nanog mailing list archives
RE: IPMI vulnerabilities
From: Jamie Bowden <jamie () photon com>
Date: Tue, 2 Jul 2013 15:54:30 +0000
From: Jeroen Massar [mailto:jeroen () massar ch] On 2013-07-02 16:51 , Steven Bellovin wrote:http://www.wired.com/threatlevel/2013/07/ipmi/ Capsule summary: watch out!Indeed! But it is should be logical, as IPMI is supposed to be for OOB access right? :) Anybody not putting them behind a properly restricted firewall and/or VLAN is asking for issues... typical IPMI boxes run outdated linux kernels, with nice olddated userspace and a whole lot of tools that one can not really restrict access to, thus it is quite silly to have that access open to the public.
That same reasoning has worked wonders at keeping SCADA systems off the public internet too. Jamie
Current thread:
- IPMI vulnerabilities Steven Bellovin (Jul 02)
- Re: IPMI vulnerabilities Jeroen Massar (Jul 02)
- RE: IPMI vulnerabilities Jamie Bowden (Jul 02)
- Re: IPMI vulnerabilities Jeroen Massar (Jul 02)
- Re: IPMI vulnerabilities Valdis . Kletnieks (Jul 02)
- RE: IPMI vulnerabilities Jamie Bowden (Jul 02)
- Re: IPMI vulnerabilities Jeroen Massar (Jul 02)
- Re: IPMI vulnerabilities Dave Lindner (Jul 02)