[Beowulf] Hacked MBs It was only a matter of time
Ellis H. Wilson III
ellis at ellisv3.com
Thu Oct 4 08:40:26 PDT 2018
On 10/04/2018 11:17 AM, Jeff Johnson wrote:
> I respectfully disagree. The BMCs in modern server designs are plumbed
> to every onboard network interface on the motherboard. So it’s not just
> a matter of the “dedicated management port”. The chip would have access
> to every onboard LAN. If any network was routable to the outside it
> would be potentially be able to engage in its designed activities >
> While many HPC environments are walled gardens this chip scandal would
> impact “HPC in the cloud” activities.
>
> Just my $.02 worth
Fair points Jeff -- a colleague of mine actually just raised that point
before I saw your email. It seems some, but not most, of the servers we
were looking at have such an interconnected BMC.
This design choice does not appear (at least at first glance) to be
associated with age of the system. It's an unfortunate situation either
way. One would really like your BMC to be isolated as much as humanly
possible.
I do find it funny though in the article that the main actors are stuck
in a deny-loop. My cynicism meter is high today.
Best,
ellis
--
Ellis H. Wilson III, Ph.D.
www.ellisv3.com
More information about the Beowulf
mailing list