<div dir="ltr"><div>Oh, I just love that hacker with the black mask on hunched over the laptop (page 6).</div><div>That's a fail straight away. As soon as you see someone on your campus with a black mask on you know he/she is up to no good.</div><div><br></div><div>Regarding separate physical IPMI networks I have seen it done both ways.</div><div>One site I worked with had a completely separate IPMI infrastructure. Including the IPMI access and control servers</div><div>sited in a different room from the main server room. For the very good reason of still being able to do shutdowns if the whole rest of the shooting match <br></div><div>was boiling itself to death etc. etc. Worth thinking about.<br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 21 June 2018 at 12:31, Chris Samuel <span dir="ltr"><<a href="mailto:chris@csamuel.org" target="_blank">chris@csamuel.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
On the subject of BMCs, in case you've not seen this & run HPE gear.<br>
<br>
<a href="https://twitter.com/marcan42/status/1008981518159511553" rel="noreferrer" target="_blank">https://twitter.com/marcan42/<wbr>status/1008981518159511553</a><br>
<br>
# HP iLO4 authentication bypass:<br>
# curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"<br>
# No, that's not a crash PoC. That's a full blown auth bypass.<br>
# sscanf into fixed buffer overwrites a flag field that bypasses auth.<br>
# Yes, really.<br>
<br>
The tweet links to this PDF about backdooring HP servers via this:<br>
<br>
<a href="https://airbus-seclab.github.io/ilo/SSTIC2018-Slides-EN-Backdooring_your_server_through_its_BMC_the_HPE_iLO4_case-perigaud-gazet-czarny.pdf" rel="noreferrer" target="_blank">https://airbus-seclab.github.<wbr>io/ilo/SSTIC2018-Slides-EN-<wbr>Backdooring_your_server_<wbr>through_its_BMC_the_HPE_iLO4_<wbr>case-perigaud-gazet-czarny.pdf</a><br>
<br>
Fortunately I think every system I've run so far has had the BMCs<br>
on their own separate IP network.<br>
<br>
All the best,<br>
Chris<br>
<span class="HOEnZb"><font color="#888888">-- <br>
Chris Samuel : <a href="http://www.csamuel.org/" rel="noreferrer" target="_blank">http://www.csamuel.org/</a> : Melbourne, VIC<br>
<br>
______________________________<wbr>_________________<br>
Beowulf mailing list, <a href="mailto:Beowulf@beowulf.org">Beowulf@beowulf.org</a> sponsored by Penguin Computing<br>
To change your subscription (digest mode or unsubscribe) visit <a href="http://www.beowulf.org/mailman/listinfo/beowulf" rel="noreferrer" target="_blank">http://www.beowulf.org/<wbr>mailman/listinfo/beowulf</a><br>
</font></span></blockquote></div><br></div>