Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Malware Uses Obscure Intel CPU Feature to Steal Data and Avoid Firewalls

    Firewalling
    2
    3
    674
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      battles last edited by

      Not knowing that much about how pfSense/pfBlockerNG works, I was wondering if pfSense somehow blocks in/out going data from Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface that bypasses the local computer's networking stack.  I am not sure how you would setup pfSense to block such computer intrusions.  It seems that if AMT/SOL can send out data, that pfSense will allow traffic to pass in both directions.

      Any insight about this?  Thanks.

      https://www.bleepingcomputer.com/news/security/malware-uses-obscure-intel-cpu-feature-to-steal-data-and-avoid-firewalls/

      1 Reply Last reply Reply Quote 0
      • bingo600
        bingo600 last edited by

        I would doubt that pfSense ever sees those packages, as it seems they're routed directly to AMT.

        Have a look here.
        http://thehackernews.com/2017/06/intel-amt-firewall-bypass.html

        Seems like the best you can do is disable AMT in your Bios

        /Bingo

        1 Reply Last reply Reply Quote 0
        • B
          battles last edited by

          Since my pfSense is running on an external controller, it seems that it would see it.  Reading about this further, AMT is supposedly disabled on all Intel systems and must be activated using some kind of Intel software or firmware.  I guess there isn't anything to really worry about, unless hackers have found a way to remotely activate it on other computers.  It would be nice to discover what ports AMT uses, if any, to be able to permanently block them.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy