WaPo writes about vulnerabilities in Supermicro IPMIs

Leo Bicknell bicknell at ufp.org
Fri Aug 16 14:14:43 UTC 2013


On Aug 15, 2013, at 9:18 PM, Brandon Martin <lists.nanog at monmotha.net> wrote:

> As to why people wouldn't put them behind dedicated firewalls, imagine something like a single-server colo scenario. 

I have asked about this on other lists, but I'll ask here.

Does anyone know of a small (think Raspberry Pi sized) device that is:

  1) USB powered.
  2) Has two ethernet ports.
  3) Runs some sort of standard open source OS?

You might already see where I'm going with this, a small 2-port firewall device sitting in front of IPMI, and powered off the USB bus of the server.  That way another RU isn't required.  Making it fit in an expansion card slot and using an internal USB header might be interesting too, so from the outside it wasn't obvious what it was.

I would actually like to see the thing only respond on the USB side, power + console, enabling consoling in and changing L2 firewall rules.  No IP stack on it what so ever.  That would be highly secure and simple.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/








More information about the NANOG mailing list