> From: Jeroen Massar [mailto:[email protected]] > On 2013-07-02 16:51 , Steven Bellovin wrote: > > http://www.wired.com/threatlevel/2013/07/ipmi/ > > > > Capsule summary: watch out! > > Indeed! But it is should be logical, as IPMI is supposed to be for OOB > access right? :) > > Anybody not putting them behind a properly restricted firewall and/or > VLAN is asking for issues... typical IPMI boxes run outdated linux > kernels, with nice olddated userspace and a whole lot of tools that one > can not really restrict access to, thus it is quite silly to have that > access open to the public.
That same reasoning has worked wonders at keeping SCADA systems off the public internet too. Jamie
