Security Basics mailing list archives

Re: One computer two different networks

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 16 Oct 2006 18:40:23 +0200

On 2006-10-16 Hagen, Eric wrote:

On Sunday, October 15, 2006 4:16 PM Ansgar -59cobalt- Wiechers wrote:

On 2006-10-12 Hagen, Eric wrote:

I read it as a stricly recieve-only solution.  For example, it could
be desirable to recieve incoming UDP data streams, while maintaining
NO possibility for return traffic.

However, TCP (and therefore, 99% of Internet application usage)
would be impossible by its nature of requiring two-way
communication.


A "receive-only" solution isn't quite possible from a network PoV,
not only for TCP, but for UDP and other protocols as well. If you
allow only inbound traffic, then how are you going to send out the
initial request? If you allow only outbound traffic, then you can
send the initial request, but won't be able to retrieve the data.


You don't need an "initial request".  The intention of the device is
to recieve known traffic, inbound only.

The "initial request" is likely a phone call or a personal visit to
"aim" the sender at your super-secret-secure network.


You may want to explain how you define what is or isn't "known traffic"
and how the inbound transfer is initiated, because you cannot possibly
suggest to allow arbitrary content to be pushed into a supposedly secure
network.

Yes, there may be situations where you have just an inbound data stream,
but their number is rather few, and the description of the OP did not
sound like he had any such situation.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: One computer two different networks, (continued)
- - Re: One computer two different networks Steve (Oct 11)
- RE: One computer two different networks Hagen, Eric (Oct 11)
- Re: One computer two different networks krymson (Oct 11)
- Re: Re: One computer two different networks davidthomastuck (Oct 13)
- Re: Re: One computer two different networks anonymous (Oct 13)
- RE: One computer two different networks Hagen, Eric (Oct 13)
  - Re: One computer two different networks Ansgar -59cobalt- Wiechers (Oct 15)
- RE: One computer two different networks Laundrup, Jens (Oct 13)
- Re: RE: One computer two different networks nigel_barnes (Oct 15)
- RE: One computer two different networks Hagen, Eric (Oct 16)
  - Re: One computer two different networks Ansgar -59cobalt- Wiechers (Oct 16)