Re: TCP/IP offload: security implications

From: Dennis C (dchou4u@hotmail.com)
Date: 02/28/02

  • Next message: Joost Geurts: "odd problem accesing a secure website" 

    From: dchou4u@hotmail.com (Dennis C)
Date: 27 Feb 2002 17:01:06 -0800

    Richard, what is the Intel/Adaptec chip that you are referring to? Can
    you please provide the part number?

    Thanks
    Dennis

    ospam@masoner.net (Richard Masoner) wrote in message news:<2c505724.0202270757.d8c346d@posting.google.com>...
    > I'm a coder who writes systems and network code. I also have a strong
    > interest in information security issues.
    >
    > Adaptec and Intel have announced gigabit ethernet cards with full
    > TCP/IP protocol offload in hadware. I think offloading TCP/IP from the
    > CPU to other hardware makes sense when high wire speeds are involved.
    > Not infrequently, however, TCP/IP implementations are found to be
    > vulnerable to attack by malformed packets. Malicious hackers will
    > intentionally create illegal network packets in an attempt to crash a
    > network protocol stack. When a vulnerable implementation is hit, the
    > malformed packet causes the software to go into an undefined state. At
    > best, the result will be excessive memory usage or degraded
    > performance. At worst, the result is "wedged" software or even a
    > kernel panic. For specific examples, see
    > http://www.cert.org/advisories/CA-2000-21.html ("CERTŪ Advisory
    > CA-2000-21 Denial-of-Service Vulnerabilities in TCP/IP Stacks").
    >
    > In a software-only network stack, you just patch the software if a
    > vulnerability is found. But what do you do if the hardwired protocol
    > implementation is found to be vulnerable? Can the logic be
    > re-programmed in the field? Or are you stuck until new hardware is
    > created?
    >
    > Richard Masoner
    > http://www.masoner.net/

    Relevant Pages

    • TCP/IP offload: security implications
      ... I'm a coder who writes systems and network code. ... TCP/IP protocol offload in hadware. ... vulnerable to attack by malformed packets. ... vulnerability is found. ...
      (comp.security.misc)
    • [NT] CitectSCADA ODBC Service Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... are distributed in over 80 countries through a network of more than 500 ... A vulnerability was found in CitectSCADA that could allow a remote ...
      (Securiteam)
    • Re: Biometrics
      ... within a network for internal safety reasons and potentially to act as ... source code that is flexible enough to offer external security, ... Chris's distinction between the Internet and "a network" (presumably ... You quote a specific vulnerability below, about DNS, and you then make ...
      (microsoft.public.security)
    • RE: Pentesting vs VA - was Pentesting tool - Commercial
      ... How safe is it to outsource network management to an MSP, ... use site-to-site tunnels, SSL and SNMP V2? ... both vulnerability assessment and penetration testing. ... buy it or download a solution FREE today! ...
      (Pen-Test)
    • RE: MS05-039 Scanner
      ... Retina is able to detect the patch as missing, as Shavlik ... and MBSA do, but we also are ... vulnerable systems on a Class B network because really who has ... they cant truly give you a view of vulnerability within your Class B ...
      (Pen-Test)