nanog mailing list archives
Re: WaPo writes about vulnerabilities in Supermicro IPMIs
From: Jonathan Lassoff <jof () thejof com>
Date: Thu, 15 Aug 2013 19:56:36 -0700
The primary point of IPMI for most users is to be able to administer and control the box when it's not running. Using the host itself as a firewall is the quickest way to get that BMC online, but it kinda defeats the purpose. On Thu, Aug 15, 2013 at 7:46 PM, Jay Ashworth <jra () baylink com> wrote:
----- Original Message -----From: "Brandon Martin" <lists.nanog () monmotha net>As to why people wouldn't put them behind dedicated firewalls, imagine something like a single-server colo scenario. Most such providers don't offer any form of lights-out management aside from maybe remote reboot (power-cycle) nor do they offer any form of protected/secondary network to their customers. So, if you want to save yourself from a trip, you chuck the thing raw on a public IP and hope you configured it right.Well, *I* would firewall eth1 from eth0 and cross-over eth1 to the ILO jack; let the box be the firewall. Sure, it's still as breakable as the box proper, but security-by-obscurity isn't *bad*, it's just *not good enough*. It's another layer of tape. Whether it's teflon or Gorilla is up to you. Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Current thread:
- WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jima (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Valdis . Kletnieks (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- RE: WaPo writes about vulnerabilities in Supermicro IPMIs Tom Walsh - EWS (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Brandon Martin (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jonathan Lassoff (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Andrew Jones (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Leo Bicknell (Aug 16)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Charles N Wyble (Aug 25)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Alain Hebert (Aug 16)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Anthony Bonkoski (Aug 17)
- <Possible follow-ups>
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Scott Weeks (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Larry Sheldon (Aug 15)