[Atlas-anchors-pilot] iDRAC cards are potential DDoS amplifiers
Tore Anderson
tore.anderson at redpill-linpro.com
Mon Apr 1 15:08:06 CEST 2013
* Nick Hilliard
> our atlas idrac config is firewalled off and only the RIPE NCC address
> range has access. Just checked it out for community public and it doesn't
> answer.
As per Romeo Zwart's setup guidelines, we have located our anchor
outside of any firewalls or similar devices, and provide only "pure"
unfiltered internet access.
There is a mention in the guidelines of which IP ranges needs to be
allowed to the iDRAC port, quote, "If applicable (e.g., when behind a
firewall or router ACL)", though. I wouldn't have any problems adding an
ACL on the port, but considering that the NCC's recommended setup is to
not have it, I'm happy to oblige - after all, setting it up just more
work for me.
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/
More information about the Atlas-anchors-pilot
mailing list