[jpc0]

Not to be oblivious but what is the attack vector here versus attacking the router on the other end of the cable which has known vulnerabilities?

How much L3+ logic is in the NIC? Pretty sure by the time a packet hits the NIC it is encrypted. The lowest level (closest to hardware) encryption I know of happening is in the Linux kernel but isn't currently in production exactly because of security concerns.

If you are sending unencrypted packets on the network I can think of much more reasonable attack vectors for an attacker to try than planting a backdoor in the NIC firmware.

How would this not get detected by modern DPI?

And I don't know much about the internals of Palo Alto / Cisco etc network security appliances but I'm pretty sure they do have custom ASICs/ FPGAs for their switching logic purely because of this attack vector.

My conclusion: 1. Your home router is significantly more vulnerable 2. Your IoT devices are significantly more vulnerable 3. Any network packet going through the NIC is also going to the internet at large generally or see point 1 and 2. 4. The ISP hardware isn't exposed to this attack vector

Feel free to help my understanding, I could be wrong.