IPMI Sol Decode

asked 2024-01-01 17:35:58 +0000

a3f gravatar image

I did a pcap of the port 623 conversation between my laptop and my server's ipmi controller when doing a Serial Over Lan session to boot it remotely, including decrypting the hard disks.

My concern is that my disk encryption passphrase could be vulnerable to interception when I use SOL or KVMoIP. I'd like to explore this, which is safer. My hunch is probably KVMoIP because it's mixed in with so much other data, but maybe not.

Anyway, I was surprised to see that the ipmi connection was called RMCP+, and just 21 packets in, a session id was established, and wireshark reports it's encrypted.

With what keys? is it something I can install new keys for greater security?

edit retag flag offensive close merge delete