From owner-freebsd-security@FreeBSD.ORG Wed Nov 17 15:28:05 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDFBF16A4CE for ; Wed, 17 Nov 2004 15:28:05 +0000 (GMT) Received: from sollube.sarenet.es (sollube.sarenet.es [192.148.167.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE38F43D41 for ; Wed, 17 Nov 2004 15:28:05 +0000 (GMT) (envelope-from borjamar@sarenet.es) Received: from [127.0.0.1] (borja.sarenet.es [192.148.167.77]) by sollube.sarenet.es (Postfix) with ESMTP id 3E4EAED3; Wed, 17 Nov 2004 16:28:03 +0100 (CET) In-Reply-To: <419AAEE3.9020900@elischer.org> References: <419AAEE3.9020900@elischer.org> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <4511D7AF-38AD-11D9-872F-000393C94468@sarenet.es> Content-Transfer-Encoding: 7bit From: Borja Marcos Date: Wed, 17 Nov 2004 16:28:02 +0100 To: Julian Elischer X-Mailer: Apple Mail (2.619) cc: freebsd-security@freebsd.org Subject: Re: FireWire Security issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2004 15:28:06 -0000 > yes we've been aware of this problem for a year or so :-) > I guess we need to get the filters done.. > We do of course use firewire for remote kernel debugging with great > success so we > need to be able to turn it off sometimes :-) Anyway, Firewire isn't Ethernet. A rogue device connected to an SCSI port (or an USB port) could sniff traffic sent to other devices, isn't it? It's a matter of how closely-coupled do you consider the interface; an Ethernet is more loosely coupled than a Firewire. You assume than an Ethernet may carry dangerous traffic, but, do you assume the same for a SCSI, a USB or a Firewire port, I mean, the kind of interface you use for hard disks, etc? BTW, provided that USB ports are connected in parallel... a rogue USB device could sniff a user's keyboard activity or even generate rogue keyboard activity, isn't it? Borja.