brak at gameservers.com
Mon Jun 2 14:57:17 UTC 2014
The kernel is the least of your worries here.
This is what you can expect from the Supermicro controllers:
Linux Kernel 18.104.22.168
On 6/2/2014 8:33 AM, Jeroen Massar wrote:
> On 2014-06-02 14:23, Paul S. wrote:
>> On most ATEN chip based BMC boards from Supermicro, it includes a UI to
>> iptables that works in the same way.
>> You could put it on a public net, allow your stuff and DROP 0.0.0.0/0.
>> But unless you have servers with those, I think the best way to go is
>> putting them on internal IPs and then using some sort of a VPN.
> While you are typing the iptables command, do a check of the software
> versions, typically they are running a decade old kernel and a lot of
> unpatched software that is exposed. You really do not want to run that
> on the Interwebs, just the idea of any packet arriving to such a kernel
> is scary.
> Relevant good reads:
> The first URL references 2.6.17, yes... *2.6.17* is the CURRENT version
> of the kernel running on most IPMIs out there.
> http://kernelnewbies.org/Linux_2_6_17 - Released 17 June, 2006
> 8 years... ouch, yeah, no way that is going to be attached to a public
> Thus please, don't shoot yourself in the foot with that and more
> importantly don't shoot the rest of the Internet in the foot as they'll
> receive the packets.
> Note: the IPMI that Michael describes is on a unrouted VLAN, the access
> to the OpenVPN port that he runs on the IPMI happens through SSH on a
> jumpbox which is ACLd away.
> (who is still awaiting for Zeus4IPMI)
More information about the NANOG