[kwlug-disc] Supermicro board
unsolicited
unsolicited at swiz.ca
Thu Aug 7 15:33:32 EDT 2014
At the next hop router / firewall.
Something like:
accept 192.168.0.1 * 192.168.0.42 49152
reject * * 192.168.0.42 49152
Or more likely, ignore it. Your main router won't pass directly to it,
and you likely trust your local network getting to it.
When you need it, ssh in to somewhere else on the net, perhaps with a
redirect.
Something like 'LocalForward 49152 192.168.0.42 49152' in the ssh_config.
On 14-08-07 02:08 PM, William Park wrote:
> On Thu, Aug 07, 2014 at 10:35:48AM -0400, L.D. Paniak wrote:
>> If you have a network connection to a BMC, you have console access to
>> that system. Just be sure to lock it down appropriately eg. :
>> http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/
>
> The example in the link uses 'nc 49152' (netcat), from which I assume
> BMC has its own commands. But,
> - how do lock down port 49152 from OS, when it's under "BIOS"
> control? And,
> - how you tell OS not to use port 49152 (because it's used by
> "BIOS")?
>
More information about the kwlug-disc
mailing list