[RndTbl] Intel ethernet - h/w remote DoS exploit!

Adam Thompson athompso at athompso.net
Fri Feb 8 14:22:46 CST 2013


In theory (I haven't tested it yet) it is remotely exploitable across routers.
His *test* does require you to be on the same subnet.
-Adam

Trevor Cordes <trevor at tecnopolis.ca> wrote:

>On 2013-02-06 Adam Thompson wrote:
>> This guy explains it better than I can, but the meat of it is that a
>> large number of Intel Ethernet controllers in the field are
>> susceptible to a firmware bug that can shut down the Ethernet port
>> remotely.
>
>Kind of scary.  I have countless Intel NICs out in the field.  Many are
>ineternet-facing.  Not sure if any are the 82574L, I'll need to check.
>
>Now the question is, is this remotely exploitable via the internet?
>The secondary page:
>http://www.kriskinc.com/intel-pod
>Says "you'll need to be on the same ethernet segment.  No routers or
>VLAN" in between.  So does that mean that this can't be triggered by
>someone in China across to our Shaw/MTS modem connections?
>
>Bugs like this are goofy, and I'd hope that if it is remotely
>exploitable that Intel makes a fix widely (and easily) available (and
>known).
>
>Anyone tested it yet?  I would offer some boxes as test recipients if
>someone has.
>_______________________________________________
>Roundtable mailing list
>Roundtable at muug.mb.ca
>http://www.muug.mb.ca/mailman/listinfo/roundtable



More information about the Roundtable mailing list