Security Basics mailing list archives

RE: One computer two different networks

From: "Hagen, Eric" <hagene () DenverNewspaperAgency com>
Date: Mon, 16 Oct 2006 10:17:59 -0600

You don't need an "initial request".  The intention of the device is to recieve known traffic, inbound only.

The "initial request" is likely a phone call or a personal visit to "aim" the sender at your super-secret-secure 
network.

Eric

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]On Behalf Of Ansgar -59cobalt-
Wiechers
Sent: Sunday, October 15, 2006 4:16 PM
To: security-basics () securityfocus com
Subject: Re: One computer two different networks


On 2006-10-12 Hagen, Eric wrote:

I read it as a stricly recieve-only solution.  For example, it could
be desirable to recieve incoming UDP data streams, while maintaining
NO possibility for return traffic.

However, TCP (and therefore, 99% of Internet application usage) would
be impossible by its nature of requiring two-way communication.


A "receive-only" solution isn't quite possible from a network PoV, not
only for TCP, but for UDP and other protocols as well. If you allow only
inbound traffic, then how are you going to send out the initial request?
If you allow only outbound traffic, then you can send the initial
request, but won't be able to retrieve the data.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: Re: One computer two different networks, (continued)
- Re: Re: One computer two different networks davidthomastuck (Oct 11)
  - Re: One computer two different networks Steve (Oct 11)
- RE: One computer two different networks Hagen, Eric (Oct 11)
- Re: One computer two different networks krymson (Oct 11)
- Re: Re: One computer two different networks davidthomastuck (Oct 13)
- Re: Re: One computer two different networks anonymous (Oct 13)
- RE: One computer two different networks Hagen, Eric (Oct 13)
  - Re: One computer two different networks Ansgar -59cobalt- Wiechers (Oct 15)
- RE: One computer two different networks Laundrup, Jens (Oct 13)
- Re: RE: One computer two different networks nigel_barnes (Oct 15)
- RE: One computer two different networks Hagen, Eric (Oct 16)
  - Re: One computer two different networks Ansgar -59cobalt- Wiechers (Oct 16)