Vulnerability Development mailing list archives

Re: tcp/ip hardware offload

From: "Jonathan M. Smith" <jms () central cis upenn edu>
Date: Fri, 1 Mar 2002 08:52:41 -0500 (EST)


We discovered a huge class of attacks (that can actually
induce fires!) on FPGAs. See Chapter 6 of Hadzic's Ph.D. thesis,
at http://www.cis.upenn.edu/~boosters/thesis.ps

                                                                -JMS


On Tue, 26 Feb 2002, Richard Masoner wrote:

I'd like to bring up for discussion a topic I don't think I've seen before
-- that of possible vulnerabilities in networking code in hardware
devices.  Specifically, several vendors are developing network adapters
with full TCP/IP offload in the hardware.  These aren't just cards with a
network stack in firmware; a lot of these actually have the protocol
implemented in silicon.

iReady <http://www.iready.com> is selling the "iChip," which is targeted
for lower-end, embedded applications.  Adaptec and Intel have announced
gigabit network adapters with full protocol offload.  Driving these
products is the burgeoning market for network storage (iSCSI in
particular), and the fact that OS protocol handling can gobble up over half
of CPU cycles just to process the incoming network packets.  If you offload
protocol handling, you free the CPU for other tasks.  From a performance
perspective, it makes perfect sense.

I'll write to these companies for additional details (and hope for a
response), but my guess is that the protocol is implemented in some sort of
programmable logic on an ASIC, and that these adapters will not be
in-circuit upgradeable.

The risk I see is the discovery of a vulnerability in these hard-wired
"protocol accelerators."  What if a malformed packet could throw these
adapters into an undefined state?  In a software TCP/IP stack, you just
patch the operating system and life goes on.   What do you do with hardware
that's discovered to be vulnerable to DoS attacks?

Is there a history of hardware being vulnerable to online DoS attacks like
this?  Has anyone discussed this already?

Regards,

Richard Masoner

Current thread:

RE: tcp/ip hardware offload Liran Cohen (Mar 04)
- RE: tcp/ip hardware offload Richard Masoner (Mar 04)
- <Possible follow-ups>
- Re: tcp/ip hardware offload Jonathan M. Smith (Mar 04)
- Re: tcp/ip hardware offload Ron DuFresne (Mar 04)
- RE: tcp/ip hardware offload PIATT, BRET L (PB) (Mar 05)