top | item 14244579

(no title)

gwu78 | 8 years ago

Is it true these packets are HTTP requests full of XML, i.e., SOAP? Do they use HTTPS on ports 16994 and 16995?

To avoid a crash, users can mount potentially malicious filesystems in userspace, i.e. users can run kernel drivers like ffs outside of the kernel. This feature comes from a non-Linux kernel. I have read this may be able to work on Linux too but I have never tried it.

discuss

cillian64|8 years ago

Here is a script which speaks the AMT lingo: https://github.com/wentasah/amtterm/blob/master/amttool

It's clearly using SOAP, and looks like you can choose between HTTPS or HTTP.

Filligree|8 years ago

> To avoid a crash, users can mount potentially malicious filesystems in userspace, i.e. users can run kernel drivers like ffs outside of the kernel. This feature comes from a non-Linux kernel. I have read this may be able to work on Linux too but I have never tried it.

Linux has FUSE for this, but...

- A lot of filesystems don't have FUSE drivers. You can't use the same kernel-mode drivers in userspace. In fact, off the top of my head, the only filesystem with both kernel-mode and userspace drivers is ZFS.

- It just reduces the threat, it doesn't eliminate it. There's no guarantee whatsoever that the FUSE kernel-side shim is invulnerable to bad inputs, though hopefully it's been audited. Something that never touches the kernel would still be preferable.