>On 2010-03-29, Matthew Szudzik <[email protected]> wrote: >> On Mon, Mar 29, 2010 at 08:46:15AM -0400, David Goldsmith wrote: >>> eth3: Broadcom NetXtreme II BCM5709 1000Base-SX (C0) PCI Express found >>> at mem ea000000, IRQ 66, node addr a4badb236d41 >>> >>> eth4: Broadcom NetXtreme II BCM57711 XGb (A0) PCI-E x8 2.5GHz found at >>> mem ec800000, IRQ 66, node addr a4badb236cdb >> >> Incidentally, have you seen this: >> >> http://www.ssi.gouv.fr/site_article185.html >> >> If not configured properly, Broadcom NetXtreme NICs are vulnerable to >> remote attacks that the operating system cannot prevent, because the >> bugs are in the hardware. > >ASF is not enabled in OpenBSD.
Stuart, let's be more specific about this. For almost 10 years that shit has scared the crap out of me, so I've forced all the developers to keep turning it off in the driver, if possible. Many people can avoid these problems by making sure that their primary interface (ie. the one that typically does WOL or ASF or whatnot) does not point at a network where these types of things can be injected. Or simply don't use that port at all.
