2 Jul
2013
2 Jul
'13
11:32 a.m.
On 2013-07-02 16:51 , Steven Bellovin wrote:
http://www.wired.com/threatlevel/2013/07/ipmi/
Capsule summary: watch out!
Indeed! But it is should be logical, as IPMI is supposed to be for OOB access right? :) Anybody not putting them behind a properly restricted firewall and/or VLAN is asking for issues... typical IPMI boxes run outdated linux kernels, with nice olddated userspace and a whole lot of tools that one can not really restrict access to, thus it is quite silly to have that access open to the public. Greets, Jeroen