[172156] in North American Network Operators' Group
Re: ipmi access
daemon@ATHENA.MIT.EDU (Andrew Latham)
Mon Jun 2 08:19:16 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <m21tv7v7fn.wl%randy@psg.com>
Date: Mon, 2 Jun 2014 07:19:07 -0500
From: Andrew Latham <lathama@gmail.com>
To: Randy Bush <randy@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
I use OpenVPN to access an Admin/sandboxed network with insecure portals,
wiki, and ipmi.
On Jun 2, 2014 7:13 AM, "Randy Bush" <randy@psg.com> wrote:
> so how to folk protect yet access ipmi? it is pretty vulnerable, so 99%
> of the time i want it blocked off. but that other 1%, i want kvm
> console, remote media, and dim sum.
>
> currently, i just block the ip address chunk into which i put ipmi at
> the border of the rack. when i want access, i reconfig the acl. bit of
> a pita.
>
> anyone care to share better idea(s)? thanks.
>
> randy
>
