nanog mailing list archives

Re: ipmi access

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Mon, 2 Jun 2014 12:56:47 -0400

On Mon, Jun 2, 2014 at 12:14 PM, Blake Hudson <blake () ispn net> wrote:

We just reported a bug to Dell regarding their last 2 generations of remote
access controllers where the firewall rules only apply to TCP and not to
ICMP or UDP. Their first response was to replace the motherboard. Second
response was that this is just how they work. Not looking good. We run our
IPMI interfaces behind stateless ACLs, accessible from VPN or trusted
ranges.


so... as per usual:
  1) embedded devices suck rocks
  2) no updates or sanity expected anytime soon in same
  3) protect yourself, or suffer the consequences

seems normal.

Current thread:

Re: ipmi access, (continued)
- - - Re: ipmi access Jimmy Hess (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Peter Kristolaitis (Jun 02)
  - Re: ipmi access charles (Jun 02)
- Re: ipmi access Jeroen Massar (Jun 02)
- Re: ipmi access Jared Mauch (Jun 02)
  - Re: ipmi access Randy Bush (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
  - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Blake Hudson (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
    - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
    - Re: ipmi access Jeroen Massar (Jun 02)
    - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access Brian Rak (Jun 02)
    - Re: ipmi access Robert Drake (Jun 04)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Brian Rak (Jun 02)

(Thread continues...)