On 6/28/20 10:46 AM, R.Wieser wrote:
> Well, feel free to come up with a(ny) solution that /doesn't/ have any
> "vector for attack".   Go on, try it.

Nope.  I don't think that's possible.  There will /always/ be something.
  The /realistic/ objective is to find a way that absolutely minimizes
the possibility of attack vectors.

> I must say I do not quite understand that.   I mean, how hard is it
> to imagine a RPi which reads datablocks from one TCP/IP interface
> and writes it to the other one (and vise-verse) - and as a result
> dropping all IP and port info from either side.   That doesn't really
> sound like rocket-science, now does it ?

Seeing as how we're talking about networking and not the science of
rockets, no, it's not rocket-science.

That being said, what you have described there is decidedly different
than what has been discussed in this thread.

You are now describing something that actively proxies the network
connection between hosts A and C.  This is much more akin to NAT and /
or application layer proxies.

Interacting with TCP connections without using an existing TCP/IP stack
*is* quite /complex/.  Is it possible, yes.  Is it reasonable, I don't
think so.

Now I feel the need to ask:  What does "post office" mean to you?



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05