[165049] in North American Network Operators' Group
Re: WaPo writes about vulnerabilities in Supermicro IPMIs
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Aug 16 10:15:23 2013
From: Leo Bicknell <bicknell@ufp.org>
In-Reply-To: <520D8BDA.1010504@monmotha.net>
Date: Fri, 16 Aug 2013 09:14:43 -0500
To: Brandon Martin <lists.nanog@monmotha.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 15, 2013, at 9:18 PM, Brandon Martin <lists.nanog@monmotha.net> =
wrote:
> As to why people wouldn't put them behind dedicated firewalls, imagine =
something like a single-server colo scenario.=20
I have asked about this on other lists, but I'll ask here.
Does anyone know of a small (think Raspberry Pi sized) device that is:
1) USB powered.
2) Has two ethernet ports.
3) Runs some sort of standard open source OS?
You might already see where I'm going with this, a small 2-port firewall =
device sitting in front of IPMI, and powered off the USB bus of the =
server. That way another RU isn't required. Making it fit in an =
expansion card slot and using an internal USB header might be =
interesting too, so from the outside it wasn't obvious what it was.
I would actually like to see the thing only respond on the USB side, =
power + console, enabling consoling in and changing L2 firewall rules. =
No IP stack on it what so ever. That would be highly secure and simple.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
