tag:blogger.com,1999:blog-9220932811142893057.post7783314994459210637..comments2023-05-04T07:18:09.839-04:00Comments on Not Just AstLinux Stuff: Packets of DeathAnonymoushttp://www.blogger.com/profile/06405875458561185080noreply@blogger.comBlogger105125tag:blogger.com,1999:blog-9220932811142893057.post-61073424811609474662014-01-23T06:05:23.022-05:002014-01-23T06:05:23.022-05:00It actually reminded me about: https://bugzilla.ke...It actually reminded me about: https://bugzilla.kernel.org/show_bug.cgi?id=47331 , are they same?Ajinkyahttp://javarevisited.blogspot.comnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-28335810132229899542013-02-12T10:32:03.994-05:002013-02-12T10:32:03.994-05:00Many of these comments/questions have been address...Many of these comments/questions have been addressed in my update post:<br /><br />http://blog.krisk.org/2013/02/packets-of-death-update.html<br /><br />Rich - Yes, the first received packet after power on. This applies to the "packets of death" or the inoculation packets. Keep in mind there is also at least one value that has no effect at all. Intel still hasn't responded as to why/how this behavior occurs. Until we know that the only way to know (exhaustively and conclusively) which adapter/EEPROM combinations are affected is to fuzz them, I guess...Anonymoushttps://www.blogger.com/profile/06405875458561185080noreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-46717788575489477842013-02-12T05:23:39.148-05:002013-02-12T05:23:39.148-05:00H-Online has reported that this problem only occur...H-Online has reported that this problem only occurs with one motherboard: <br />http://www.h-online.com/security/news/item/Intel-Packet-of-Death-not-Intel-s-problem-1801537.html<br /><br /><br />The identity of the board manufacturer was not disclosed by Intel or in the "packet of death" discoverer's blog posting. But readers will find it in a Wired report, which says that Taiwanese manufacturer Lex CompuTech (which operates under the name Synertron Technology in the US) was the provider of the incorrectly flashed motherboard.Wilhttp://www.vi-toolkit.comnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-21129611255560194652013-02-11T20:13:21.138-05:002013-02-11T20:13:21.138-05:00...the behavior of the controller depended complet...<i>...the behavior of the controller depended completely on the value of this specific address in the first received packet to match that address.</i><br /><br />This confuses me.<br /><br />The controller fails if a packet goes through it with 0x32 or 0x33 in position 0x47F...<br /><br />if it is "the first received packet..." first received after what? Power-on? "... to match that address"? What address? 0x47f?<br /><br />Also, the nothing/kill/immunization pattern: the controller can be immunized only by the 0x47F value in the very first packet it receives? First after what? Of any kind? Or only a packet at least 0x480 bytes long?<br /><br />Finally - did Intel ever reveal what a "death packet" actually did to the controller?Rich Rostromhttps://www.blogger.com/profile/13262703348236110420noreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-51927641768827508502013-02-11T15:42:38.050-05:002013-02-11T15:42:38.050-05:00The potential for deep and almost intractable issu...The potential for deep and almost intractable issues like this are why NASA flew the shuttle with core memory (little magnetic donuts for memory instead of RAM chips) for a long time after it was obsolete.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-53486543398524741172013-02-09T10:45:32.431-05:002013-02-09T10:45:32.431-05:00There is a whole thread about the issue in Intel m...There is a whole thread about the issue in Intel messageboards, has been there since September. Intel DZ77GA-70K motherboard with 82574L suffering from the same fault. No fix yet or official reply from Intel about the matter.<br /><br />http://communities.intel.com/thread/31828?start=0&tstart=0Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-68869279492710590352013-02-08T18:48:29.250-05:002013-02-08T18:48:29.250-05:00@Kristian Kielhofner Congrats Sir, you've just... <b>@Kristian Kielhofner Congrats Sir, you've just discovered the Internet Kill-Switch!</b><br /><br /><i>The “red telephone,” used to shut down the entire Internet <a href="http://techcrunch.com/2011/03/06/in-search-of-the-internet-kill-switch/" rel="nofollow">comes to mind.</a></i><br /><br />You discovered howto immunize friends and kill enemies in CyberWars, probably even more..<br /><br />Do governments have an Internet kill switch? Yes, see Egypt & Syria they're good examples. We know China is doing Cyberwars, they are beyond Kill-Switches.<br /> <br />Wiki: <a href="http://en.wikipedia.org/wiki/Internet_kill_switch" rel="nofollow">Internet kill switch</a><br /><br />We know Goverments deploy hardware that they can control when needed. Smartphones are the best examples for Goverment issued backdoors, next to some Intel Hardware (including NICs).<br /><br />We can't protect the people..X4noreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-63641010937100290272013-02-08T18:39:51.984-05:002013-02-08T18:39:51.984-05:00I tried this on one of our machines here. It uses ...I tried this on one of our machines here. It uses a SuperMicro motherboard with an integrated 82574L.<br /><br />I have not been able to replicate it. However, I am wondering in integrated chips are not affected, and only add-on cards are?Stuka87https://www.blogger.com/profile/02941895358843826022noreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-36500685237378034102013-02-08T18:38:57.960-05:002013-02-08T18:38:57.960-05:00I tried this on one of our machines here. It uses ...I tried this on one of our machines here. It uses a SuperMicro motherboard with an integrated 82574L.<br /><br />I have not been able to replicate it. However, I am wondering in integrated chips are not affected, and only add-on cards are?Stuka87https://www.blogger.com/profile/02941895358843826022noreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-16666806221485195972013-02-08T13:32:07.562-05:002013-02-08T13:32:07.562-05:00@Kristian
Which motherboard did you test with?@Kristian<br />Which motherboard did you test with?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-18082113234071287802013-02-08T13:27:18.768-05:002013-02-08T13:27:18.768-05:00What's up with your picture you look like you&...What's up with your picture you look like you're from jersey shore?? LOLAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-82262481488856602842013-02-08T13:00:33.234-05:002013-02-08T13:00:33.234-05:00This is fascinating. Do the packets have to have v...This is fascinating. Do the packets have to have valid structure? Do they have to be unicast? I can see a "weaponized" form of this as ARP or multicast or some other 1-to-many frame type, which would take out an entire subnet with a single packet...<br /><br />Absolutely stellar investigation, bravo!shewfighttps://www.blogger.com/profile/08621878617494429176noreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-67225006462055730212013-02-08T07:42:09.136-05:002013-02-08T07:42:09.136-05:00Guys,
If you find your NIC vulnerable -- please p...Guys,<br /><br />If you find your NIC vulnerable -- please post the details (versions, whether it is integrated or not, and whatnot) AND the EEPROM dump BEFORE you patched the NIC. This should help us all locate the issue.<br /><br />WBR,<br />dmyAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-76149826646350569322013-02-08T07:07:02.355-05:002013-02-08T07:07:02.355-05:00Press release from Intel: http://communities.intel...Press release from Intel: http://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statementAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-80433769570519282442013-02-08T06:55:16.729-05:002013-02-08T06:55:16.729-05:00Ow and following info:
ethtool -i eth1
driver: e1...Ow and following info:<br /><br />ethtool -i eth1<br />driver: e1000e<br />version: 1.5.1-k<br />firmware-version: 2.1-2<br />bus-info: 0000:04:00.0<br />Michielhttps://www.blogger.com/profile/09752649440845205251noreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-45306205614470261102013-02-08T06:53:02.784-05:002013-02-08T06:53:02.784-05:00also I am unable to replicate the bug with our 825...also I am unable to replicate the bug with our 82574L.<br /><br />lshw gives this output:<br /><br /> capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation<br /> configuration: autonegotiation=on broadcast=yes driver=e1000e driverversion=1.5.1-k firmware=2.1-2 latency=0 link=no multicast=yes port=twisted pair<br /><br />kernel version: 3.2.0-37-generic (64 bit)<br /><br />with these EEPROM values:<br />0x0010 ff ff ff ff 6b 02 00 00 d9 15 d3 10 ff ff 58 a5<br />0x0030 c9 6c 50 31 3e 07 0b 46 84 2d 40 01 00 f0 06 07<br />0x0060 02 01 00 40 41 13 17 40 ff ff ff ff ff ff ff ffMichielhttps://www.blogger.com/profile/09752649440845205251noreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-78115829952371882352013-02-08T05:32:28.693-05:002013-02-08T05:32:28.693-05:00Thoroughly compelling narrative, and inspiringly c...Thoroughly compelling narrative, and inspiringly comprehensive diagnostics, Kris! Thank you!<br /><br />The part that stimulates my thinking is the inoculation. If your findings are correct, then people testing their NICs must ensure that they really restart or reset their NICs before testing, since there is a pretty good chance that they've experienced packets where byte 1151 is an inoculating value rather than a no-effect or death value.<br /><br />I wonder what are the consequences of values other that 0x31, 0x32, 0x33, 0x34 at byte 1151? No effect, or inoculation. The latter would make this problem extremely hard to observe and rare to experience.Adam Chappellhttps://www.blogger.com/profile/07838748875289672525noreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-53423292325814680172013-02-08T03:26:21.351-05:002013-02-08T03:26:21.351-05:00Re 82576 and 82580 cards:
We have some onboard ca...Re 82576 and 82580 cards:<br /><br />We have some onboard cards that are identified as 82576 but these use the 'igb' driver and not the 'e1000e' driver as the 82574L... so I don't think they are the same...<br /><br />(I'm obviously not sure about that..)<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-17191198431866950162013-02-08T00:28:24.082-05:002013-02-08T00:28:24.082-05:00Also unable to replicate... Has anyone other than ...Also unable to replicate... Has anyone other than the author been able to reproduce this?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-7586381977071001502013-02-07T20:50:35.444-05:002013-02-07T20:50:35.444-05:00@ Mike Ireton or any one els that has heard of the...@ Mike Ireton or any one els that has heard of the Motorola Canopy bug he mentioned. If you have any other info, i'd like to discuss this.<br /><br />@ Kristian Kielhofner, Thanks for this. Some A+ Sleuthing going on there.Anonymoushttps://www.blogger.com/profile/01418377163606951600noreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-26438381127658459342013-02-07T18:42:05.828-05:002013-02-07T18:42:05.828-05:00Unable to replicate with 82574L.Unable to replicate with 82574L.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-82424323836268517202013-02-07T14:32:40.354-05:002013-02-07T14:32:40.354-05:00Does anybody know if this affects the 82576 or 825...Does anybody know if this affects the 82576 or 82580 chips? I think that these are the dual and quad versions of the 82574, but I'm not sure about that.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-32517188848843518332013-02-07T14:13:03.753-05:002013-02-07T14:13:03.753-05:00We ran into this problem on a server we had in our...We ran into this problem on a server we had in our corporate environment running KVM VM. It hosed some VM's from responding every couple of months. Then one time almost all of the VM's plus the host were non-responsive. This again happened when we moved to a new co-location for our production environment.<br /><br />The solution we used was the same as the one "Gordon Messmer" mentioned. We used the shell script to update the EEPROM on our 82547L chip. We haven't had any issues for about 7 months.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-6238009387397703902013-02-07T13:25:16.991-05:002013-02-07T13:25:16.991-05:00One more request: is it possible to post the entir...One more request: is it possible to post the entire eeprom of a bad card?<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9220932811142893057.post-21050498157522589402013-02-07T13:05:57.523-05:002013-02-07T13:05:57.523-05:00That's a fantastically scary bug. Thanks for ...That's a fantastically scary bug. Thanks for all the careful tracking and detective work.<br /><br />I assume I'm not the only one thinking, "what if every e1000 out there manifests this problem?" Icky, very icky indeed.John Byrdhttps://www.blogger.com/profile/05621980185968621733noreply@blogger.com