical and like a decent idea, especially if
your system doesn't need to respond to the data that is being sent to it.
However, upon actually trying this I met with utter failure.

    When dealing with normal twisted pair Ethernet cable you can usually
refer to EIA/TIA 568B as the wiring guide.  This standard states that you
utilize pairs 2 & 3 (the orange and green pairs) with pair 2 using RJ45
plug pins 1&2 and pair 3 using RJ45 plug pins 3&6.  Here is a rough ASCII
diagram (which probably won't show up correctly for half of you):

          1 2 3 4 5 6 7 8
        [ | | | | | | | | ]
        | T R T R T R T R |
         |               |
          ------___------

    The "T"'s and "R"'s represent tip and ring -- or transmit and receive
-- on the cable, so you could assume that by disconnecting pins 1 and 3 you
would only eliminate any unwanted transmissions by your system.

    In practice, this terminates all network traffic and not just
transmissions.  Disconnecting any one of the four wires results in no
connection at all to the machine.

    I assume that this is because of the link integrity check used for
Ethernet connections.  But my real question is whether anyone has actually
been able to get around this requirement.

    As a by-product of this exercise I believe I managed to create the
cheapest hardware based firewall in the industry.  For approximately $8 US
I purchased a toggle switch, two RJ45 jacks and a small project box that
allows you to turn on and off the network connection to a device of
segment.  Anyone who can't afford such luxuries will have to keep plugging
and unplugging cables. :)

    Thanks for the feedback.

--
Bruce K. Marshall, CISSP - bkmarsh () feist com - Feist Communications
      2424 S. St. Francis - Wichita, KS 67216 - 316-264-2248