Intel packet of death
-
So I caught wind of this via Scotts twitter feed (@sullrich) and read the article: here. This morning I see it's on /. also.
Just how concerned should we be?For those who haven't read it: Intel 82574L NICs seem to suffer a problem where by a specially (or accidentally) crafted packet can crash the firmware (or in some other way lock it up) requiring a power cycle. This can happen even if no OS is running.
It not clear whether this is due to some firmware problem specific to the tested boxes or common to all 82574 eeprom code. :-
If it is then current advise to use such NICs might have to be re-thought. It does seem possible to test for and possibly reprogram this though.My initial thought was that I wasn't too worried personally since my only NICs that may be affected are internal facing. However reading the blog post again the specially crafted packet can take many forms including a legitimate http response. This means that, say, a hacked web server could serve up these packets and if a client behind the firewall had requested it pfSense would allow it to pass, crashing my internal NIC.
I guess until I see reports of this being used in the wild I'll leave my tinfoil hat in the cupboard. ;)
Thoughts?
Steve
Edit: My own NICs are actually way too old to be affected. ::)
This is a PCI-e Gigabit NIC released in 2008. -
Fun times, too bad it's not as widespread as the ol' ping of death or we'd really be in for some fun.
-
the ol' ping of death
Ah, happy memories. I don't remember even knowing what a firewall was back then.
Steve
-
Some more interesting info (or non-info if you were looking for actual detail…)
http://lists.freebsd.org/pipermail/freebsd-stable/2013-February/072152.html -
So this issue is limited to the specific hardware platform. Any idea what that platform is?
Edit: reading the updated blog post I see that at least three separate products have been reported ad affected by this. Just to be clear this is a tiny minority of hardware using the chip. Don't panic! ;DSteve
-
I realised I do in fact have a box that uses these NICs, the XTM5.
I have just spent a while throwing bad packets at it and I'm (almost) sorry to report nothing happened. Perhaps as expected.
This is an interesting story though, I encourage anyone who hasn't to read the blog post.
There is still some confusing as to how widespread the problem may be. At this point Intel seem to be saying that only this one system is affected (Wired are reporting its a Lex CompuTech/ Synertron Technology box) but the blog author is saying at least three different boxes are confirmed.Steve
