(Please forgive the spam; I wouldn't send such a thing here, let alone to ipmiutil, ipmitool, and freeipmi lists separately, but people got distressed last time when I didn't send something like it out, so... delete if of no interest.)
Working with HD Moore of Rapid 7, who collected much of the data, I did some very simple analytics and wrote up a paper on something like the state of the union regarding BMC/IPMI security. http://fish2.com/ipmi/river.pdf (Summary: it's probably worse than you could imagine, but hey, perhaps you're a dreamer too. More ipmi stuff may be found @ http://fish2.com/ipmi/.) A big thanks to not only HD for the data and commentary, but for the expertise and feedback from Albert Chu and Jarrod Johnson, who know more about IPMI than I ever will or want to know. Feel free to send any corrections, comments, questions, complaints, etc. to me. I'm trying to get the initial raw scan data, minus IP addresses, released, but you can do your own Internet scan of UPD 623 in less than a day, certainly. dan p.s. if anyone from SuperMicro security or IPMI team reads this, please drop me a line? RE: Grand Conclusion, page 6, of the aforementioned paper. ¸¸.·´¯`·.¸><(((º> ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
