(Please forgive the spam; I wouldn't send such a thing here, let
alone to ipmiutil, ipmitool, and freeipmi lists separately, but
people got distressed last time when I didn't send something like
it out, so... delete if of no interest.)

Working with HD Moore of Rapid 7, who collected much of the data,
I did some very simple analytics and wrote up a paper on something
like the state of the union regarding BMC/IPMI security.

http://fish2.com/ipmi/river.pdf

(Summary: it's probably worse than you could imagine, but hey,
perhaps you're a dreamer too. More ipmi stuff may be found @
http://fish2.com/ipmi/.)

A big thanks to not only HD for the data and commentary, but for
the expertise and feedback from Albert Chu and Jarrod Johnson, who
know more about IPMI than I ever will or want to know.

Feel free to send any corrections, comments, questions, complaints,
etc. to me.

I'm trying to get the initial raw scan data, minus IP addresses,
released, but you can do your own Internet scan of UPD 623 in less
than a day, certainly.

dan

p.s. if anyone from SuperMicro security or IPMI team reads this,
please drop me a line? RE: Grand Conclusion, page 6, of the
aforementioned paper.

¸¸.·´¯`·.¸><(((º>