Timeline for answer to Unidirectional continuous data transfer to an air-gapped computer by ThoriumBR
Current License: CC BY-SA 4.0
Post Revisions
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 18, 2020 at 14:01 | comment | added | ilkkachu | A router (that could be any computer, really), or a managed switch that supports access-lists that would let you drop everything received on computer B's port. Of course the router or switch should not allow any management access from either A or B, and any possible bugs in their software would become part of the problem. | |
| Dec 17, 2020 at 6:03 | comment | added | Navin | @TooTea That sounds painful to configure. Even if you only allow SYN/ACK, TCP is complicated and has plenty of slots where you can exfiltrate data such as the sequence number. When OP said "air-gapped", I'm pretty sure he is referring to a physical barrier that prevents exfiltration even if B is compromised. | |
| Dec 16, 2020 at 10:14 | comment | added | TooTea | You could actually also use TCP if you configure the firewall to only allow outbound TCP packets without a payload. While in theory that could create a side-channel to exfiltrate data from B, actually pulling that off by gaining remote code execution on B through a single-purpose unidirectional dumb link like this is likely nearly impossible. | |
| Dec 14, 2020 at 18:10 | history | answered | ThoriumBR | CC BY-SA 4.0 |