[Cryptography] Intel Management Engine pwnd

Tom Mitchell mitch at niftyegg.com
Wed Nov 29 10:32:09 EST 2017

On Tue, Nov 28, 2017 at 10:52 PM Jerry Leichter <leichter at lrw.com> wrote:

> > When used in accordance with official use, it listens on a certain port,
> like any other service.
> >
> > But since normal code manages listening on ports, how does the
> management engine do this.  How does the management engine hook your tcp-ip
> stack?
> >
> > For your tcp-ip stack is implemented by diverse operating systems in
> diverse hardware and software....
> As I understand it, the ME's TCP stack is integrated into the Ethernet
> engine.  When it sees a packet attempting to connect to the management port
> it simply grabs it -


> This is really no different in most details from any stateful firewall -
> except that the firewall generally discards the undesirable packets, while
> the ME acts on them.
> ......
> You could block this entire mechanism by using an external Ethernet
> interface and not connecting the built-in one to anything - or connecting
> it to a separate management network fully isolated.


> The site can physically  wire the management port to one of the networks
used by the system and configure it to use a different set of IP addresses.
  IPv6 and dual v6&v4 networks confuse things a lot in this discussion.
TIme to live counters are not configurable.  Low TTL count can limit packet
routing and keep data in the building.
Some networks links are promiscuous collecting and inspecting all packets
for security reasons.  The physical MAC address might be impersonated by
another device...  network switches pay attention to the MAC address.
Network switches and routers have been hacked...

Network router configurations when things are working as intended are a
pain. To use the device the net must be connected and accessible.   System
vendors also have their own little management device in server boxes...

For me, These management devices are in the same doghouse as the pile of
IOT devices: cameras, thermostats, light controls, refrigerators, audio
devices, infrastructure devices, electric grid controls, meters, water,
gas.....   The failures at intel are part of a much larger problem space.
Tinny keyboard.. Mobile ... I am
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171129/c374f5ce/attachment.html>

More information about the cryptography mailing list