undefined | Better HN

story

0 pointspmoriarty9y ago0 comments

So if you don't use the RJ45 port on the motherboard but instead use an RJ45 port on an expansion card instead you're safe?

0 comments

mschuster919y ago

Partially. Expansion cards use PCI-E which has DMA capability, so a bug/backdoor in their firmware can very well be used to attack a system.

But I believe newer systems with MMUs acting as "firewalls" for DMA are safe from this vector.

woodrowbarlow9y ago

there's also the concern of physical attacks, via the motherboard's RJ45 or USB.

mschuster919y ago

At least USB doesn't have device-initiated DMA, but USB descriptor parsing bugs have in the past led to exploits (I remember the PlayStation jailbreak).

pmoriartyOP9y ago

A good argument to epoxy those ports shut, if you're really worried about that.

j / k navigate · click thread line to collapse

0 comments

mschuster919y ago

Partially. Expansion cards use PCI-E which has DMA capability, so a bug/backdoor in their firmware can very well be used to attack a system.

But I believe newer systems with MMUs acting as "firewalls" for DMA are safe from this vector.

woodrowbarlow9y ago

there's also the concern of physical attacks, via the motherboard's RJ45 or USB.

mschuster919y ago

At least USB doesn't have device-initiated DMA, but USB descriptor parsing bugs have in the past led to exploits (I remember the PlayStation jailbreak).

pmoriartyOP9y ago

A good argument to epoxy those ports shut, if you're really worried about that.

j / k navigate · click thread line to collapse