February 8, 201313 yr I know it has been mentioned before, do not put unRAID on the internet, and here is yet another reason. http://blog.krisk.org/2013/02/packets-of-death.html Basically, the very inexpensive 82574, has yet another bug. This one allows the ethernet port to drop link with the correct packet. I found the defect to be present on a Supermicro motherboard I use, so I post in the motherboard section. Previously discuss risks include the IPMI security risk. Since getting a corrected firmware seems unlikely, I chose to self ping the inoculate packet as part of startup.
February 8, 201313 yr Since getting a corrected firmware seems unlikely, I chose to self ping the inoculate packet as part of startup. ...that maybe is not bad idea at all. Might be possible to put this fix into the kernel driver itself?
February 8, 201313 yr Author Might be possible to put this fix into the kernel driver itself? Absolutely possible to make a driver to mediate this, but the hardware will still be exposed until the driver finishes its work, each cycle. Understand the scope of the bug; You take a motherboard/computer out of the box, rack and power it up, no OS. The bug allows the motherboard/computer to be taken offline. Boot an OS, load a driver which then patches the memory resident copy of firmware, and no more threat exposure, until.. Sleep, and you're back to exposed. If the device is not reachable from the internet, very limited risk. knocking machines off the network is not a good propagation method. Disruptive to be sure, but far better than a remote root exploit. This bug does not provide a method for unauthorized access, just disruption. This chip used as your internet ingress, yikes!
February 8, 201313 yr If the device is not reachable from the internet, very limited risk. knocking machines off the network is not a good propagation method. Disruptive to be sure, but far better than a remote root exploit. This bug does not provide a method for unauthorized access, just disruption. This chip used as your internet ingress, yikes! Yes, I understood that...however, for us unRAIDers with ESXi based setups I see it that... If a VM reaches out for a website which constructs a page, where a simple "http get" results in a/this malicious packet to pass through....your down.
Archived
This topic is now archived and is closed to further replies.