Pages:
Author

Topic: Data diode for high security - page 2. (Read 7722 times)

legendary
Activity: 1176
Merit: 1018
June 14, 2013, 01:28:21 PM
#4
With 10/100BASE-T over Cat-5 (but not 1000BASE-T, which uses all four pairs), just disconnect the transmit pair (pins 1 and 2, either green and green/white (T568A) or orange and orange/white (T568B)), and you will no longer be capable of transmitting. Then put your card in promiscuous mode (since you obviously won't be able to establish a connection), fire up your favourite packet sniffer and you're done. Note that you may experience unavoidable data loss, as you will be unable to request that dropped packets be retransmitted.

I thought about that technique, but I was wondering if some hack could remap the pins?  I know it would be really hard to pull of, but there are some very determined adversaries out there.  So I wondering if I do as you described, but also spice some actual diodes into whatever pairs, either the tx or rx, that are hooked up.  Then even if the pins were remapped the electricity could not flow backward.

I can see fiber being more secure though.  Even with diodes in copper, just because the electricity wasn't flowing backwards wouldn't stop information from leaking out.  You could always vary the electrical load in a specific way and the sending side could detect the difference.
legendary
Activity: 4326
Merit: 3041
Vile Vixen and Miss Bitcointalk 2021-2023
June 14, 2013, 07:40:06 AM
#3
With 10/100BASE-T over Cat-5 (but not 1000BASE-T, which uses all four pairs), just disconnect the transmit pair (pins 1 and 2, either green and green/white (T568A) or orange and orange/white (T568B)), and you will no longer be capable of transmitting. Then put your card in promiscuous mode (since you obviously won't be able to establish a connection), fire up your favourite packet sniffer and you're done. Note that you may experience unavoidable data loss, as you will be unable to request that dropped packets be retransmitted.
sr. member
Activity: 359
Merit: 250
June 13, 2013, 11:15:49 PM
#2
Not sure how to do it with cat-5, but with fiber you can simply leave the tx or rx cable disconnected.  You need to make sure the network switch won't automatically re-map tx/rx for performance gains though. (I hear this is done on some newer switches)
This is sometimes used in high security settings where a machine can receive from a public data source but can't leak data back out to that source.

^ I haven't done any of this in practice; just heard about it so there could be inaccuracies.
legendary
Activity: 1176
Merit: 1018
June 13, 2013, 09:48:41 PM
#1
I've been thinking about how I could construct my own data diode.  I know there is a lot to consider, but right now I am just curious about the physical layer.

Does anyone know if it would be possible to splice into some cat-5 cable a few actual diodes and still have the signal pass?  Or would they mess up the impedance, or something like that.  I know there are transmit and receive pairs, but perhaps they could be remapped somehow.  I would be cool if you could actually just buy some diodes and make your own one way cable.
Pages:
Jump to: