Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Nov 2004 12:57:37 -0800
From:      Brooks Davis <brooks@one-eyed-alien.net>
To:        Borja Marcos <borjamar@sarenet.es>
Cc:        Julian Elischer <julian@elischer.org>
Subject:   Re: FireWire Security issues
Message-ID:  <20041117205737.GA8233@odin.ac.hmc.edu>
In-Reply-To: <4511D7AF-38AD-11D9-872F-000393C94468@sarenet.es>
References:  <cndo0f$5bv$1@sea.gmane.org> <419AAEE3.9020900@elischer.org> <4511D7AF-38AD-11D9-872F-000393C94468@sarenet.es>

next in thread | previous in thread | raw e-mail | index | archive | help

--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 17, 2004 at 04:28:02PM +0100, Borja Marcos wrote:
> >yes we've been aware of this problem for a year or so :-)
> >I guess we need to get the filters done..
> >We do of course use firewire for remote kernel debugging with great=20
> >success so we
> >need to be able to turn it off sometimes :-)
>=20
> 	Anyway, Firewire isn't Ethernet. A rogue device connected to an SCSI=20
> port (or an USB port)  could sniff traffic sent to other devices, isn't=
=20
> it? It's a matter of how closely-coupled do you consider the interface;=
=20
> an Ethernet is more loosely coupled than a Firewire. You assume than an=
=20
> Ethernet may carry dangerous traffic, but, do you assume the same for a=
=20
> SCSI, a USB or a Firewire port, I mean, the kind of interface you use=20
> for hard disks, etc?
>=20
> 	BTW, provided that USB ports are connected in parallel... a rogue=20
> 	USB device could sniff a user's keyboard activity or even generate rogue=
=20
> keyboard activity, isn't it?

Firewire presents much more risk then most other busses because it
provides direct access to the address space of the host machine.  The
means you can read or modify everything include kernel code and data.
That said, this is really useful for debugging.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBm7tBXY6L6fI4GtQRAq2DAKCvhlgmSBLM2gcA6jsOU5IwVB6wOgCg2YIz
rECMAcCK9A6NfWDdWydgWhA=
=7p9v
-----END PGP SIGNATURE-----

--KsGdsel6WgEHnImy--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041117205737.GA8233>