nanog mailing list archives

Re: ipmi access

From: Jared Mauch <jared () puck nether net>
Date: Mon, 2 Jun 2014 07:14:50 -0700

My IPMI (super micro) you can put v6 and v4 filters into for protecting the ip space from trusted sources. Has my home 
static ip ranges and a few intermediary ranges that I also have access to.

On Jun 2, 2014, at 5:10 AM, Randy Bush <randy () psg com> wrote:

so how to folk protect yet access ipmi?  it is pretty vulnerable, so 99%
of the time i want it blocked off.  but that other 1%, i want kvm
console, remote media, and dim sum.

currently, i just block the ip address chunk into which i put ipmi at
the border of the rack.  when i want access, i reconfig the acl.  bit of
a pita.

anyone care to share better idea(s)?  thanks.

randy

Current thread:

Re: ipmi access, (continued)
- - Re: ipmi access Randy Bush (Jun 02)
    - Re: ipmi access Andrew Latham (Jun 02)
    - Re: ipmi access coy . hile (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Chris Adams (Jun 02)
    - Re: ipmi access Jimmy Hess (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Peter Kristolaitis (Jun 02)
  - Re: ipmi access charles (Jun 02)
- Re: ipmi access Jeroen Massar (Jun 02)
- Re: ipmi access Jared Mauch (Jun 02)
  - Re: ipmi access Randy Bush (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
  - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Blake Hudson (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
    - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
    - Re: ipmi access Jeroen Massar (Jun 02)
    - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access Brian Rak (Jun 02)

(Thread continues...)