Oh, I just love that hacker with the black mask on hunched over the laptop (page 6). That's a fail straight away. As soon as you see someone on your campus with a black mask on you know he/she is up to no good.
Regarding separate physical IPMI networks I have seen it done both ways. One site I worked with had a completely separate IPMI infrastructure. Including the IPMI access and control servers sited in a different room from the main server room. For the very good reason of still being able to do shutdowns if the whole rest of the shooting match was boiling itself to death etc. etc. Worth thinking about. On 21 June 2018 at 12:31, Chris Samuel <ch...@csamuel.org> wrote: > Hi all, > > On the subject of BMCs, in case you've not seen this & run HPE gear. > > https://twitter.com/marcan42/status/1008981518159511553 > > # HP iLO4 authentication bypass: > # curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA" > # No, that's not a crash PoC. That's a full blown auth bypass. > # sscanf into fixed buffer overwrites a flag field that bypasses auth. > # Yes, really. > > The tweet links to this PDF about backdooring HP servers via this: > > https://airbus-seclab.github.io/ilo/SSTIC2018-Slides-EN- > Backdooring_your_server_through_its_BMC_the_HPE_iLO4_ > case-perigaud-gazet-czarny.pdf > > Fortunately I think every system I've run so far has had the BMCs > on their own separate IP network. > > All the best, > Chris > -- > Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC > > _______________________________________________ > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf >
_______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
