DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th November 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default The enemy in the network card

From http://www.h-online.com/security/new...d-1141556.html

Quote:
Security expert Guillaume Delugré, who works for the Sogeti European Security Expertise Center (ESEC), has demonstrated that a rootkit doesn't necessarily have to infest a computer. The expert used freely available tools and documentation to develop custom firmware for Broadcom's NetExtreme network controller. He was then able to conceal a rootkit within the firmware, making it untraceable by the virus scanners usually installed on a PC.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 24th November 2010
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

This is one attack vector that's overly practical unless the person knows the card you use, if they happen to be on your subnet, the most they could determine would be vendor.

If you use a card that has a non-socketed/non-upgradeable factory flashed rom, there is perhaps less risk of attack.. it's hard to find something these days not using embedded arm/mips processors, but a proprietary simple ASIC would also make this difficult (..no development toolchain, documentation).

If the firmware is loaded onto the device by the kernel, they would also need to have root access, perhaps even physical access to reduce the chance of temporarily bricking the card.

It's a cool presentation, and impressive that they were able to learn enough to get this far.. but it's definitely chipset specific.

Might be something worth considering, make sure you get your firmware images from a trusted source.. and be wary about purchased cards with socketed roms (..most sockets are PXE boot roms anyway, ASIC rom is often embedded).
Reply With Quote
  #3   (View Single Post)  
Old 24th November 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

You can prepare NIC's and sell them (cheap) on ebay.

... I can think of a few more ways to get this sort of "tainted" hardware in the machines of potential victims ...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Network Card Configuration Freeco FreeBSD Installation and Upgrading 6 8th May 2010 11:11 AM
HOWTO: Enemy Territory on FreeBSD tangram Guides 0 9th June 2009 03:31 PM
Double network card Dilemma disappearedng FreeBSD General 6 1st September 2008 06:31 AM
Realtek Gigabit 8169SC Network card not workies!! ashleyd FreeBSD General 5 11th August 2008 12:50 PM
Wireless Card on T61 disappearedng FreeBSD General 1 13th July 2008 12:54 AM


All times are GMT. The time now is 11:40 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick