TCP/IP offload: security implications

From: Richard Masoner (nospam@masoner.net)
Date: 02/27/02


From: nospam@masoner.net (Richard Masoner)
Date: 27 Feb 2002 07:57:26 -0800

I'm a coder who writes systems and network code. I also have a strong
interest in information security issues.

Adaptec and Intel have announced gigabit ethernet cards with full
TCP/IP protocol offload in hadware. I think offloading TCP/IP from the
CPU to other hardware makes sense when high wire speeds are involved.
Not infrequently, however, TCP/IP implementations are found to be
vulnerable to attack by malformed packets. Malicious hackers will
intentionally create illegal network packets in an attempt to crash a
network protocol stack. When a vulnerable implementation is hit, the
malformed packet causes the software to go into an undefined state. At
best, the result will be excessive memory usage or degraded
performance. At worst, the result is "wedged" software or even a
kernel panic. For specific examples, see
http://www.cert.org/advisories/CA-2000-21.html ("CERTŪ Advisory
CA-2000-21 Denial-of-Service Vulnerabilities in TCP/IP Stacks").

In a software-only network stack, you just patch the software if a
vulnerability is found. But what do you do if the hardwired protocol
implementation is found to be vulnerable? Can the logic be
re-programmed in the field? Or are you stuck until new hardware is
created?

Richard Masoner
http://www.masoner.net/



Relevant Pages

  • [NT] CitectSCADA ODBC Service Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... are distributed in over 80 countries through a network of more than 500 ... A vulnerability was found in CitectSCADA that could allow a remote ...
    (Securiteam)
  • Re: TCP/IP offload: security implications
    ... Richard, what is the Intel/Adaptec chip that you are referring to? ... > I'm a coder who writes systems and network code. ... > vulnerable to attack by malformed packets. ... > vulnerability is found. ...
    (comp.security.misc)
  • Re: Biometrics
    ... within a network for internal safety reasons and potentially to act as ... source code that is flexible enough to offer external security, ... Chris's distinction between the Internet and "a network" (presumably ... You quote a specific vulnerability below, about DNS, and you then make ...
    (microsoft.public.security)
  • RE: Pentesting vs VA - was Pentesting tool - Commercial
    ... How safe is it to outsource network management to an MSP, ... use site-to-site tunnels, SSL and SNMP V2? ... both vulnerability assessment and penetration testing. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • RE: MS05-039 Scanner
    ... Retina is able to detect the patch as missing, as Shavlik ... and MBSA do, but we also are ... vulnerable systems on a Class B network because really who has ... they cant truly give you a view of vulnerability within your Class B ...
    (Pen-Test)