Malware Uses Obscure Intel CPU Feature to Steal Data and Avoid Firewalls
Not knowing that much about how pfSense/pfBlockerNG works, I was wondering if pfSense somehow blocks in/out going data from Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface that bypasses the local computer's networking stack. I am not sure how you would setup pfSense to block such computer intrusions. It seems that if AMT/SOL can send out data, that pfSense will allow traffic to pass in both directions.
Any insight about this? Thanks.
bingo600 last edited by
I would doubt that pfSense ever sees those packages, as it seems they're routed directly to AMT.
Have a look here.
Seems like the best you can do is disable AMT in your Bios
Since my pfSense is running on an external controller, it seems that it would see it. Reading about this further, AMT is supposedly disabled on all Intel systems and must be activated using some kind of Intel software or firmware. I guess there isn't anything to really worry about, unless hackers have found a way to remotely activate it on other computers. It would be nice to discover what ports AMT uses, if any, to be able to permanently block them.