Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Looking for Intel NIC I/O features guide(Linksec)

    Scheduled Pinned Locked Moved
    Development
    1
    2
    161
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • HLPPCH
      HLPPC Galactic Empire
      last edited by HLPPC

      I am looking for a guide on how to set up Intel I/O features on my multiple pfSense whitebox builds.

      There are some features listed here for securing comms between routers and switches and I cannot find Intel switches or routers anywhere on the market:

      https://www.intel.com/content/dam/doc/product-brief/82576-gbe-controller-brief.pdf

      What traces do I run to observe these features memory/hardware addresses? Are there packages for implementing them? Linksec looks neat, but is it part of all Intel NICs?

      Are all of these features also backdoor attack vectors? Are there any pfSense branded Intel switches? Or motherboards required to utilize the features?

      I've bypassed my ISP's router before with one of these on my WAN and ended up having loads of libc issues 😂 with an 82576 on the WAN and an i225 on the LAN, bugging out a few games, but it was fun while it lasted.

      The 82576 has 8rx and 8tx queues and when I got it I presumed it would somehow optimize my fiber internet. Enabling all of the rx and tx queues is done by setting machdep.hyperthreading_intr_allowed=1

      I had some success with this card in Proxmox with public IPs routed to me, and think maybe this card is best suited for that. I am looking back into re-bypassing the ISP router again because the traffic shaping and security features in pfSense are simply better and pfSense doesn't constantly spam UPnP and DSCP prioritized multicast into my switches.

      There is so much going on with these NICs (and no guides) that I'd almost rather switch to Realtek 2.5g NICs or something simpler which still work with Netmap and included Netgate security features.

      And it makes it difficult to drop $1,400 on a equivelant netgate piece of intel equipment, when there is no standardized way of doing things or features/perks I can't get out of my $400, massively upgradeable whitebox that can still play GeForce Now videogames at 4k 120hz with the built in APU. I'd like to purchase equipment slowly, and have it enhance the rest of my equipment.

      HLPPCH 1 Reply Last reply Reply Quote 0
      • HLPPCH
        HLPPC Galactic Empire @HLPPC
        last edited by HLPPC

        I found something on MACsec

        https://www.synopsys.com/blogs/chip-design/what-is-macsec-protocol.html

        And ECMA-393 ProxZzzy on some intel cards

        https://ecma-international.org/publications-and-standards/standards/ecma-393/

        There are also intel vpro features on NICs and RYZEN DASH remote access control features on ECC capable ryzen pro cpus.

        Aww yeah for "pros"

        I am sure a combination of the default deny rule and L2 rules protect these features, but I'd also like to secure them all with snort/suricata and use them accordingly without investing into even more proprietary tech.

        Is there a steamlined way of identifying all of these features with opensolaris or with nmap or ptrace/dtrace? Their corresponding kernel module necessities etc?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post