Jump to content

NetCAT attacks Xeons

porina
By porina
in Tech News
 Share
Posted

 

Quote

In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory. By avoiding system memory, Intel's DDIO—short for Data-Direct I/O—increased input/output bandwidth and reduced latency and power consumption.

 

Now, researchers are warning that, in certain scenarios, attackers can abuse DDIO to obtain keystrokes and possibly other types of sensitive data that flow through the memory of vulnerable servers. The most serious form of attack can take place in data centers and cloud environments that have both DDIO and remote direct memory access enabled to allow servers to exchange data. A server leased by a malicious hacker could abuse the vulnerability to attack other customers. To prove their point, the researchers devised an attack that allows a server to steal keystrokes typed into the protected SSH (or secure shell session) established between another server and an application server.

https://arstechnica.com/information-technology/2019/09/weakness-in-intel-chips-lets-researchers-steal-encrypted-ssh-keystrokes/

 

Another day, another Intel security vulnerability... A feature implemented to allow increased system performance by allowing more direct access to the CPU from peripherals could also be used to access other data. The impact seems limited, in that you have to have a system which uses this direct access method. A home user with a Xeon CPU system would seem unlikely to be affected by this although the vulnerability would still be there.

 

Quote

This issue has a low CVSS base score of 2.6. In scenarios where Intel DDIO and RDMA are enabled, strong security controls on a secured network are required, as a malicious actor would need to have read/write RDMA access on a target machine using Intel DDIO to use this exploit. In the complex scenarios where Intel DDIO and RDMA are typically used, such as massively parallel computing clusters, malicious actors typically don't have direct access from untrusted networks.

https://software.intel.com/security-software-guidance/insights/more-information-netcat

 

Intel's page suggest the features are typically used in scenarios where there are wider controls in place. Personally, I hadn't even heard of DDIO, and although I have heard of RDMA I didn't know what it was. Question to those in large corporate roles, how widely used are these features?

 

Quote

Why the name NetCAT instead of something more frightening?
We do not believe in fear-mongering with our research. NetCAT stands for Network Cache ATtack. “netcat” is also a famous utility that hackers and system administrators use to send information over the network. cat is the UNIX tool to read the contents a file, netcat is supposed to do the same over the network. NetCAT is a pun on being able to read data from the network without cooperation from the other machine on the network. If that is not enough pun already, DDIO makes use of the Cache Allocation Technology (CAT) internally. Finally, who doesn’t like cats?

https://www.vusec.net/projects/netcat/

 

Cats and the internet are still a thing then...

 

Gaming system: R7 7800X3D, Asus ROG Strix B650E-F Gaming Wifi, Thermalright Phantom Spirit 120 SE ARGB, Corsair Vengeance 2x 32GB 6000C30, MSI Ventus 3x OC RTX 5070 Ti, MSI MPG A850G, Fractal Design North, Samsung 990 Pro 2TB, Alienware AW3225QF (32" 240 Hz OLED)
Productivity system: i9-7980XE, Asus X299 TUF mark 2, Noctua D15, 64GB ram (mixed), RTX 4070 FE, NZXT E850, GameMax Abyss, Samsung 980 Pro 2TB, iiyama ProLite XU2793QSU-B6 (27" 1440p 100 Hz)
Gaming laptop: Lenovo Legion 5, 5800H, RTX 3070, Kingston DDR4 3200C22 2x16GB 2Rx8, Kingston Fury Renegade 1TB + Crucial P1 1TB SSD, 165 Hz IPS 1080p G-Sync Compatible

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/
Share on other sites
Link to post
Share on other sites
Posted

Cats are adorable, I don't see anyting wrong those fluffy animals attacking an evil and lazy company.

DAC/AMPs:

Klipsch Heritage Headphone Amplifier

Headphones: Klipsch Heritage HP-3 Walnut, Meze 109 Pro, Beyerdynamic Amiron Home, Amiron Wireless Copper, Tygr 300R, DT880 600ohm Manufaktur, T90, Fidelio X2HR

CPU: Intel 4770, GPU: Asus RTX3080 TUF Gaming OC, Mobo: MSI Z87-G45, RAM: DDR3 16GB G.Skill, PC Case: Fractal Design R4 Black non-iglass, Monitor: BenQ GW2280

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/#findComment-12883973
Share on other sites
Link to post
Share on other sites
Posted

This is why I'm a dog person, because they dont bother hacking my Computer. 

 

 /s

"Put as much effort into your question as you'd expect someone to give in an answer"- @Princess Luna

Make sure to Quote posts or tag the person with @[username] so they know you responded to them!

 RGB Build Post 2019 --- Rainbow 🦆 2020 --- Velka 5 V2.0 Build 2021

Purple Build Post ---  Blue Build Post --- Blue Build Post 2018 --- Project ITNOS

CPU AMD R7 7800X3D    Motherboard Asrock B650E Taichi Lite    RAM Corsair Vengeance RGB 32GB 5200mhz    GPU ASUS RTX4080 STRIX 

Case Fractal Torrent   Storage Samsung 980Pro 2TB, Crucial P3 Plus 4TB x2,     PSU Corsair RM1000x    Cooling Deepcool AK620

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/#findComment-12883979
Share on other sites
Link to post
Share on other sites
Posted

nnnnnnnnnnoooooooooooooooooooooooo! the lazy one might get off it's but!

Spoiler

/s. I am 25% sure intel is trying there bestest.

 

I live in misery USA. my timezone is central daylight time which is either UTC -5 or -4 because the government hates everyone.

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/#findComment-12884242
Share on other sites
Link to post
Share on other sites
Posted
On 9/11/2019 at 8:55 AM, TVwazhere said:

This is why I'm a dog person, because they dont bother hacking my Computer. 

 

 /s

 

On 9/11/2019 at 11:45 AM, RejZoR said:

But these aren't ordinary cats. These are NetCATS!

 

On 9/11/2019 at 9:09 PM, SlimyPython said:

Now instead of knocking things in real life, its on the internet now!!!1

6fadbadf4336edfed42d9c5115174a0765afe2feab5a027101160d5d4dc63721_product_card_v2_mobile_slider_639.jpg.4944f816bc95c628845fef952aab7f96.jpg

Come Bloody Angel

Break off your chains

And look what I've found in the dirt.

 

Pale battered body

Seems she was struggling

Something is wrong with this world.

 

Fierce Bloody Angel

The blood is on your hands

Why did you come to this world?

 

Everybody turns to dust.

 

Everybody turns to dust.

 

The blood is on your hands.

 

The blood is on your hands!

 

Pyo.

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/#findComment-12890390
Share on other sites
Link to post
Share on other sites
Posted

https://www.bleepingcomputer.com/news/security/new-netcat-attack-can-leak-sensitive-data-from-intel-cpus/

 

 

So. Althought intel are slightly downplaying what can end up happening, the attack seems relatively easy to deploy and, given intel have known about it for two months, I assume either another firmware patch is imminent, or DDIO is going to have a major revision or end up removed in the next refresh. Not a good look for Intel though ?

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/#findComment-12890682
Share on other sites
Link to post
Share on other sites
Posted

meow

 

but i'm not surprised for some reason

Don't forget to use the "Quote" feature or mention me ( @Gegger) if you want me to see your reply!

Community Standards // Forum Quickstart Guide // Floatplane // Forum FAQ // The Parrot Gang
Banned by Linus in the "banning game" thread who added insult to injury by putting this crap in my sig >(

WE ARE THE DARK SIDE Don't be a light theme peasant

Spoiler

             ........:oo:........

           o//ssssssssyhhysssss+////o               .''''''''''''''. 

          mddmmm/::ddddddddddddddmmmyss::/mmN       |   PARTY ON   |

          o..+oodddmmmhhhhhhhhhhhdmmmmmdddooy       | ,............'

         h::oyyhddmmm+++///////////++++++mmmddy::s  |/

      Nyyo[[sddhyyyyy::::::::::::::::::::yyymmh//oyym

     h..:oohmm+:://///::::////////////////+mmmmms..sNN

     m++sddmmm+::hddhhy::+ddddddddddddddhhhmmmmmdhh+++d

    Nsssyyhmmhssooodmmhhh::+mmdyyyyyyyyddddddmmmmmmmmo::d

   mmd../mmmmmo::shhdmmhhh::+mmhooooooooyhhmmmmmmmmmmmyssdmm

  +++++smmdddo::///dmmhhh::+mmhooooooooooommmmmddddmmmdd/++m

 ``+hhhmmhoo/:::::oooooossymmhooooooooyyymmdoooooydddmmo//N

 ++:mmmmmy:::::::::::::/yyhmmhooooooooyhhmmd:::::+yyhmmyssddd

ooommmmmy:::::::::::::://ommhooooooooooommd:::::://shhdmm+..

yyhmmh++/::::::::::::::::+mmhooooooooyyymmd::::::::/++hmm+//

dddmmh++/::::::::::::::::+mmhooooooooyhhddh:::::::::::hmmysshhd

mmmmmdhhs::::::::::::::::+mmhoooooooohhhhhy:::::::::::hmmhhh``+

mmmmmh++/::::::::::::::::+mmdhhsooooodmm++/:::::::::::hmmsss``+

dddmmhoo+::::::::::::::::+dddddyssyyydmm::::::::::::::hmmsoo++o

dddmmdhho::::::::::::::::+hhdmmddddmmmmm::::::::::::::hmmsooNNN

mmmmmh///::::::::::::::::+hhdmmmmmmmmddd::::::::::::::hmmsoo++/

yyhmmdss+::::::::::::::::/ooydddmmmmmsoo::::::::::::::yddhyy::+

++ommmmmy:::::::::::::::::::ohhdmmddd/::::::::::::::::shhdmmsssNNNmmN

..+mmmmmy:::::::::::::::::::://shh+//:::::::::::::::::://dmmmmdoo+..o

``+dddmmhss+:::::::::::::::::::+++/::::::::::::::::::::::ooodddhhysshNNy++m ``+hhdmmdhhs///:::::::::::::::::::::::::::::::::::::::::::::yyymmmmmmmmo++hNNmdd ``+hhdmmdhhhhh+:::::::::::::::::::::::::::::::::::::::::::::::/hhhhhdmmmmmsoo... ``+ddmmmdhhhhhyyyyyyyyyyyo:::::::::::::::::::::::::::::::::::::+++++sdddmmdhhsss//+ ``+mmmmmhsshhhhhhhhhhhhhhy++/:::::::::::::::::::::::::::::::::::::::+ssyyydmmddd///hhd ``+mmmmmy::shhhhhhhhhhhhhhhhs:::::::::::::::::::::::::::::::::::::::::::::ymmmmmmmh../ ``+mmmmmy:://////////////ohhhyy+::::::::::::::::::::::::::::::::::::::::::///hddmmmhhs++s ``+mmmmmhssssssssssssssssydddddysssssssssssssssssssssssssssssssssssssssssssssdddmmmmmy::s ``+mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmhooh

 

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/#findComment-12890802
Share on other sites
Link to post
Share on other sites
Posted

I honestly feel sorry for intel

 

First, You start seeing Vulnerability after vulnerability where it only affected intel CPUs. Then 3rd gen ryzen came... ouch and then Zombieload now NetCAT

Havent heard of Foreshadow but it comes somewhere around here

 

Intel will probably come back once they catch up on lithography and That Super Mega Company (TSMC) hasn't made 7nm as dense as Intels is predicted to be.

-----------------------------------------------------------------------------------------------------------------------

Also I wonder if the reason that the Ghz is lower is since its like a smaller gap or something?

✨FNIGE✨

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/#findComment-12891454
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, SlimyPython said:

I honestly feel sorry for intel

 

First, You start seeing Vulnerability after vulnerability where it only affected intel CPUs. Then 3rd gen ryzen came... ouch and then Zombieload now NetCAT

Havent heard of Foreshadow but it comes somewhere around here

 

Intel will probably come back once they catch up on lithography and That Super Mega Company (TSMC) hasn't made 7nm as dense as Intels is predicted to be.

-----------------------------------------------------------------------------------------------------------------------

Also I wonder if the reason that the Ghz is lower is since its like a smaller gap or something?

We can only speculate - so far we have no word on Intel's 7nm since it's slated for 2021 meaning it's nowhere near finished. Hopefully clocks are better than their 10nm process since 10nm mobile is getting creamed by their own 14nm parts which is....yeah.

 

Also, the amount of vulnerabilities are starting to get scary - I'm starting to think corporate clients may end up filing a lawsuit (though that would make little sense unless there is proof Intel purposefully left them in) - but yeah, considering the amount of things that have to be disabled for the CPU to be "secure" on professional products like Xeons, I'm left wondering if Marketing will be adjusted to not talk about DDIO or Hyper-Threading at all

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/#findComment-12891554
Share on other sites
Link to post
Share on other sites
Posted
11 hours ago, 5x5 said:

We can only speculate - so far we have no word on Intel's 7nm since it's slated for 2021 meaning it's nowhere near finished. Hopefully clocks are better than their 10nm process since 10nm mobile is getting creamed by their own 14nm parts which is....yeah.

 

Also, the amount of vulnerabilities are starting to get scary - I'm starting to think corporate clients may end up filing a lawsuit (though that would make little sense unless there is proof Intel purposefully left them in) - but yeah, considering the amount of things that have to be disabled for the CPU to be "secure" on professional products like Xeons, I'm left wondering if Marketing will be adjusted to not talk about DDIO or Hyper-Threading at all

Maybe. Just hear me out, Intel is trying their best to fully make a new architecture which is actually way more focused in security while still preforming just as well as their last ones

✨FNIGE✨

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/#findComment-12892619
Share on other sites
Link to post
Share on other sites
Posted
6 minutes ago, SlimyPython said:

Maybe. Just hear me out, Intel is trying their best to fully make a new architecture which is actually way more focused in security while still preforming just as well as their last ones

Hopefully they are. Cause the current core I architecture is starting to look like Swiss cheese

Link to comment
https://linustechtips.com/topic/1103407-netcat-attacks-xeons/#findComment-12892625
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×