[Pool] ntp with monlist hidden in IPMI on server mainboard
gordon.dey at happydeys.ca
Mon Feb 3 00:02:30 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 14-02-01 07:04 AM, Klaus Hartnegg wrote:
> I just found a server mainboard with built in IPMI (remote
> configuration tool running in the chipset), that includes an ntp
> server which allows monlist. None of this can be disabled: not the
> monlist command, not the ntp service, and not the whole IPMI
> feature of the mainboard. And it speaks through the same ethernet
> jack as the server that runs on this hardware.
Can details of the mainboard be shared?
Curious about what to be wary of...
An IPMI implementation can be really handy for remote (AKA
"lights-out") management, but access wants to be strictly on the
management-network or "plane". Servers I have worked with have
dedicated BMC ports making this easy, for example, HP ProLiant
I understand that the BIOS can have a configuration setting to enable
"share the network interface" between BMC and OS on other systems. If
this exists on your mainboard, then perhaps disabling this setting is
the way to go forward? Access to the BMC would continue to exist over
a dedicated PCI port. Check to see if dmidecode(8) enumerates this
port for you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the pool