[Beowulf] Hacked MBs It was only a matter of time
John Hearns
hearnsj at googlemail.com
Thu Oct 4 09:53:07 PDT 2018
How does the data get "back to base" ?
I would encrypt it within an NTP or a DNS request - but that assumes
outgoing NTP/DNS is not firewalled off.
I guess just encrypted in an HTTP(s) payload makes sense - servers
make requests to all sorts of software repositories etc.
On Thu, 4 Oct 2018 at 16:41, Ellis H. Wilson III <ellis at ellisv3.com> wrote:
>
> On 10/04/2018 11:17 AM, Jeff Johnson wrote:
> > I respectfully disagree. The BMCs in modern server designs are plumbed
> > to every onboard network interface on the motherboard. So it’s not just
> > a matter of the “dedicated management port”. The chip would have access
> > to every onboard LAN. If any network was routable to the outside it
> > would be potentially be able to engage in its designed activities >
> > While many HPC environments are walled gardens this chip scandal would
> > impact “HPC in the cloud” activities.
> >
> > Just my $.02 worth
>
> Fair points Jeff -- a colleague of mine actually just raised that point
> before I saw your email. It seems some, but not most, of the servers we
> were looking at have such an interconnected BMC.
>
> This design choice does not appear (at least at first glance) to be
> associated with age of the system. It's an unfortunate situation either
> way. One would really like your BMC to be isolated as much as humanly
> possible.
>
> I do find it funny though in the article that the main actors are stuck
> in a deny-loop. My cynicism meter is high today.
>
> Best,
>
> ellis
>
> --
> Ellis H. Wilson III, Ph.D.
> www.ellisv3.com
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
More information about the Beowulf
mailing list