GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Supermicro IPMI exploit - still vulnerable (https://gfy.com/showthread.php?t=1143982)

6South 06-26-2014 03:16 AM
Supermicro IPMI exploit - still vulnerable
 
An exploit against Supermicro IPMI that allows pulling a plain text list of users and passwords using a simple Get command to a specific port from back in November 2013 was not actually fixed in the firmware updates supplied by Supermicro, apparently.

http://arstechnica.com/security/2014...dvisory-warns/

There are a couple of more effective options for your server admins that are not being discussed:

1. Limit IPMI connections to specific IPs
2. Put IPMI behind a VPN / firewall.
3. Disable Telnet connections.

I've only seen one datacenter post an advisory on this and their solution is to helpfully null route your IPMI connection IPs. :thumbsup

TidalWave 06-26-2014 03:24 AM
Here is a detailed explanation and tips: http://blog.quadranet.com/supermicro...in-plain-text/

They are nullrouting temporarily and also filtering the effected port at their border routers to limit the effect as best as possible.
Users (idiots) all over the Internet however have had their hard drives WIPED, DATA STOLEN, and more however. I know first hand people who have had multiple servers wiped (and who knows what else with the data before being wiped), all because they wanted and whined about having their IPMI on public IP addresses.

The real solution is upgrading your firmware AND moving IPMI _OFF_ public access internet.
Only newbs want their IPMI on public, and only newb companys dont have a VPN tunnel service to the IPMI so its fully secure.

Klen 06-26-2014 03:29 AM
Quote:
Originally Posted by TidalWave (Post 20137663)
They are nullrouting temporarily and also filtering the effected port at their border routers to limit the effect as best as possible.
Users (idiots) all over the Internet however have had their hard drives WIPED, DATA STOLEN, and more however. I know first hand people who have had multiple servers wiped (and who knows what else with the data before being wiped), all because they wanted and whined about having their IPMI on public IP addresses.

The real solution is upgrading your firmware AND moving IPMI _OFF_ public access internet.
Only newbs want their IPMI on public, and only newb companys dont have a VPN tunnel service to the IPMI so its fully secure.
A vps server company where i have domain listed in sig is down for several days due this problem.I know it how that company is run by idiots tho didn't expect to be such a big idiots lol.But i have only domains which dont matter there so i dont care.But yes,proper way to do it is by VPN tunnel,softlayer do that if you want access IPMI,first you need to login to local VPN with your username and password,and only then you can access to IPMI.

TidalWave 06-26-2014 03:34 AM
Quote:
Originally Posted by KlenTelaris (Post 20137666)
A vps server company where i have domain listed in sig is down for several days due this problem.I know it how that company is run by idiots tho didn't expect to be such a big idiots lol.But i have only domains which dont matter there so i dont care.But yes,proper way to do it is by VPN tunnel,softlayer do that if you want access IPMI,first you need to login to local VPN with your username and password,and only then you can access to IPMI.
Same with QuadraNet... all access is via Private Network, and to get access into the Private Network you need to logon to their encrypted VPN tunnel.

I just looked up the IP of addtrades.com and yeah, I agree with your thoughts on them :winkwink:
I know who they are :upsidedow


All times are GMT -7. The time now is 10:16 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc