[172175] in North American Network Operators' Group
Re: ipmi access
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Mon Jun 2 12:56:57 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <538CA303.4090900@ispn.net>
Date: Mon, 2 Jun 2014 12:56:47 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Blake Hudson <blake@ispn.net>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Mon, Jun 2, 2014 at 12:14 PM, Blake Hudson <blake@ispn.net> wrote:
> We just reported a bug to Dell regarding their last 2 generations of remote
> access controllers where the firewall rules only apply to TCP and not to
> ICMP or UDP. Their first response was to replace the motherboard. Second
> response was that this is just how they work. Not looking good. We run our
> IPMI interfaces behind stateless ACLs, accessible from VPN or trusted
> ranges.
so... as per usual:
1) embedded devices suck rocks
2) no updates or sanity expected anytime soon in same
3) protect yourself, or suffer the consequences
seems normal.
