[Fwd: [netops] Fwd: [Full-disclosure] [FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH)]
vadim
vadim at ovguide.com
Sun Jan 20 15:58:35 CST 2008
I concur - console is sensitive enough to be only accessible via
internal net, no exceptions. Even if DRAC was secure, a risk of someone
getting a password (old employee) and having a full reign of your
servers is too crazy to fathom.
-V
Brian A. Seklecki (Mobile) wrote:
> You'd have to be crazy to put the DRAC card on a public IP. Do you
> really trust Dell embedded Linux? >:}
>
> Actually I would never run sshd(8) of any vendor on a public IP --
> always behind an IPSec stateful firewall with some kind of IDS
> inspection between end users(*) and something I care about.
>
> I pity all of these web services providers who have to run sshd(8)
> public. DenySSH + OpenBSD pf(4) baby!
>
> ~BAS
>
> (*) End users may be running Windows, which means keystroke loggers and
> other malware.
>
> On Sat, 2008-01-19 at 19:00 -0500, Drew Weaver wrote:
>> I think we have actually seen this happening on at least two PE1900 /w DRAC 5.
>>
>> -Drew
>>
>
>
> _______________________________________________
> Linux-PowerEdge mailing list
> Linux-PowerEdge at dell.com
> http://lists.us.dell.com/mailman/listinfo/linux-poweredge
> Please read the FAQ at http://lists.us.dell.com/faq
More information about the Linux-PowerEdge
mailing list