The Hacker News Logo
Subscribe to Newsletter

Flaw in Intel Ethernet controller exposes to 'packet of death' attack

The hardware qualification is a very important issue, recent vulnerabilities discovered in network appliances of various manufacturer have alerted security community once again on the necessity to validate the hardware especially for large consume product.

The last news is related to a vulnerability related to the Intel's 82574L Ethernet controller that expose equipment to risk of "packet of death." Attack.

Star2Star's chief technology officer Kristian Kielhofner identified the cause of the problems after customers experienced random crashes. Researchers at Star2Star after the analysis of lot traffic identified the cause of the problem in the format of a packet managed by a particular VoIP manufacturer.

But as yet it is unclear how widespread the problem is or how other Intel hardware is affected.

Kielhofner, wrote: "The system and Ethernet interfaces would appear fine," "and then after a random amount of traffic the interface would report a hardware error (lost communication with PHY) and lose link. Literally the link lights on the switch and interface would go out. It was dead."

"Nothing but a power cycle would bring it back. Attempting to reload the kernel module or reboot the machine would result in a PCI scan error. The interface was dead until the machine was physically powered down and powered back on. In many cases, for our customers, this meant a truck roll."

"Problem packets had just the right Call-ID, tags, and branches to cause the '2' in the ptime to line up with 0x47f."

The problem is very insidious, Kielhofner's team was able to create packets and target them at particular systems.

"With a modified HTTP server configured to generate the data at byte value (based on headers, host, etc.) you could easily configure an HTTP 200 response to contain the packet of death - and kill client machines behind firewalls!"

Kielhofner has posted a test page that allows system admins to test to see if their devices are vulnerable, meantime his team is working with Intel to produce a fix for the bug.

Update: Intel has responded with an expanded technical explanation of the issue. Intel was made aware of this issue in September 2012 by the blogs author.

Douglas Boom from Intel said in a blog post, "Intel root caused the issue to the specific vendor’s mother board design where an incorrect EEPROM image was programmed during manufacturing. We communicated the findings and recommended corrections to the motherboard manufacturer."

"It is Intel’s belief that this is an implementation issue isolated to a specific manufacturer, not a design problem with the Intel 82574L Gigabit Ethernet controller."

Whereas,Kristian Kielhofner said, "However, I still don’t believe this issue is completely isolated to this specific instance and one motherboard manufacturer. For one, I have received at least two confirmed reports from people who were able to reproduce this issue - my “packet of death” shutting down 82574L hardware from different motherboard manufacturers."

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.