On Mon, Jul 27, 2015 at 10:52 PM, Joseph Crivello
wrote:
> If someone successfully attacks the firmware on any of your network cards,
> you are screwed no matter what. Any modern network card is going to have the
> ability to issue DMAs and can easily root your entire system.
>
(Somewhat of a r
Joseph Crivello [josephcrive...@gmail.com] wrote:
> If someone successfully attacks the firmware on any of your network cards,
> you are screwed no matter what. Any modern network card is going to have the
> ability to issue DMAs and can easily root your entire system.
If you are running OpenBSD
On Mon, Jul 27, 2015 at 11:10 AM, Quartz wrote:
>> These days you have "bypass" features in hardware that allow packets
>> to flow from one interface to another even if the firewall is turned
>> off.
>
> Can you elaborate on this?
Search for "intel nic bypass mode" and you'll find lots of details
On 2015-07-27, Quartz wrote:
> This is a little off-topic, but I should clarify that although this
> device's primary purpose is a firewall+router, it also has to provide a
> handful of other network related services that set a few requirements
> vis a vis hardware.
Depends what they are, but
These days you have "bypass" features in hardware that allow packets
to flow from one interface to another even if the firewall is turned
off.
Can you elaborate on this?
Also, that brings up another point wrt motherboards with multiple jacks;
are bios attacks something to worry about?
Havi
Em 27-07-2015 09:13, Kimmo Paasiala escreveu:
> It's next to impossible identify the make and
> model of the NIC that holds an IP address
With IPv6 and poor configuration, a remote attacker already have that
information. MAC addresses reveal a lot of information about a NIC.
Cheers,
Giancarlo Razz
Though, of course, if you have been actively developing your system,
or if you have already been subject to other root attempts, a root
attempt runs a significant risk of crashing it.
(And if you have been developing a lot, there's a decent chance you'll
have already crashed it so many times that
If someone successfully attacks the firmware on any of your network cards, you
are screwed no matter what. Any modern network card is going to have the
ability to issue DMAs and can easily root your entire system.
On Mon, Jul 27, 2015 at 7:37 AM, Christian Weisgerber
wrote:
> On 2015-07-27, Quartz wrote:
>
>> Some years ago I remember reading that when using OpenBSD (or any OS,
>> really) as a router+firewall it was considered inadvisable from a
>> security standpoint to have the different networks all att
It is certainly possible theoretically but you'll have to go to very
great lengths to imagine a scenario where a remote attacker could
exploit such a flaw. It's next to impossible identify the make and
model of the NIC that holds an IP address (if it is even directly
bound to a NIC, CARP and other
On Mon, Jul 27, 2015 at 12:46 PM, Quartz wrote:
> Some years ago I remember reading that when using OpenBSD (or any OS,
> really) as a router+firewall it was considered inadvisable from a security
> standpoint to have the different networks all attached to a single network
> card with multiple eth
turning out rather difficult to find a case that's small enough to fit. I'd
really like to use an itx system with multiple onboard ethernet jacks and
cram it into something like a MiniBox M350 or Antec ISK110, but I'm not sure
A Lanner FW7525 or even an Alix APU don't seem to be much larger...
On 2015-07-27, Quartz wrote:
> Some years ago I remember reading that when using OpenBSD (or any OS,
> really) as a router+firewall it was considered inadvisable from a
> security standpoint to have the different networks all attached to a
> single network card with multiple ethernet ports. Th
2015-07-27 11:46 GMT+02:00 Quartz :
> turning out rather difficult to find a case that's small enough to fit. I'd
> really like to use an itx system with multiple onboard ethernet jacks and
> cram it into something like a MiniBox M350 or Antec ISK110, but I'm not sure
A Lanner FW7525 or even an Al
Some years ago I remember reading that when using OpenBSD (or any OS,
really) as a router+firewall it was considered inadvisable from a
security standpoint to have the different networks all attached to a
single network card with multiple ethernet ports. The thinking being
that it was theoretic
15 matches
Mail list logo
