Results 76 to 100 of 139
Thread: SuperMicro IPMI Security
-
05-03-2011, 02:27 PM #76Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
-
05-03-2011, 04:21 PM #77Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,615
Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Since 2003 - Ashburn VA + San Diego CA Datacenters
-
05-03-2011, 07:32 PM #78WHT Addict
- Join Date
- Jul 2005
- Posts
- 131
Nice find. will need to check firmware builds for my x7spa, as 2.02 doesn't have this 'shell' available but 2.25 does.
Last edited by Lockjaw; 05-03-2011 at 07:35 PM.
-
05-03-2011, 10:51 PM #79Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
Can we say that we are now sure that there is a vulnerability on Supermicro's IPMI ?
-
05-04-2011, 04:25 AM #80Web Hosting Master
- Join Date
- Jun 2006
- Location
- Support Ticket Near You!
- Posts
- 1,106
There will always be a vulnerability, as Fastserv has already figured limit it to local access.
-
09-20-2011, 04:55 PM #81Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
News:
One of our IPMI IPs was used today to connect and to host IRC servers and received a huge DDOS attack by a Botnet (1.4 Million packets per second) .. We received a report from our IDC after it happened.
This motherboard is a X3440, not sure how to check the "IPMI" version. I advise everyone running this same motherboard to move IPMI to internal IPs asap if you don't want problems like this.
Has supermicro discovered and/or released any updates to fix these issues?
-
09-20-2011, 05:11 PM #82Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,615
Chances are someone got in using the default login (or grabbed the admin password in cleartext if you ever used the config backup). For giggles try searching the IP in google and see how many proxy lists you're on.
Upgrade to latest firmware, reset to factory defaults, and quickly disable the anonymous account and change the admin password. Avoid using the config backup option as it stores the password in cleartext in an open location. Ideally you should have IPMI on a private network segment.Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Since 2003 - Ashburn VA + San Diego CA Datacenters
-
09-21-2011, 10:27 PM #83Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
I just read what I said on the last post and I meant to say the motherboard is a X8SIL-F (not a x3440 )
We always use https and change the admin password as soon as we access IPMI for the first time (also, we always make sure that there are no other logins).
Never used the config backup option
I am sure there is a bug, we had previous problems with SPAM being sent from other IPMI cards. We have some dozens of these servers and I believe it is just a matter of time until it happens with the others.
This one has already been moved to an internal IP and we are working to move the others. I hope that newer SM motherboards do not have similar issues.
-
09-21-2011, 10:43 PM #84Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,615
FYI the only problematic IPMI we had was also an X8SIL-F. No issues since upgrading and resetting the firmware.
Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Since 2003 - Ashburn VA + San Diego CA Datacenters
-
09-22-2011, 02:13 AM #85Web Hosting Evangelist
- Join Date
- Jul 2009
- Posts
- 451
are all the ipmi cards having issues onboard or add on cards?
-
09-22-2011, 06:46 AM #86Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
Onboard: SuperMIcro X8SIL-F
-
09-22-2011, 08:03 PM #87Web Hosting Master
- Join Date
- Dec 2004
- Posts
- 569
Maxnet
Offering automated dedicated server provisioning software
-
09-22-2011, 08:14 PM #88Web Hosting Evangelist
- Join Date
- Apr 2010
- Posts
- 493
It's pretty simple, you can take over an IPMI card from the host OS. These devices only need to talk to a couple things. Put them on a secure network that only allows them to talk to a management firewall. For our dedicated we still have them sending snmp traps to us so we can be proactive and allow access via a customer portal. These it no reason for them to access the general internet, each other or anything but a firewall and a management box.
-
10-11-2011, 09:20 AM #89Web Hosting Guru
- Join Date
- Apr 2011
- Posts
- 311
Finally we've found the way how to get into the IPMI system... I don't really want to post it on public, because it will give the info of this vulnerability to the whole world. Just keep it on private network. I think pretty soon this issue will be completely fixed. Right now we are working with the customer on it. 2 motherboards reported. It is x8dtl-if(already fixed) and x8sti-f(in process). Both seems to have an easy cure for it.
-
10-11-2011, 09:26 AM #90Web Hosting Evangelist
- Join Date
- Aug 2008
- Posts
- 536
-
10-11-2011, 09:53 AM #91Web Hosting Guru
- Join Date
- Apr 2011
- Posts
- 311
-
10-11-2011, 09:58 AM #92Web Hosting Evangelist
- Join Date
- Aug 2008
- Posts
- 536
-
10-11-2011, 10:03 AM #93Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
Hello! How did you find that out? Sniffing?
People will finally believe that I was NOT using default passwords
Hope that this won't get into public. If you find a way of patching it, it would be interesting to let people in this thread (that are having issues) know how to fix.
-
10-11-2011, 10:14 AM #94Web Hosting Guru
- Join Date
- Apr 2011
- Posts
- 311
-
10-12-2011, 08:26 AM #95Web Hosting Master
- Join Date
- Dec 2004
- Posts
- 569
It seems the anonymous account can be accessed over SSH by using an empty username, default password on a X9SCL-F "admin".
$ ssh -l "" xx.xx.xx.xx
@xx.xx.xx.xx's password:
Auth User/Pass with PS...pass.
ATEN SMASH-CLP System Management Shell, version 1.00
Copyright (c) 2008-2009 by ATEN International CO., Ltd.
All Rights Reserved
->Maxnet
Offering automated dedicated server provisioning software
-
10-12-2011, 09:41 AM #96Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,615
As a matter of procedure we have always disabled the 'anonymous' account. I just tried SSH a few BMC's and they all seem to hang after the key exchange; I never get a password prompt. Would be nice to just disable SSH.
Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Since 2003 - Ashburn VA + San Diego CA Datacenters
-
10-12-2011, 09:54 AM #97Web Hosting Master
- Join Date
- Dec 2004
- Posts
- 569
Your SSH client probably tries to login using public key authentication, which the BMC does not like.
If that happens, try adding "-o PreferredAuthentications=password,keyboard-interactive" to your ssh command line.
(I have that by default in my ssh_config, so my example didn't contain that)Maxnet
Offering automated dedicated server provisioning software
-
10-12-2011, 10:10 AM #98Rockin' the beer gut
- Join Date
- May 2006
- Location
- NJ, USA
- Posts
- 6,645
-
10-12-2011, 10:28 AM #99Web Hosting Guru
- Join Date
- Nov 2005
- Posts
- 305
I just realized that all our servers have this default password. I thought that the anonymous account would just work locally. I have already changed it for 20 servers, lot of password changes to do today.
-
10-12-2011, 10:51 AM #100Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,615
Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Since 2003 - Ashburn VA + San Diego CA Datacenters
Similar Threads
-
Supermicro IPMI Issue
By XFactorServers in forum Colocation, Data Centers, IP Space and NetworksReplies: 9Last Post: 08-23-2010, 02:29 PM -
SuperMicro 's IPMI
By Peter-SexyWing in forum Colocation, Data Centers, IP Space and NetworksReplies: 16Last Post: 07-10-2010, 04:51 PM -
supermicro ipmi installation
By phactor in forum Systems Management RequestsReplies: 5Last Post: 04-02-2010, 02:57 PM -
Supermicro IPMI
By opax in forum Colocation, Data Centers, IP Space and NetworksReplies: 6Last Post: 04-29-2009, 12:13 PM -
Supermicro IPMI
By DevelopAl in forum Colocation, Data Centers, IP Space and NetworksReplies: 14Last Post: 03-10-2006, 02:17 PM