Now this is a scary (and pretty cool) potential abuse of network card firmware and PCI bus architecture to bypass firewalls described by Arrigo Triulzi (quoted on Ben Laurie’s blog):
3) from 1 & 2 above, after about two years, Iâ€™ve reached my goal of writing a totally transparent firewall bypass engine for those firewalls which are PC-based: you simply overwrite the firmware in both NICs and then perform PCI-to-PCI transfers between the two cards for suitably formatted IP packets (modern NICs have IP â€œoffload enginesâ€ in hardware and therefore can trigger on incoming and outgoing packets). The resulting â€œJedi Packet Trickâ€ (sorry, couldnâ€™t resist) fools, amongst others, CheckPoint FW-1, Linux-based Strongwall, etc. This is of course obvious as none of them check PCI-to-PCI transfers,
Ben reckons it’s possible to do even more:
IMO: because of the nature of the PCI bus, you can use the same technique on any machine with a vulnerable NIC to read all of RAM.
Of course the attacker would need to compromise the card first, either by cracking the box or supplying malicious hardware.