On 2013-07-02 17:54 , Jamie Bowden wrote: >> From: Jeroen Massar [mailto:[email protected]] >> On 2013-07-02 16:51 , Steven Bellovin wrote: >>> http://www.wired.com/threatlevel/2013/07/ipmi/ >>> >>> Capsule summary: watch out! >> >> Indeed! But it is should be logical, as IPMI is supposed to be for OOB >> access right? :) >> >> Anybody not putting them behind a properly restricted firewall and/or >> VLAN is asking for issues... typical IPMI boxes run outdated linux >> kernels, with nice olddated userspace and a whole lot of tools that one >> can not really restrict access to, thus it is quite silly to have that >> access open to the public. > > That same reasoning has worked wonders at keeping SCADA systems off the > public internet too.
People problems cannot be resolved with code. Greets, Jeroen
