Tossing Packets Over the Wall Using Transmit-Only Ethernet Cables
Abstract:
Solutions for transporting packets from an insecure DMZ into an organization's internal network are described. All of the solutions attempt to prevent the establishment of two-way traffic by physically cutting the transmit wires at the receiving device on the internal network. Because alternate paths to the packet sender could exist, a user-mode packet relay on the internal network is used to accept and re-transmit the packets to the appropriate destination.
Applications discussed include relaying of syslog and SNMP trap packets from DMZ systems to receiving hosts on a secure network, and monitoring traffic for IDS and diagnostic purposes using a system conveniently located on the secure internal network.
BibTeX
@inproceedings {270067,
author = {Jon Meek and Frank Colosimo},
title = {Tossing Packets Over the Wall Using {Transmit-Only} Ethernet Cables},
booktitle = {17th Large Installation Systems Administration Conference (LISA 03)},
year = {2003},
address = {San Diego, CA },
url = {https://www.usenix.org/conference/lisa-03/tossing-packets-over-wall-using-transmit-only-ethernet-cables},
publisher = {USENIX Association},
month = oct
}
author = {Jon Meek and Frank Colosimo},
title = {Tossing Packets Over the Wall Using {Transmit-Only} Ethernet Cables},
booktitle = {17th Large Installation Systems Administration Conference (LISA 03)},
year = {2003},
address = {San Diego, CA },
url = {https://www.usenix.org/conference/lisa-03/tossing-packets-over-wall-using-transmit-only-ethernet-cables},
publisher = {USENIX Association},
month = oct
}