I’d had this sitting around for awhile and thought I’d take another look at it; in this I simply toss out an IPMI Get Device ID command and see what happens. This is an interesting one; the GUID is a Vendor Specific ID – the specification says that it’s “a unique number per device”, and that “a Device GUID should never change over the lifetime of the device”, which makes […]
Or… Notes on the IPMI Protocol Security Model. I wrote in Sold Down the River about the curious aspects of channels and authentication and users and all that stuff. Here’s a slimmed down model… and as a bonus a program that iterates through all the channels, users types, and authentication for a host, which is quite a bit of checking. mega_chan.py In any case I’m almost certain that I […]
I wrote a small paper surveying the scene of IPMI in the wild – Sold Down the River – the title of which might give you some clue as to make on the situation. Used to be folks used guns to rob us… computers make everything so much easier!
I’ve long wanted a Get Channel Cipher Suite command w/o authentication, so I wrote a script to do so; those interested can get it here: https://github.com/zenfish/ipmi/blob/master/ipmi-get-ciphers.py Actually none of the various ipmi tools seem to have this option; I’ve found it useful to use when looking at systems; it emits output similar (if not identical) to ipmitool… spotting those running cipher 0 becomes very, very clear. I should have […]
This is in various scripts and snippets, but I didn’t see it simply by itself…. People sometimes ask me how to reboot a server and boot it off a remote image via the BMC. Dell’s BMC (that little chip that runs IPMI and other things) can speak DMTF/WSMAN/etc/etc, like just about all the servers in the world. If you have the wsmancli package installed on Linux (or the equiv […]