Realtek LAN Controller: anyone familiar with its Properties?

[forumjoe]

The built-in LAN adapter on my P55-US3L (and I guess on most other P55 boards) is the Realtek RTL8111D, which is shown in Device Manager as "Realtek PCIe GBE Family Controller". The latest driver for this (v.5.778) has been applied. I'm using a wired Ethernet connection to my router from this Controller port on the P55-US3L but, unlike with my previous PC, the operability of that connection is being automatically enabled by the Realtek Controller not only under normal circumstances but also from the very moment the PC is powered on until the PC has booted into Windows. This is far from ideal and could conceivably lead to a security issue (since the router is providing a physical through-connection to the Internet as a result of this in that period). I would instead like to arrange it so that the operability of the Realtek port remains down until the PC has fully booted into Windows.

If you look at the Controller in Device Manager, there are a number of its features that are configurable on the Advanced tab. I suspect that one or more of these may provide the solution I'm after. But the listings are quite cryptic. Does anyone know what the following refer to?

802.1 Q/1p VLAN Tagging
Auto Disable PCIe
Auto Disable PHY
Green Ethernet
Jumbo Frame
Shutdown Wake-on-LAN
Wake-on-LAN Capabilities

[Searcher1]

I would surmise the "Wake on Lan" and "Shutdown on Lan" are the most likely ones to disable to avoid the LAN port being active prior to Win bootup but look forward to learning what DM has to advise on this one???

[forumjoe]

Yeh, I thought that as well, Searcher1, but I've now tried changing those two settings and it makes no difference at all.

Do appreciate that the router, in this case, has a built-in Ethernet hub, and that the router remains permanently on. Thus, it's the connection coming from the Realtek port on the P55-US3L that'll determine the operability of that through-connection at any instant.

I can, of course, deal with the problem by right-clicking on the double-screen icon in the systray that gives me the status of the connection and then choosing Disable, but I'd need to Enable and Disable the Controller every single time I started or ended Windows, which isn't really a practical proposition (especially as re-enabling the port requires you to go right into Device Manager to do it). Instead, there ought to be a specific configurable condition of the Realtek port that handles this.

[Dark Mantis]

Hi

Well to be honest this is a little out of my comfort zone but I wouldn't have thought that it was much of a security issue really as if your router is set up correctly it should act as a firewall anyway.

I am not sure that there is any way to automate what you want to do on an ordinary PC.

[forumjoe]

Yes, what you say is true, DM. The router should be acting like a firewall, by means of its NAT. However, if you were to take that argument to its logical conclusion, you'd have to also say that therefore it's pointless having any sort of firewall or antivirus installed on the PC, and we know that not to be the case. What I'm concerned about is Web scanners that look for vulnerabilities. You and many others may believe that the NAT firewalls in our routers effectively 'stealth' our PCs but many router (router-modem) manufacturers claim that this is not necessarily the case.

I don't think I'm asking for the earth, as in my former PC I used a Realtek PCI NIC (a discreet PCI card, therefore), and that Ethernet connection between the router and the PC always came up and went away in a sensible manner. I can't see why it shouldn't also be possible with this built-in Realtek port.

Incidentally, I've found yet another bug in the FH BIOS of this US3L. The list of BIOS bugs to report to GGTS is mounting. If in Device Manager you disable the Realtek Ethernet port - which is something I often do to turn off the Internet connection when I'm doing a system backup or adding some new application where I'm temporarily turning off my antivirus and software firewall - and then enter the BIOS and enter SMART LAN, the BIOS itself hangs. There's no way out of it, other than to do a Cntrl Alt Del and boot back into Windows. Entering SMART LAN causes that algorithm to start making measurements on that Ethernet connection. But, of course, with the port disabled, it can't do it. It never completes any measurement. Unfortunately, Gigabyte didn't foressee this and they therefore didn't incorporate a timeout in the measuring algorithm.

[Dark Mantis]

Well the list is certainly getting longer forumjoe.

As for the discrete network card working how you wanted, that I can imagine as it is being loaded after Windows. I am just not sure if it is possible with the integrated ones. I don't really see why not but have not come across the settings anywhere.

Obviously in theory the NAT does firewall the PC but that doesn't make it impenetrable I suppose. But I would have thought for the little time we are talking about that you don't have your full blown security running, which is only a matter of seconds, it wasn't worth worrying about. Unless of course you are MI5 or something.

[forumjoe]

Oh dear, DM, I think you've fallen into the trap that so many others have done, in that you assume that because the period during which that Ethernet connection is spuriously enabled is perhaps only 10 - 20 secs, the PC (or the LAN with PCs) will be safe from any scanners or other intrusions from the Internet. Well, if they're there, any inward packet or packets will be coming in at probably a rate of at least 100K packets per second, and if the Ethernet connection is, rightly or wrongly, saying that it's operable and capable of running, it'll pass those packets straight through to the PC at much the same rate. There'll be no meaningful software firewall present in the PC at this stage, or any antivirus either, as Windows will still be in the process of being booted.The point is that it'd take only a minute fraction of a second for a damaging packet or series of packets to be accepted by the LAN; the period during which the BIOS is booting the system into Windows is, by comparison, vastly longer. Such packets, or other spurious signalling that could cross that Ethernet connection, if allowed to, could find their way on to the PCIe bus.

The Ethernet 802.1 specification embodies operability signalling to handle situations like this, so both the router and the LAN port on the PC should properly use that signalling. It should be nothing to do with whether it's a PCI card or a built-in port instead. In theory, the RTL8111D chip on the US3L and on other P55s should provide this but, as ever, the outcome depends on how the board manufacturer has actually implemented things.

[Dark Mantis]

Well thanks for the info and when you put it like that I suppose it does make sense.  Never too old to learn

[Searcher1]

Hi forumjoe

Can you tell me how are you able to detect/tell that the Ethernet port is "live" at the moment of power up rather than once Windows and the drivers kick in???

Like you I use a Router that is always on though I intend to add a Gigbit switch sometime soonish as access to my NAS on a 10/100 port sometimes seems so slow!

Thinking out loud ~ are there any ethernet cable mechanical switches???  In other words like turing off a light could one isolate the PC from the Router to overcome the need to unplug the ethernet cable?

[Searcher1]

FWIW I notice that the current driver version for download is 7.032 - if that is any help???

Also, what is the Realtek Ethernet Diagnostic Utility used for???

[Dark Mantis]

The Realtek Ethernet Diagnostic Utility is basically just what it says and will help you find any problems with your LAN cabling from the computer. It can even tell you if there is a break in the cable  about how far from the computer it is.

[forumjoe]

Searcher1,

To answer your question about whether there's any sort of 'mechanical switch' available: Well, there may well be but a mechanical switch should be avoided if at all possible in a highspeed connection such as this. You can, of course, readily disable the Ethernet connection at any time by simply right-clicking on the double-screen icon in the systray and clicking Disable. But this is for the situation where the PC is already up and running, and re-enabling the connection is a bit of a fag, as you have to go right into Device Manager to do it.

You also ask how I know that the port is live at the moment of power-up, Well, not only is there a little status indicator light incorporated into the port itself but also the Ethernet channel status on my router tells me the condition of that connection. I concede that we're in an area where we just don't know for certain whether, during power-up, the Ethernet connection is truly being enabled at all, but the router and the port use an "I'm operable" signal (part of the Ethernet interface) to pass to each other. The practical validity of that signal is dependent on the DC supply voltages of the respective devices. Thus, both have to be saying "I'm operable" for the Ethernet channel indicator, either on the Realtek port or the one on the router, to be lit. It's, in effect, an AND function. In fact, what I'm seeing with this PC is that when Windows is closed down (the PC closed down), the channel indicator is off. That's sensible. But during the power-up phase, the indicator on the router (which is showing the overall operability of that connection) lights all the way through the BIOS's action, then goes out as Windows launches, then comes on again well before Windows finishes booting. Given that the very first thing the BIOS does at power-up is to check all the DC voltages and gives a single beep if all is okay with them, I would venture to say that the Realtek port on the PC ought to be in a position, between that point and before Windows completes booting, to properly disable the connection, ie. to say "I'm not fully operable yet because Windows hasn't fully booted". To me, that it doesn't do that is concerning.

[Searcher1]

The Realtek Ethernet Diagnostic Utility is basically just what it says and will help you find any problems with your LAN cabling from the computer. It can even tell you if there is a break in the cable  about how far form the computer it is.

Ah! right, thanks for the insight on that one

[Searcher1]

Hi forumjoe

Firstly, 100% agree about mechanical switches not being "right" for such connections.

Thinking about your feedback about the ethernet port lights and the router port lights ~ I have afeeling my old Gigabyte motherboard did the same and even this Toshiba laptop when wired in!

Right how does this sound as workaround ~ not all routers allow such filter rules but if you use a static IP in the range for the PC and in the filtering setup in the Router GUI "lock down" that IPs access to the 'outside world'.  This if possible would require steps each time you boot up to use the internet - not good!

OK just a question ~ what is the risk here, my Router is Firewallled up to be invisible as tested by GRC.com and I wonder is there an actual risk of intrusion during boot that the NAT and firewall filtering within the Router wiil not stop???  Having said that I could not agree with you more that it seems odd that the Ethernet port starts listening before the Windows drivers kick-in but having said that is such behaviour now commonplace to all makes of motherboard.

If my surmise is correct about the Routers stopping power I think in a home network the risk is almost negligible but in a corporate enviroment where the poor control of usage of USB sticks could introduce Trojans and other nastyware then unprotected PCs would be at risk

[Searcher1]

Incidently the most recent BIOS update for mine says this

"1.Update Realtek PXE ROM"  Now DM what does that mean???