jeroen at massar.ch
Tue Jul 2 15:58:16 UTC 2013
On 2013-07-02 17:54 , Jamie Bowden wrote:
>> From: Jeroen Massar [mailto:jeroen at massar.ch]
>> On 2013-07-02 16:51 , Steven Bellovin wrote:
>>> Capsule summary: watch out!
>> Indeed! But it is should be logical, as IPMI is supposed to be for OOB
>> access right? :)
>> Anybody not putting them behind a properly restricted firewall and/or
>> VLAN is asking for issues... typical IPMI boxes run outdated linux
>> kernels, with nice olddated userspace and a whole lot of tools that one
>> can not really restrict access to, thus it is quite silly to have that
>> access open to the public.
> That same reasoning has worked wonders at keeping SCADA systems off the public internet too.
People problems cannot be resolved with code.
More information about the NANOG