[Atlas-anchors-pilot] iDRAC cards are potential DDoS amplifiers
Richard Barnes
rbarnes at bbn.com
Mon Apr 1 17:37:03 CEST 2013
Our experience has the same as Nick's. Not in the sense that there is a firewall between the Atlas device and the Internet. Rather, in the sense that the iDRAC just doesn't respond to things that don't come from the NCC.
--Richard
On Apr 1, 2013, at 9:08 AM, Tore Anderson <tore.anderson at redpill-linpro.com> wrote:
> * Nick Hilliard
>
>> our atlas idrac config is firewalled off and only the RIPE NCC address
>> range has access. Just checked it out for community public and it doesn't
>> answer.
>
> As per Romeo Zwart's setup guidelines, we have located our anchor
> outside of any firewalls or similar devices, and provide only "pure"
> unfiltered internet access.
>
> There is a mention in the guidelines of which IP ranges needs to be
> allowed to the iDRAC port, quote, "If applicable (e.g., when behind a
> firewall or router ACL)", though. I wouldn't have any problems adding an
> ACL on the port, but considering that the NCC's recommended setup is to
> not have it, I'm happy to oblige - after all, setting it up just more
> work for me.
>
> --
> Tore Anderson
> Redpill Linpro AS - http://www.redpill-linpro.com/
>
> _______________________________________________
> Atlas-anchors-pilot mailing list
> Atlas-anchors-pilot at ripe.net
> https://www.ripe.net/mailman/listinfo/atlas-anchors-pilot
More information about the Atlas-anchors-pilot
mailing list