IPMI: Hack a Server That Is Turned Off 90
Posted
by
timothy
from the great-power-brings-great-vulnerability dept.
from the great-power-brings-great-vulnerability dept.
UnderAttack writes "A common joke in infosec is that you can't hack a server that is turned off. You better make sure that the power cord is unplugged, too. Otherwise, you may be exposed via IPMI, a component present on many servers for remote management that can be used to flash firmware, get a remote console and power cycle the server even after the normal power button has been pressed to turn the server off."
Re:Different networks (Score:5, Interesting)
Cool. but sometimes I hear weird rumors [pcmag.com] about Intel vpro, which make me wonder "what is a network?" If your CPU (?!) is listening for 3G radio signals, there's not just "management network" and "production network" but also "their network" although I guess you can always have your computer wear a tinfoil hat.
Re:Different networks (Score:4, Interesting)
We keep the management network and the production network on separate physical networks. So if you get into a box, you still can't IPMI to any other box.
Are you sure? If you have an IPMI management network, that means your server has at least one connection to this network, including a physical Ethernet connection that can reach this management network, and an IP address assigned to its own IPMI service processor.
Who is to say that a hacker can't coopt this server's presence on the IPMI network, and utilize _that_ to gain access to the IPMI management of other servers?
Are you claiming your IPMI LAN is a routed network, where the network infrastructure outside your server guarantees that two different servers can never talk to each other?