-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This isn't just TCP/IP stack specific. I know for CPU thermal testing Intel has some specific programs that will quickly heat the CPU up. I think most of the motherboards today will shutdown the processor before it overheats and damages itself though. These programs have been around for years and hackers have yet to release a virus exploiting them. Until somebody malicious makes use of programs like this or finds a way to DoS the TCP/IP stack of one of these cards the vendors are going to ignore the cries of the security community because it is too expensive to test for all these things. Bret Piatt - -----Original Message----- From: Ron DuFresne [mailto:dufresneat_private] Sent: Wednesday, February 27, 2002 6:36 PM To: Richard Masoner Cc: vuln-devat_private Subject: Re: tcp/ip hardware offload Richard, The closest discussion I've seen from time to time related to this, and again recently on the firewalls list has been the hp printer cards and their poor handling of simple variances in TCP params that send the printers they are installed in into failure modes requireing a full recycle. The results of simple nmap scans are known to either fully freeze up the printers or send them into garbage page spewing moeds, yet they all require a recycle to correct. Course, I have seen no mention of new hp direct cards with corrected firmware released over the years, and this is an old known issue. Perhaps the code to be used in the devices you mention is going to be much more stable, but, you make a good point in that it's possible that future exploits might well make such devices expensive door-stops of the future. Hopefully the design folks are throughly testing the stacks and exercising them to discover their potential limit prior to production and marketing... Thanks, Ron DuFresne On Tue, 26 Feb 2002, Richard Masoner wrote: > I'd like to bring up for discussion a topic I don't think I've seen > before > -- that of possible vulnerabilities in networking code in hardware > devices. Specifically, several vendors are developing network adapters > with full TCP/IP offload in the hardware. These aren't just cards with a > network stack in firmware; a lot of these actually have the protocol > implemented in silicon. > > iReady <http://www.iready.com> is selling the "iChip," which is > targeted for lower-end, embedded applications. Adaptec and Intel have > announced gigabit network adapters with full protocol offload. > Driving these products is the burgeoning market for network storage > (iSCSI in particular), and the fact that OS protocol handling can > gobble up over half of CPU cycles just to process the incoming network > packets. If you offload protocol handling, you free the CPU for other > tasks. From a performance perspective, it makes perfect sense. > > I'll write to these companies for additional details (and hope for a > response), but my guess is that the protocol is implemented in some > sort of programmable logic on an ASIC, and that these adapters will > not be in-circuit upgradeable. > > The risk I see is the discovery of a vulnerability in these hard-wired > "protocol accelerators." What if a malformed packet could throw these > adapters into an undefined state? In a software TCP/IP stack, you just > patch the operating system and life goes on. What do you do with hardware > that's discovered to be vulnerable to DoS attacks? > > Is there a history of hardware being vulnerable to online DoS attacks > like this? Has anyone discussed this already? > > Regards, > > Richard Masoner > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBPIT4ml+IxmqPU329EQIxiACgvW/kdeoYMR9HgbNGzNA/PCDbOasAn3lC +HjXme2mO90WdLSY5bQ5iBtj =Hq6y -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 16:40:53 PST