undefined | Better HN

0 pointspmoriarty8y ago0 comments

So if you don't use the RJ45 port on the motherboard but instead use an RJ45 port on an expansion card instead you're safe?

0 comments

mschuster918y ago

Partially. Expansion cards use PCI-E which has DMA capability, so a bug/backdoor in their firmware can very well be used to attack a system.

But I believe newer systems with MMUs acting as "firewalls" for DMA are safe from this vector.

woodrowbarlow8y ago

there's also the concern of physical attacks, via the motherboard's RJ45 or USB.

mschuster918y ago

At least USB doesn't have device-initiated DMA, but USB descriptor parsing bugs have in the past led to exploits (I remember the PlayStation jailbreak).

pmoriartyOP8y ago

A good argument to epoxy those ports shut, if you're really worried about that.

j / k navigate · click thread line to collapse

0 comments

mschuster918y ago

Partially. Expansion cards use PCI-E which has DMA capability, so a bug/backdoor in their firmware can very well be used to attack a system.

But I believe newer systems with MMUs acting as "firewalls" for DMA are safe from this vector.

woodrowbarlow8y ago

there's also the concern of physical attacks, via the motherboard's RJ45 or USB.

mschuster918y ago

At least USB doesn't have device-initiated DMA, but USB descriptor parsing bugs have in the past led to exploits (I remember the PlayStation jailbreak).

pmoriartyOP8y ago

A good argument to epoxy those ports shut, if you're really worried about that.

j / k navigate · click thread line to collapse