John Andersen wrote:
On 05/09/2017 03:49 AM, Greg Freemyer wrote:
trimmed stuff
Lots of servers in datacenters have a IPv4 routable IP and no external firewall. I have 2 of those, but neither has Intel AMT. If they did I'd have to talk to the hosting company about how to shutdown those ports.
Or put another simple firewall upstream. Or de-provision the AMT
But yes, I've always had linux as my firewall and router on the assumption that I could control it better than some flimsy and never-updated gateway router. Now some kind of small gateway router is looking better and better. Preferably something that can show you a list of connections.
That's really the only way you can find any hardware embedded outbound connections AND prevent these hardware open-port back doors.
My current firewall computer is too old to have this flaw.
But thousands of vulnerable machines were found on the internet is a brief scan according to the articles.
I read it to mean thousands of machines where those ports were open, but not necessarily machines vulnerable to this flaw. -- Per Jessen, Zürich (11.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org