Re: tcp/ip hardware offload

From: Jonathan M. Smith (jms@central.cis.upenn.edu)
Date: 03/01/02 

Date: Fri, 1 Mar 2002 08:52:41 -0500 (EST)
From: "Jonathan M. Smith" <jms@central.cis.upenn.edu>
To: Richard Masoner <richardm@masoner.net>

We discovered a huge class of attacks (that can actually
induce fires!) on FPGAs. See Chapter 6 of Hadzic's Ph.D. thesis,
at http://www.cis.upenn.edu/~boosters/thesis.ps

                                                                -JMS

On Tue, 26 Feb 2002, Richard Masoner wrote:

> I'd like to bring up for discussion a topic I don't think I've seen before
> -- that of possible vulnerabilities in networking code in hardware
> devices. Specifically, several vendors are developing network adapters
> with full TCP/IP offload in the hardware. These aren't just cards with a
> network stack in firmware; a lot of these actually have the protocol
> implemented in silicon.
>
> iReady <http://www.iready.com> is selling the "iChip," which is targeted
> for lower-end, embedded applications. Adaptec and Intel have announced
> gigabit network adapters with full protocol offload. Driving these
> products is the burgeoning market for network storage (iSCSI in
> particular), and the fact that OS protocol handling can gobble up over half
> of CPU cycles just to process the incoming network packets. If you offload
> protocol handling, you free the CPU for other tasks. From a performance
> perspective, it makes perfect sense.
>
> I'll write to these companies for additional details (and hope for a
> response), but my guess is that the protocol is implemented in some sort of
> programmable logic on an ASIC, and that these adapters will not be
> in-circuit upgradeable.
>
> The risk I see is the discovery of a vulnerability in these hard-wired
> "protocol accelerators." What if a malformed packet could throw these
> adapters into an undefined state? In a software TCP/IP stack, you just
> patch the operating system and life goes on. What do you do with hardware
> that's discovered to be vulnerable to DoS attacks?
>
> Is there a history of hardware being vulnerable to online DoS attacks like
> this? Has anyone discussed this already?
>
> Regards,
>
> Richard Masoner
>

Relevant Pages

  • Re: tcp/ip hardware offload
    ... new hp direct cards with corrected firmware released over the years, ... several vendors are developing network adapters ... > gigabit network adapters with full protocol offload. ...
    (Vuln-Dev)
  • RE: tcp/ip hardware offload
    ... Upgrading can be done today on most of the hardware products, ... several vendors are developing network ... gigabit network adapters with full protocol offload. ...
    (Vuln-Dev)
  • RE: Odd network results from two installed adapters, wired/wirelss
    ... system has both wired and wireless adapters, ... I can't seem to establish any network ... Connection Type: Dynamic ...
    (microsoft.public.windowsxp.network_web)
  • Re: 2503/WS-1103 intermittant ping
    ... blade installed on my network. ... The router seems to perform OK except ... when I ping the ethernet connection, I only get back every other ping. ... BRI0 is administratively down, line protocol is down ...
    (comp.dcom.sys.cisco)
  • 2503/WS-1103 intermittant ping
    ... I installed a 2503/WS-1103 which is a catalyst 3200 with a router ... blade installed on my network. ... BRI0 is administratively down, line protocol is down ... IP fast switching on the same interface is disabled ...
    (comp.dcom.sys.cisco)
Quantcast