[164246] in North American Network Operators' Group
RE: IPMI vulnerabilities
daemon@ATHENA.MIT.EDU (Jamie Bowden)
Tue Jul 2 11:55:13 2013
From: Jamie Bowden <jamie@photon.com>
To: Jeroen Massar <jeroen@massar.ch>, Steven Bellovin <smb@cs.columbia.edu>
Date: Tue, 2 Jul 2013 15:54:30 +0000
In-Reply-To: <51D2F292.5060801@massar.ch>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> From: Jeroen Massar [mailto:jeroen@massar.ch]
> On 2013-07-02 16:51 , Steven Bellovin wrote:
> > http://www.wired.com/threatlevel/2013/07/ipmi/
> >
> > Capsule summary: watch out!
>=20
> Indeed! But it is should be logical, as IPMI is supposed to be for OOB
> access right? :)
>=20
> Anybody not putting them behind a properly restricted firewall and/or
> VLAN is asking for issues... typical IPMI boxes run outdated linux
> kernels, with nice olddated userspace and a whole lot of tools that one
> can not really restrict access to, thus it is quite silly to have that
> access open to the public.
That same reasoning has worked wonders at keeping SCADA systems off the pub=
lic internet too.
Jamie
