ipmi access

Blake Hudson blake at ispn.net
Mon Jun 2 16:14:59 UTC 2014

shawn wilson wrote the following on 6/2/2014 11:06 AM:
> On Mon, Jun 2, 2014 at 10:14 AM, Jared Mauch <jared at puck.nether.net> wrote:
>> My IPMI (super micro) you can put v6 and v4 filters into for protecting the ip space from trusted sources. Has my home static ip ranges and a few intermediary ranges that I also have access to.
> Mmmm, and an ip has never been spoofed and no arp poisoned. And I
> wonder how good these filters are in their TCP stack implementation -
> not something I'd trust :)

We just reported a bug to Dell regarding their last 2 generations of 
remote access controllers where the firewall rules only apply to TCP and 
not to ICMP or UDP. Their first response was to replace the motherboard. 
Second response was that this is just how they work. Not looking good. 
We run our IPMI interfaces behind stateless ACLs, accessible from VPN or 
trusted ranges.


More information about the NANOG mailing list