[165209] in North American Network Operators' Group
Re: WaPo writes about vulnerabilities in Supermicro IPMIs
daemon@ATHENA.MIT.EDU (Charles N Wyble)
Sun Aug 25 14:28:34 2013
In-Reply-To: <75FB9B0C-C170-418F-A753-32680B384978@ufp.org>
From: Charles N Wyble <charles-lists@knownelement.com>
Date: Sun, 25 Aug 2013 13:28:11 -0500
To: Leo Bicknell <bicknell@ufp.org>,Brandon Martin <lists.nanog@monmotha.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
If you are OK with USB ether net for one interface, check out the tplink wr703n. Its powered via USB, has a USB and rj45 jack. Runs OpenWrt.
Leo Bicknell <bicknell@ufp.org> wrote:
>
>On Aug 15, 2013, at 9:18 PM, Brandon Martin <lists.nanog@monmotha.net>
>wrote:
>
>> As to why people wouldn't put them behind dedicated firewalls,
>imagine something like a single-server colo scenario.
>
>I have asked about this on other lists, but I'll ask here.
>
>Does anyone know of a small (think Raspberry Pi sized) device that is:
>
> 1) USB powered.
> 2) Has two ethernet ports.
> 3) Runs some sort of standard open source OS?
>
>You might already see where I'm going with this, a small 2-port
>firewall device sitting in front of IPMI, and powered off the USB bus
>of the server. That way another RU isn't required. Making it fit in
>an expansion card slot and using an internal USB header might be
>interesting too, so from the outside it wasn't obvious what it was.
>
>I would actually like to see the thing only respond on the USB side,
>power + console, enabling consoling in and changing L2 firewall rules.
>No IP stack on it what so ever. That would be highly secure and
>simple.
>
>--
> Leo Bicknell - bicknell@ufp.org - CCIE 3440
> PGP keys at http://www.ufp.org/~bicknell/
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
