Re: IPMI doesn't work...

From: Jeff Behl (jbehl_at_fastclick.com)
Date: 03/15/05

  • Next message: Marc G. Fournier: "Re[2]: High ping latency using two ethernet under FreeBSD 4.11 ..."
    Date: Tue, 15 Mar 2005 10:10:33 -0800
    To: Julian Elischer <julian@elischer.org>
    
    

    Julian Elischer wrote:

    >
    >
    > Jung-uk Kim wrote:
    >
    >> On Tuesday 15 March 2005 01:14 am, Jeff Behl wrote:
    >>
    >>
    >>> Julian Elischer wrote:
    >>>
    >>>
    >>>> Jeff wrote:
    >>>>
    >>>>
    >>>>> I'm not sure what you mean by in band. The IP address of the
    >>>>> BMC is assigned via the bios and is different from what the OS
    >>>>> later assigns. With imiptool we can turn on/powercycle/monitor
    >>>>> via the BMC assigned address up until the point where the kernel
    >>>>> loads. Once it does, the BMC no longer responds. This doesn't
    >>>>> happen with the two linux distros we've tried it on. Wtih both,
    >>>>> including SuSE, we can still query/control via the BMC using
    >>>>> ipmitool. It seems to be some sort of driver issue to me. I
    >>>>> find it confusing that the NIC is shared between the BMC and the
    >>>>> OS, but I guess that's just how it's done. Perhaps the bsd
    >>>>> broadcomm driver is simply blocking this somehow...
    >>>>>
    >>>>
    >>>> you have to assign it the same address!
    >>>>
    >>>
    >>> that's not the way it's supposed to work, afaik. it'd be silly to
    >>> tie the BMC address and the OS assigned address together. you give
    >>> the BMC an ip address via a little program that comes from IBM and
    >>> this address is independent of the ip address that whatever os you
    >>> use on the system assigns to the nic. the redbook that Jung-uk
    >>> sent a link for shows this process if you're interested.
    >>>
    >>
    >>
    >> I believe you are correct. If you have the same IP address, the
    >> packet reaches host OS and (I think) it must be discarded by OS.
    >> IPMI spec. is very verbose but I found very simple explanation here:
    >>
    >>
    >
    > I simply have a firewall rule throwing those away.
    > We have a Class -C full of those machines and if I had to duplicate
    > the addresses I'd need 2.
    >

    we've been assigning private addresses to the BMCs making them only
    reachable via a local admin host...
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"


  • Next message: Marc G. Fournier: "Re[2]: High ping latency using two ethernet under FreeBSD 4.11 ..."

    Relevant Pages

    • Re: Strange pings from 127.0.0.1
      ... I know you said the MAC address is also spoofed but this might help anyway: ... that are reporting port scans to their network all of which have a source ... Infected host picks address as source address and sends Syn packet to ... TCP/IP stack receives packet, responds with reset (if there is nothing ...
      (Security-Basics)
    • [Full-disclosure] Making unidirectional VLAN and PVLAN jumping bidirectional
      ... Wepwedgie, a tool by Anton Rager for traffic injection on 802.11 networks protected by WEP, solves the problem of unidirectional communication by bouncing packets from the target host to a third external host under the attackers control. ... We employ exactly the same principle to bypass both VLAN and PVLAN network segmentation. ... The attacker tags his malicious data with two 802.1q tags and sends the packet with a spoofed source IP of a host under his or her control. ...
      (Full-Disclosure)
    • Re: Man in the middle: get packets that are destined for other ethernet card
      ... host A - 192.168.1.1 ... QUEUE (NFQUEUE mechanisms to be more precise). ... Packet A->B - works fine, goes to NFQUEUE and can be modified by ... Securing Apache Web Server with thawte Digital Certificate ...
      (Security-Basics)
    • Making unidirectional VLAN and PVLAN jumping bidirectional
      ... Wepwedgie, a tool by Anton Rager for traffic injection on 802.11 networks protected by WEP, solves the problem of unidirectional communication by bouncing packets from the target host to a third external host under the attackers control. ... We employ exactly the same principle to bypass both VLAN and PVLAN network segmentation. ... The attacker tags his malicious data with two 802.1q tags and sends the packet with a spoofed source IP of a host under his or her control. ...
      (Bugtraq)
    • Re: Tons of Source port 80 to random Dest Port Traffic
      ... from the same consumer DSL equipment) that have a src port of 80 and a ... Host is not a proxy, just a firewalled webserver with only port 80 ... ACK is the first reply packet when attempting to establish a TCP ... From Q1, Q2, If the host is not a proxy server and there are SYN packets. ...
      (Security-Basics)