How does the data get "back to base" ? I would encrypt it within an NTP or a DNS request - but that assumes outgoing NTP/DNS is not firewalled off. I guess just encrypted in an HTTP(s) payload makes sense - servers make requests to all sorts of software repositories etc.
On Thu, 4 Oct 2018 at 16:41, Ellis H. Wilson III <el...@ellisv3.com> wrote: > > On 10/04/2018 11:17 AM, Jeff Johnson wrote: > > I respectfully disagree. The BMCs in modern server designs are plumbed > > to every onboard network interface on the motherboard. So it’s not just > > a matter of the “dedicated management port”. The chip would have access > > to every onboard LAN. If any network was routable to the outside it > > would be potentially be able to engage in its designed activities > > > While many HPC environments are walled gardens this chip scandal would > > impact “HPC in the cloud” activities. > > > > Just my $.02 worth > > Fair points Jeff -- a colleague of mine actually just raised that point > before I saw your email. It seems some, but not most, of the servers we > were looking at have such an interconnected BMC. > > This design choice does not appear (at least at first glance) to be > associated with age of the system. It's an unfortunate situation either > way. One would really like your BMC to be isolated as much as humanly > possible. > > I do find it funny though in the article that the main actors are stuck > in a deny-loop. My cynicism meter is high today. > > Best, > > ellis > > -- > Ellis H. Wilson III, Ph.D. > www.ellisv3.com > _______________________________________________ > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf