H.D. Moore (of Metasploit fame) posted a brief analysis on the IPMI firmware on Supermicro motherboards. For those that don’t know the brand, they specialize in entry level to medium priced server hardware and their 1RU boxes are a common sight in corporate data centers and colocation facilities owing to their reasonable specs, bare bones configuration (case, PSU and motherboard only – the buyer provides their own RAM, HDDs and a compatible CPU) and more importantly their low price.
We’ve spoken about features like IPMI and AMT briefly in the past and how something intended to make management easier could potentially create a security nightmare, especially when many users don’t take advantage of the feature and it lays dormant. We will revisit these technologies in a bit more depth in the coming week.