Re: [Libreboot] Blocking Intel ME ?

[Daniel Tarrero]

agree, i was loosing the focus: the thing is to disable the M.E.

there is a conversation in this mailing with Chris "something" with a
good info about M.E. and some tools too.

i hope me or some of you to have more free time and dive into this M.E.
nightmare. i want too to be able to check, broke and restore it as my
taste  :)

.....................................................

but hey, M.E. may be _not_the_only_ actor there :S IDS's are good for
this and more

with an IDS (a machine in-the-middle that receive a copy of all traffic
and process it looking for glitches and well known attack packets) you
can get more knowledge about what is going in and out of your network.

There are some switches and routers that can do "monitoring", that's
"copy all traffic the router/switch passes into one predefined port".
And there you plug your IDS (intrussion detection system).

You will get not only the good and the bad traffic, also the unknown 8)




El jue, 28-01-2016 a las 11:55 -0600, Will Hill escribió:
> Right, but what hardware and software do you trust to run the router and how 
> do you predict the MAC address?  There are several Respects Your Freedom wifi 
> access points which might work.  Maybe you could white list your known MAC 
> addresses and drop everything else, but then the Intel firmware might just 
> use the MAC address you have whitelisted.  The only real solution is to 
> disable the Management Engine or replace it's firmware with free software.  
> 
> In the mean time, logging traffic to spot odd packets is a great idea.  
> People 
> should document and publish malicious traffic from their networks.  
> 
> On Thursday 28 January 2016, Daniel Tarrero wrote:
> > > But you can put a firewall on a router externally to block ME packets
> > > escaping your network if you know where they come from.
> >
> > that was the idea, maybe i didnt explain myself propperly.
> 
> 
>