Slashdot Mirror

← Back to Stories (view on slashdot.org)

IPMI: Hack a Server That Is Turned Off

Posted by timothy on Friday June 8, 2012 @11:33PM from the great-power-brings-great-vulnerability dept.

UnderAttack writes "A common joke in infosec is that you can't hack a server that is turned off. You better make sure that the power cord is unplugged, too. Otherwise, you may be exposed via IPMI, a component present on many servers for remote management that can be used to flash firmware, get a remote console and power cycle the server even after the normal power button has been pressed to turn the server off."

2 of 90 comments (clear)

Min score:

Reason:

Sort:

Different networks by __aardcx5948 · 2012-06-08 23:36 · Score: 5, Insightful

We keep the management network and the production network on separate physical networks. So if you get into a box, you still can't IPMI to any other box.
Also, this is not hacking, it's by design.
Who would say such a thing? by Anonymous Coward · 2012-06-08 23:36 · Score: 5, Insightful

Saying "you can't hack ..." is just stupid because there's no bigger challenge. That's famous-last-words material right there.