Re: TCP/IP offload: security implications

From: Richard Masoner (nospam@masoner.net)
Date: 02/28/02 

From: nospam@masoner.net (Richard Masoner)
Date: 27 Feb 2002 15:48:41 -0800

David Bianco <bianco@jlab.org> wrote:

> I'm not familiar with the cards in question, but I imagine they wouldn't
> hardwire the logic.

Nope, in the instances I'm describing it's not firmware -- they use
programmable logic. Adaptec and Intel are using gate arrays to
implement TCP/IP. Another vendor I found is iReady
<http://www.iready.com>.

I did receive one response from a developer familiar with these
devices saying that if the state machines get stuck, then it's a
simple matter to just reset everything and go on your way. I didn't
ask if you lose your TCP session when that happens.

Another engineer told me that there might possibly be some
"checkpoints" where the processor core on the ASIC can intervene if
necessary.

In both cases, the risks seemed mitigated by the intended application
of the adapters. For Adaptec and Intel, the adapters are designed for
use in network storage applications, which in all likelihood will be
on an isolated network. iReady's technlogy seems to be used mostly in
small, embedded applications which most likely will be in a private
network.

Still, what happens if these Intel or Adaptec "protocol accelerators"
are used in edge servers and it's discovered the protocol
implementation is vulnerable? Is it a reasonable risk to think about?

RFM

Relevant Pages