Re: WaPo writes about vulnerabilities in Supermicro IPMIs

[Leo Bicknell <bicknell () ufp org>]

On Aug 15, 2013, at 9:18 PM, Brandon Martin <lists.nanog () monmotha net> wrote:

> As to why people wouldn't put them behind dedicated firewalls, imagine something like a single-server colo scenario. 

I have asked about this on other lists, but I'll ask here.

Does anyone know of a small (think Raspberry Pi sized) device that is:

  1) USB powered.
  2) Has two ethernet ports.
  3) Runs some sort of standard open source OS?

You might already see where I'm going with this, a small 2-port firewall device sitting in front of IPMI, and powered 
off the USB bus of the server.  That way another RU isn't required.  Making it fit in an expansion card slot and using 
an internal USB header might be interesting too, so from the outside it wasn't obvious what it was.

I would actually like to see the thing only respond on the USB side, power + console, enabling consoling in and 
changing L2 firewall rules.  No IP stack on it what so ever.  That would be highly secure and simple.

-- 
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/