[Fwd: [netops] Fwd: [Full-disclosure] [FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH)]
Brian A. Seklecki (Mobile)
bseklecki at collaborativefusion.com
Sat Jan 19 18:04:42 CST 2008
You'd have to be crazy to put the DRAC card on a public IP. Do you
really trust Dell embedded Linux? >:}
Actually I would never run sshd(8) of any vendor on a public IP --
always behind an IPSec stateful firewall with some kind of IDS
inspection between end users(*) and something I care about.
I pity all of these web services providers who have to run sshd(8)
public. DenySSH + OpenBSD pf(4) baby!
~BAS
(*) End users may be running Windows, which means keystroke loggers and
other malware.
On Sat, 2008-01-19 at 19:00 -0500, Drew Weaver wrote:
> I think we have actually seen this happening on at least two PE1900 /w DRAC 5.
>
> -Drew
>
More information about the Linux-PowerEdge
mailing list