Create a Post
Showing results for 
Search instead for 
Did you mean: 

BMC software/firmware and access to internet


I read about motherboard level Trojan that can easy altered the BMC (AST2600) and BIOS firmware and steal user data.

My question is what is the best solution for R81.10 to block any access of BMC software/firmware to internet ?
(block all BMC ports, block BMC mac address .. etc)

Thanks  🙂

0 Kudos
2 Replies

To me, this is mostly a matter of ensuring strict access controls are in place.
That means restricting access to that which is absolutely required by only those required to access it.

I suspect if there are/will be widely known attacks against these BMCs and they are exploitable over a network, we will add the relevant signatures and/or IOCs to ThreatCloud which would allow the various Threat Prevention technologies to block it.


BMCs by themselves don't necessarily have network access. The AST2500 and AST2600 present themselves to hosts as a PCIe video card and USB keyboard, mouse, and storage, but they don't interact with the host's network interfaces. If you aren't using your LOM ports, they have no network access at all.

If you are using your LOM ports, then just don't let your LOMs talk out to the Internet. Note that this will break the ability many modern LOMs have to report hardware faults to the vendor for automatic RMA (e.g, when one of my open servers' drives fails, a new drive just shows up in the mail without needing me to open a ticket manually).

One major note, though: that Bloomberg story is complete nonsense. Everybody cited as affected has issued explicit denials (not just "We don't know what Bloomberg is talking about", but actively saying "Bloomberg is wrong"). A huge amount of independent research afterwards has turned up nothing.


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events