Firewall Wizards mailing list archives
RE: Network cables as security devices
From: "Andrew J. Luca" <andrewluca () mediaone net>
Date: Mon, 24 Aug 1998 08:41:48 -0400
In 1993 we did this at one of my former employers. We initially tried and failed just as you did and you are correct that this is due to the link integrity checking present in most 10Base-T adapters. There are a couple of ways around this. First, you could simply turn this off. Many adapters and workstations allow this to be set as an option. The other choice is to use an outboard transceiver (Yes, they still make these) through an AUI connector. You can cut the pins on the circuit board in order to prevent the transmit back to the host. This worked for us on a 10Base-2 transceiver. The other option with which we had limited success is to connect the other pair to a false hub. This way, the host has the ability to transmit but is transmitting somewhere else. This is a kludge but works to complete the circuit in a way that the card will like. Your other option would be to figure out how to simulate the transmit signal and install this circuit with proper resistance to simulate the other hub. This is cleaner but is much more complicated (and likely more expensive) than the kludge. Just my opinion. Drew -----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net] On Behalf Of Bruce K. Marshall Sent: Wednesday, August 19, 1998 5:16 PM To: firewall-wizards () nfr net Subject: Network cables as security devices I'm not sure that it has been mentioned on this list, but on several occasions I have followed discussions where secure logging systems, IDS, services, etc. needed additional security. One piece of advice often appears to be cutting the "transmit" wires in the network cable. At first glance it sounds logical and like a decent idea, especially if your system doesn't need to respond to the data that is being sent to it. However, upon actually trying this I met with utter failure. When dealing with normal twisted pair Ethernet cable you can usually refer to EIA/TIA 568B as the wiring guide. This standard states that you utilize pairs 2 & 3 (the orange and green pairs) with pair 2 using RJ45 plug pins 1&2 and pair 3 using RJ45 plug pins 3&6. Here is a rough ASCII diagram (which probably won't show up correctly for half of you): 1 2 3 4 5 6 7 8 [ | | | | | | | | ] | T R T R T R T R | | | ------___------ The "T"'s and "R"'s represent tip and ring -- or transmit and receive -- on the cable, so you could assume that by disconnecting pins 1 and 3 you would only eliminate any unwanted transmissions by your system. In practice, this terminates all network traffic and not just transmissions. Disconnecting any one of the four wires results in no connection at all to the machine. I assume that this is because of the link integrity check used for Ethernet connections. But my real question is whether anyone has actually been able to get around this requirement. As a by-product of this exercise I believe I managed to create the cheapest hardware based firewall in the industry. For approximately $8 US I purchased a toggle switch, two RJ45 jacks and a small project box that allows you to turn on and off the network connection to a device of segment. Anyone who can't afford such luxuries will have to keep plugging and unplugging cables. :) Thanks for the feedback. -- Bruce K. Marshall, CISSP - bkmarsh () feist com - Feist Communications 2424 S. St. Francis - Wichita, KS 67216 - 316-264-2248
Current thread:
- Network cables as security devices Bruce K. Marshall (Aug 23)
- Re: Network cables as security devices Michael Shields (Aug 24)
- Re: Network cables as security devices Damir Rajnovic (Aug 24)
- RE: Network cables as security devices Andrew J. Luca (Aug 24)
- Re: Network cables as security devices Dominique Brezinski (Aug 27)
- RE: Network cables as security devices KirkAdams (Aug 30)
- <Possible follow-ups>
- Re: Network cables as security devices Steven M. Bellovin (Aug 24)
- Re: Network cables as security devices (NetQuest) Borkin, Michael (Aug 24)