nanog mailing list archives
Re: WaPo writes about vulnerabilities in Supermicro IPMIs
From: Leo Bicknell <bicknell () ufp org>
Date: Fri, 16 Aug 2013 09:14:43 -0500
On Aug 15, 2013, at 9:18 PM, Brandon Martin <lists.nanog () monmotha net> wrote:
As to why people wouldn't put them behind dedicated firewalls, imagine something like a single-server colo scenario.
I have asked about this on other lists, but I'll ask here. Does anyone know of a small (think Raspberry Pi sized) device that is: 1) USB powered. 2) Has two ethernet ports. 3) Runs some sort of standard open source OS? You might already see where I'm going with this, a small 2-port firewall device sitting in front of IPMI, and powered off the USB bus of the server. That way another RU isn't required. Making it fit in an expansion card slot and using an internal USB header might be interesting too, so from the outside it wasn't obvious what it was. I would actually like to see the thing only respond on the USB side, power + console, enabling consoling in and changing L2 firewall rules. No IP stack on it what so ever. That would be highly secure and simple. -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Current thread:
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs, (continued)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jima (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Valdis . Kletnieks (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- RE: WaPo writes about vulnerabilities in Supermicro IPMIs Tom Walsh - EWS (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Brandon Martin (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jonathan Lassoff (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Andrew Jones (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Jay Ashworth (Aug 15)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Leo Bicknell (Aug 16)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Charles N Wyble (Aug 25)
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Alain Hebert (Aug 16)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: WaPo writes about vulnerabilities in Supermicro IPMIs Anthony Bonkoski (Aug 17)