TY - GEN
T1 - Digging for dark IPMI devices
T2 - 8th International Workshop on Traffic Monitoring and Analysis, TMA 2016
AU - Gasser, Oliver
AU - Emmert, Felix
AU - Carle, Georg
N1 - Publisher Copyright:
© Traffic Monitoring and Analysis - 8th International Workshop, TMA 2016.
PY - 2016
Y1 - 2016
N2 - IPMI is the industry standard for managing devices remotely independent of their operating status. Since there are known vulnerabilities in the protocol, IPMI devices should not be directly reachable on the Internet. Previous studies suggest, however, that this best practice is not always implemented. In this paper we present a new unintrusive technique to find dark IPMI devices through active measurements. These dark devices do not respond to conventional IPMI connection setup requests. Using our technique, we find 21 % more devices than previously known techniques. This adds a significant number of IPMI devices which could be exploited by an attacker using a Man-in-the-Middle attack. We further reveal that IPMI devices are heavily clustered in certain subnets and Autonomous Systems. Moreover, the SSL security of IPMI devices' web-interface is well below the current state of the art, leaving them vulnerable to attacks. Overall our findings draw a dire picture of the current state of the IPMI deployment in the Internet.
AB - IPMI is the industry standard for managing devices remotely independent of their operating status. Since there are known vulnerabilities in the protocol, IPMI devices should not be directly reachable on the Internet. Previous studies suggest, however, that this best practice is not always implemented. In this paper we present a new unintrusive technique to find dark IPMI devices through active measurements. These dark devices do not respond to conventional IPMI connection setup requests. Using our technique, we find 21 % more devices than previously known techniques. This adds a significant number of IPMI devices which could be exploited by an attacker using a Man-in-the-Middle attack. We further reveal that IPMI devices are heavily clustered in certain subnets and Autonomous Systems. Moreover, the SSL security of IPMI devices' web-interface is well below the current state of the art, leaving them vulnerable to attacks. Overall our findings draw a dire picture of the current state of the IPMI deployment in the Internet.
UR - http://www.scopus.com/inward/record.url?scp=85058183372&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85058183372
T3 - Traffic Monitoring and Analysis - 8th International Workshop, TMA 2016
BT - Traffic Monitoring and Analysis - 8th International Workshop, TMA 2016
PB - International Federation for Information Processing, IFIP
Y2 - 7 April 2016 through 8 April 2016
ER -