nanog mailing list archives

Re: ipmi access

From: Blake Hudson <blake () ispn net>
Date: Mon, 02 Jun 2014 11:14:59 -0500


shawn wilson wrote the following on 6/2/2014 11:06 AM:

On Mon, Jun 2, 2014 at 10:14 AM, Jared Mauch <jared () puck nether net> wrote:

My IPMI (super micro) you can put v6 and v4 filters into for protecting the ip space from trusted sources. Has my home 
static ip ranges and a few intermediary ranges that I also have access to.

Mmmm, and an ip has never been spoofed and no arp poisoned. And I
wonder how good these filters are in their TCP stack implementation -
not something I'd trust :)

We just reported a bug to Dell regarding their last 2 generations ofremote access controllers where the firewall rules only apply to TCP andnot to ICMP or UDP. Their first response was to replace the motherboard.Second response was that this is just how they work. Not looking good.We run our IPMI interfaces behind stateless ACLs, accessible from VPN ortrusted ranges.


--Blake

Current thread:

Re: ipmi access, (continued)
- - - Re: ipmi access Chris Adams (Jun 02)
    - Re: ipmi access Jimmy Hess (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Peter Kristolaitis (Jun 02)
  - Re: ipmi access charles (Jun 02)
- Re: ipmi access Jeroen Massar (Jun 02)
- Re: ipmi access Jared Mauch (Jun 02)
  - Re: ipmi access Randy Bush (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
  - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Blake Hudson (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
    - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
    - Re: ipmi access Jeroen Massar (Jun 02)
    - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access Brian Rak (Jun 02)
    - Re: ipmi access Robert Drake (Jun 04)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)

(Thread continues...)