nanog mailing list archives
Re: IPMI vulnerabilities
From: Jeroen Massar <jeroen () massar ch>
Date: Tue, 02 Jul 2013 17:32:34 +0200
On 2013-07-02 16:51 , Steven Bellovin wrote:
http://www.wired.com/threatlevel/2013/07/ipmi/ Capsule summary: watch out!
Indeed! But it is should be logical, as IPMI is supposed to be for OOB access right? :) Anybody not putting them behind a properly restricted firewall and/or VLAN is asking for issues... typical IPMI boxes run outdated linux kernels, with nice olddated userspace and a whole lot of tools that one can not really restrict access to, thus it is quite silly to have that access open to the public. Greets, Jeroen
Current thread:
- IPMI vulnerabilities Steven Bellovin (Jul 02)
- Re: IPMI vulnerabilities Jeroen Massar (Jul 02)
- RE: IPMI vulnerabilities Jamie Bowden (Jul 02)
- Re: IPMI vulnerabilities Jeroen Massar (Jul 02)
- Re: IPMI vulnerabilities Valdis . Kletnieks (Jul 02)
- RE: IPMI vulnerabilities Jamie Bowden (Jul 02)
- Re: IPMI vulnerabilities Jeroen Massar (Jul 02)
- Re: IPMI vulnerabilities Dave Lindner (Jul 02)