Re: OOB core router connectivity wish list

[Steven Bellovin <smb () cs columbia edu>]

On Jan 9, 2013, at 1:18 PM, Leo Bicknell <bicknell () ufp org> wrote:

> In a message written on Wed, Jan 09, 2013 at 06:39:28PM +0100, Mikael Abrahamsson wrote:
> > IPMI is exactly what we're going for.
>
> For Vendors that use a "PC" motherboard, IPMI would probably not be
> difficult at all! :)
>
> I think IPMI is a pretty terrible solution though, so if that's your
> target I do think it's a step backwards.  Most IPMI cards are prime
> examples of my worries, Linux images years out of date, riddled with
> security holes and universally not trusted.  You're going to need a
> "firewall" in front of any such solution to deploy it, so you can't
> really eliminate the extra box I proposed just change its nature.

https://www.schneier.com/blog/archives/2013/01/the_eavesdroppi.html


                --Steve Bellovin, https://www.cs.columbia.edu/~smb