freeipmi-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Freeipmi-devel] Determining 1.5 vs. 2.0


From: dan farmer
Subject: [Freeipmi-devel] Determining 1.5 vs. 2.0
Date: Tue, 2 Jul 2013 13:43:54 -0700

Hi folks -

I've been working on some survey work on IPMI systems with HD Moore; here are some brief #'s in case any are interested.

The internet (e.g. 0/0 (minus private nets) was scanned with Get Channel Authentication Capabilities packets.  Of those 308,776 answers were culled.

Now here's where it gets a bit odd; the breakdown of 1.5 vs. 2.0:

IPMI 1.5: 195601 36.7%

IPMI 2.0: 113175 63.3%

It seems almost unbelievable (well, I suppose I could, but it sure looks suspicious to me ;)) that only about 37 percent of systems talk IPMI 2.0.  Now to be fair, these are only ones left to hang to dry on the internet, but still.

Here's the best method I could come up with (thanks to Jarrod on this as well):

FWIW, the Get Ch Auth Cap takes only two bytes; according to tables 18-14 (1.5) and 22-15 (2.0)  the 2nd byte will be 04, which means ask for Administrator.  The first byte is either 0E (1.5) or 8E (2.0); the E part is the current channel, and if you specify an 8 it's either reserved (1.5) or ask for extended data (2.0). 

So send a packet with the channel/priv bytes set to "\x8E\x04", and in theory a 1.5 system will either choke and send an error code ("0xcc" would be the expected one) or send the normal response (and hopefully if it's 2.0 fluent it'll send the full data, revealing itself to be 2.0.)  Does this seem reasonable?

Does anyone have any thoughts on any other things to try to determine versions (anonymously/without-privs-or-auth)?  Do the #'s seem reasonable?  Do any vendors still make 1.5-only systems?

Thanks -

dan

¸¸.·´¯`·.¸><(((º>


reply via email to

[Prev in Thread] Current Thread [Next in Thread]