[Pool] ntp with monlist hidden in IPMI on server mainboard

Gordon Dey gordon.dey at happydeys.ca
Mon Feb 3 00:02:30 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 14-02-01 07:04 AM, Klaus Hartnegg wrote:
> I just found a server mainboard with built in IPMI (remote
> configuration tool running in the chipset), that includes an ntp
> server which allows monlist. None of this can be disabled: not the
> monlist command, not the ntp service, and not the whole IPMI
> feature of the mainboard. And it speaks through the same ethernet
> jack as the server that runs on this hardware.

Can details of the mainboard be shared?
Curious about what to be wary of...

An IPMI implementation can be really handy for remote (AKA
"lights-out") management, but access wants to be strictly on the
management-network or "plane". Servers I have worked with have
dedicated BMC ports making this easy, for example, HP ProLiant
DL[1,3]8[0,5] systems.

I understand that the BIOS can have a configuration setting to enable
"share the network interface" between BMC and OS on other systems. If
this exists on your mainboard, then perhaps disabling this setting is
the way to go forward? Access to the BMC would continue to exist over
a dedicated PCI port. Check to see if dmidecode(8) enumerates this
port for you.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQF8BAEBCgBmBQJS7tyWXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGNUQwMUNBRTg2OUVDNDY4QUI3MDNGNDA2
ODI0QjA2NjdCOUQzM0M2AAoJEGgksGZ7nTPGS4UH/26it82TpWUJNKVk7JouLHXq
Agi8JJ/cTnlZaEq289pfgua7WipI9awwF0lWYecWYj3cSiUhkgnJZfiUvytna5eo
k0FrvS+FGwh77tN5HMbAe390Rph57khH4lghOkyEpJQD66SM0zpEeTT+6IrExhWN
zhj5xoZnjHbq6KfCFAWlAspiAr+k+vOvyc4udDZkllbSRC1Pc3ECXenAReUP9USi
AZvzq4qj9oPkmtz7pJmprCzKQkNsjAjRzLg3/XTNWXSGN/hj9TlBCVxZE3yMqPSy
8hRMWODlRqxsCbQfzCOicM7P0npL+65HXv54pxqNmmpT+VHdRvwd4j6eq1d37RE=
=h3Gg
-----END PGP SIGNATURE-----


More information about the pool mailing list