[kwlug-disc] Supermicro board
L.D. Paniak
ldpaniak at fourpisolutions.com
Thu Aug 7 17:46:39 EDT 2014
On 08/07/2014 02:08 PM, William Park wrote:
> On Thu, Aug 07, 2014 at 10:35:48AM -0400, L.D. Paniak wrote:
>> If you have a network connection to a BMC, you have console access to
>> that system. Just be sure to lock it down appropriately eg. :
>> http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/
> The example in the link uses 'nc 49152' (netcat), from which I assume
> BMC has its own commands. But,
> - how do lock down port 49152 from OS, when it's under "BIOS"
> control? And,
> - how you tell OS not to use port 49152 (because it's used by
> "BIOS")?
Not only does the BMC/BIOS have its own OS, it has its own MAC and IP
address - and usually its own network port. It is essentially a small
embedded system independent of your OS which has control over power,
video output, cooling, etc of the main server. Later versions of the
Supermicro BMC have the ability to filter traffic themselves by IP
address/range.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140807/56904017/attachment.sig>
More information about the kwlug-disc
mailing list