On 5/11/06, Lars Hansson <[EMAIL PROTECTED]> wrote:
On Thursday 11 May 2006 19:22, Stephan A. Rickauer wrote: > Any recommendations in addition to the colorful lies on the web from all > the vendors? Experiences? Any pitfalls?
Linux-based "appliances" and I have a bad (and very public) history. The small "original" Lantronix SCS100/200 products are fine, the larger products are an embedded linux with a history of vulnerability. Other vendors, including Digi, also ship Linux "appliances" with many more services running than I like to see on a dedicated console server.
I'm using an ancient 72-port Xylogics RemoteAnnex 4000 together with an OpenBSD box running conserver. it works just dandy.
Wow, 72 ports in one chassis. Cool. We use Lucent Portmasters, readily available from portmasters.com Old school terminal servers like the Xylogics and Portmasters have ancient IP stacks and are likely vulnerable to many attacks, so the solution I use (and presumably Lars too) is to put the terminal server(s) on a second NIC of an OpenBSD box, so the weak stack is never exposed on the network. If only a few serial port are needed, there are many different multiport cards supported by the puc(4) driver. Either way we deploy an OpenBSD solution for well under the $50/port price point of Lantronix, Digi, and other Linux-based "appliance" console servers. Kevin (P.S. And unlike the "appliance" consoles, we can do OTP authentication with S/Key without shelling out for expensive SecurID/Safeword/etc tokens and auth servers.)
