- May 29, 2011
You say you work in network security?I work in network security and know something about TCP/IP, and in my mind it is totally feasible for there to be a NIC with an embedded (and hidden) chip that could copy packets and launch outbound connections to foreign addresses unbeknown to the user, or even the system. I don't know what exact components are used physically on the mobo, but if it's possible to copy traffic on a cable, I see no reason why packets could not be copied without interruption to the normal packet flow and without the mobo being any wiser to what is going on...
If you did work in network security, I'm sure that you'd be aware that IPMI interfaces are very often segmented from the Internet on an airgapped network, and that many places have intelligent IDS systems that alarm on *any* unexpected traffic. Unless you have some magic Voldemort grade silicon that can transmit packets around the world without the minor formality of actually transiting real copper or fiber cables, it is absolutely certain that SOMEONE would have noticed by now, and we'd have proof that it exists. It only takes one site to spot the "outbound connections to foreign addresses unbeknown to the user". This has not happened, which suggests that there is no such silicon subversion, or, it isn't being used in any meaningful way.
Besides, any attacker embedding things in silicon is a fool, given that the firmware would be so much easier to subvert; that would give you code that could hide on a protected subsystem in the server, and yet be able to vanish with barely a trace. This really just turns into an argument to avoid placing your critical infrastructure and storage in a position on the network where it can reach the general Internet, something that those of us who actually do work in network security have advised ... pretty much forever. This is, of course, commonly ignored by CTO's and others who do not subscribe to such levels of security paranoia.