Computerworld UK has an interesting story that digs into a massive, 300 Gbps DDoS attack that used a flaw in the IPMI protocol to compromise 100,000 unpatched servers, which were then used to send junk traffic to the victim site. The attack was documented by the security firm VeriSign in its quarterly threat report. The flaw, in the Intelligent Platform Management Interface (IPMI) is a well-documented security hole that affects a wide range of devices. The attack in question took place in June and targeted what Verisign described as a content delivery network (CDN) in the media and entertainment sector. The attack combined a variety of techniques, including SYN, TCP and UDP protocols to flood a target data center. The attacks reached a peak traffic volume 300 Gbps and lasted more than a day, prompting Verisign to balance the load across its global network. Verisign attributed the massive volume of the attack to a botnet made up […]
Search Results for "IPMI"
There’s more bad news for companies that rely on the Intelligent Platform Management Interface (IPMI) to manage servers and other hardware in their IT environments. Specifically: researcher Zachary Wikholm over at Cari.net has published evidence of what he says is a head-slapping vulnerability affecting devices that use IPMI Base Management Controllers (BMCs) made by the firm SuperMicro. According to Wikholm, servers equipped with Supermicro BMCs store a password file, PSBlock, in plain text and – making matters worse- leave it open to the world on port 49152. “You can quite literally download the BMC password file from any UPnP enabled Supermicro motherboard running IPMI on a public interface,” he wrote. Baseboard Management Controllers (BMCs) are small, embedded systems attached to a system’s motherboard that manage IPMI communications. Wikholm says that Supermicro has fixed the problem in the latest version of its IPMI firmware. However, companies are often reluctant to flash […]
The work of brilliant computer security researchers often borders on a kind of madness. After all, it takes dedication and a certain amount of monomania to dig through the mush of disassembled source code or the output of application fuzzers and find the one software vulnerabilities – or chain of vulnerabilities – that might lead to a successful attack. Often, this work puts you at odds with what most of us consider “the real world.” Notably: the well-respected researcher Dragos Ruiu had many in the security community wondering about his sanity after he sounded the alarm about a super stealthy piece of BIOS malware he dubbed “BadBIOS” that seemed to be everywhere and nowhere, all at once. Dan Farmer finds himself in a similar position as he continues to sound alarms about the security threat posed by insecure implementations of the Intelligent Platform Management Interface (IPMI)– a ubiquitous protocol used to do remote […]
It has been almost a year since security researcher Dan Farmer first warned of the danger posed by Intelligent Platform Management Interface (IPMI) – a ubiquitous protocol used to do remote management of servers. According to a new report, however, that warning went unheeded. Writing last week (PDF), Farmer said that a world-wide scan for systems using the Intelligent Platform Management Interface (IPMI) protocol identified over 230,000 Baseboard Management Controllers (BMCs) exposed to the Internet. As many as 90% of the exposed systems could be compromised by exploiting what Farmer characterized as “basic configuration and protocol weaknesses.” Even more worrying, the 230,000 systems that are Internet accessible are probably just a fraction of all the vulnerable systems that might be attacked, with many deployed on (hackable) corporate and private networks. Farmer is reiterating calls for public and private sector organizations to wake up to the dangers posed by IPMI. Hackers who are able to compromise Baseboard Management […]
The following is a transcript of a speech given by Dr. Dan Geer at the Security of Things Forum on May 7, 2014. The Forum was held at The Sheraton Commander in Cambridge, Massachusetts. The official copy of Dr. Geer’s speech lives on his web site, and can be found here. .Security of Things .Dan Geer, 7 May 14, Cambridge Thank you for your invitation and to the other speakers for their viewpoints and for the shared experience. With respect to this elephant, each of us is one of those twelve blind men. We are at the knee of the curve for deployment of a different model of computation. We’ve had two decades where, in round numbers, laboratories gave us twice the computing for constant dollars every 18 months, twice the disk drive storage capacity for constant dollars every 12 months, and twice the network speed for constant dollars every […]