[172155] in North American Network Operators' Group
ipmi access
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Jun 2 08:10:13 2014
X-Original-To: nanog@nanog.org
Date: Mon, 02 Jun 2014 05:10:04 -0700
From: Randy Bush <randy@psg.com>
To: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
so how to folk protect yet access ipmi? it is pretty vulnerable, so 99%
of the time i want it blocked off. but that other 1%, i want kvm
console, remote media, and dim sum.
currently, i just block the ip address chunk into which i put ipmi at
the border of the rack. when i want access, i reconfig the acl. bit of
a pita.
anyone care to share better idea(s)? thanks.
randy
