Firewall Wizards mailing list archives
Re: Re: AirGap's... one way protection
From: Joe Nall <joe () nall com>
Date: Thu, 19 Oct 2000 14:26:45 -0500
Frederick M Avolio wrote:
At 05:50 PM 10/18/00 -0500, Joe Nall wrote:You don't need a firewall at all for this, just a one way serial connection and a little bit of software. The problem with the one way approach is that the box doing the pushing doesn't know if the data ever got to the destination. As soon as you add an acknowledgment from the destination, you have a signaling channel back across the interface.In order to have a confirmed transaction, you need a response. But what in the world do you mean here? All signaling channels are equally exploitable? Surely you're not suggesting that.
Practically no, theoretically yes. The issue is generally the bandwidth available on the signalling (covert) channel. With a box that switches as fast as they claim, failures will probably be fast ones :) Compromise the host behind the e-Gap and the signaling path only has to carry a limited amount of information to do damage.
Variants of this have been used for decades ... They are not popular because they (like the aforementioned e-Gap capability) have _very_ limited utility in the real world.They are incredibly popular in the places that need them.
Agreed, but the number of applications that can live without acknowledgment in transactions won't keep any large companies afloat. joe _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: AirGap's... one way protection Jon Squire (Oct 18)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 19)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 19)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 19)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 20)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 20)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 23)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 19)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 19)
- <Possible follow-ups>
- RE: Re: AirGap's... one way protection Harris, Tim (Oct 19)
- RE: Re: AirGap's... one way protection Frederick M Avolio (Oct 23)
- RE: Re: AirGap's... one way protection Harris, Tim (Oct 23)