[karambahh]

I was at a security trade show earlier this year and some companies were marketing "FTP diode": one way FTP transfert.

I did not have time to discuss it with them, but how a tcp based protocol could be "one way" just does not make sense to me...

[kbenson]

Maybe it's a variation of TFTP (which uses UDP) that doesn't ack the connection or the file? That would be rather amusing, broken TFTP sold as a security app.

[geococcyxc]

I read about one of these devices once, vendor info said that it runs a small and "verified" kernel (probably seL4 or something like that) that does the TCP stuff and took care not to let any real information flow in the other direction. Apart from FTP, it support SMTP, probably others as well that I forgot. It did not sound very convincing to me. Even if the kernel is totally secure, you could probably have a side channel via ACK timing?

[geraldcombs]

This sounds an awful lot like a standard FTP server configured with a write-only directory.