IPMI issues with Unifi AP?

[CubisticWings4]

Good morning. I received an email from my ISP (AT&T U-Verse) stating that I may have an open/exposed IPMI in my network. Two things happened shortly (a few days) before I received this email:

 

Set up "new" computer/workstation and installed a new Ubiquiti Unifi AP.    

 

Does anyone know if either of these events would expose or create an exposed IPMI in my network?

 

 

Some context:

 

Using very old software 32 bit Windows XP and DOS software (point of sale) connected to an old Lenovo ThinkServer using SQL

 

Using free "antivirus and antimalware" software on most workstations

 

Server is not connected to internet

 

 

 

Appreciate the help!

 

 

[Eniqmatic]

Are you sure the email is legit? Do you have any devices with an IPMI port?

[CubisticWings4]

Not 100% sure. Email is legit. Contacted AT&T tech support and verified.

 

How exactly would i look for an IPMI port?

 

[Eniqmatic]

Have you locked down the management of the Unifi AP? Looks like it does have a IPMI.

[CubisticWings4]

2 minutes ago, Eniqmatic said:

Have you locked down the management of the Unifi AP? Looks like it does have a IPMI.

Management is locked down. However, contacted Ubiquiti and they claimed that Unifi Controller does not have anything to do with IPMI.

[Eniqmatic]

Just now, CubisticWings4 said:

Management is locked down. However, contacted Ubiquiti and they claimed that Unifi Controller does not have anything to do with IPMI.

Its just that I found this link after a quick search:

 

https://github.com/unifi-hackers/unifi-gpl/blob/master/build_dir/linux-ar71xx/linux-2.6.15-5.2/Documentation/IPMI.txt

 

I wonder if your ISP is just using general IPMI term. It would be helpful if they could provide you a bit more information on how they can access it, using which IP address can they see it is visible on?

[Eniqmatic]

I have no idea if the above link is related btw, just found it interesting as it appears to be the Unifi software.

[CubisticWings4]

I think that is if you use something equivalent to a custom ROM.

 

[Guest]

IPMI is Intelligent Platform Management Interface, an interface usually found on servers and some enterprise switches - it's a management port designed to give you BIOS level access to the machine. It'll also give you the option to cycle power and reboot a machine as well as other things.

 

UniFi AP's do not have an IPMI port.

 

IPMI is normally accessible via HTTPS, usually through Internet Explorer due to the plugin requirements from the browser.

 

IPMI ports should also not be made available over WAN unless a VPN is used.

[ZeroKelvin]

You mention a lenovo ThinkServer. Many of these come with integrated IPMI. I believe Lenovo calls their version IMM / IMM2. Unless you have other servers on your network, this is really the only place an IPMI host could be.

 

Have you tried looking at the list of IPs connected to your router in the router GUI? Take a look at that list and see if you can narrow down strange IP addresses on the network. IPMI will appear as a separate IP from the server IP, and should be active even if the server has been shutdown. You should be able to point a browser at the IP and login using defaults.