[Fwd: [netops] Fwd: [Full-disclosure] [FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH)]
Drew Weaver
drew.weaver at thenap.com
Sun Jan 20 17:24:14 CST 2008
In a regular IT environment you may be correct. In a hosted or distributed environment there is no one size fits all solution. Everything is a cost/performance/security/redundancy balance.
>From a crappy $69 celeron with ssh right on the net to a cluster of 2X load balanced quad xeons at multiple pops with vpns/firewalls between them for $50k/month.
The market wants what the market wants.
On a side note: on our network (our it side) you can't get to anything without at least authenticating through the firewall.
-Drew
-----Original Message-----
From: "vadim" <vadim at ovguide.com>
Subj: Re: [Fwd: [netops] Fwd: [Full-disclosure] [FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH)]
Date: Sun Jan 20, 2008 5:16 pm
Size: 1K
To: "bseklecki at collaborativefusion.com" <bseklecki at collaborativefusion.com>
cc: "Drew Weaver" <drew.weaver at thenap.com>; "linux-poweredge" <linux-poweredge at lists.us.dell.com>
I concur - console is sensitive enough to be only accessible via
internal net, no exceptions. Even if DRAC was secure, a risk of someone
getting a password (old employee) and having a full reign of your
servers is too crazy to fathom.
-V
Brian A. Seklecki (Mobile) wrote:
> You'd have to be crazy to put the DRAC card on a public IP. Do you
> really trust Dell embedded Linux? >:}
>
> Actually I would never run sshd(8) of any vendor on a public IP --
> always behind an IPSec stateful firewall with some kind of IDS
> inspection between end users(*) and something I care about.
>
> I pity all of these web services providers who have to run sshd(8)
> public. DenySSH + OpenBSD pf(4) baby!
>
> ~BAS
>
> (*) End users may be running Windows, which means keystroke loggers and
> other malware.
>
> On Sat, 2008-01-19 at 19:00 -0500, Drew Weaver wrote:
>> I think we have actually seen this happening on at least two PE1900 /w DRAC 5.
>>
>> -Drew
>>
>
>
> _______________________________________________
> Linux-PowerEdge mailing list
> Linux-PowerEdge at dell.com
> http://lists.us.dell.com/mailman/listinfo/linux-poweredge
> Please read the FAQ at http://lists.us.dell.com/faq
More information about the Linux-PowerEdge
mailing list