[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OT: Serial2ssh device



On 5/11/06, Lars Hansson <lars_(_at_)_unet_(_dot_)_net_(_dot_)_ph> wrote:
On Thursday 11 May 2006 19:22, Stephan A. Rickauer wrote:
> Any recommendations in addition to the colorful lies on the web from all
> the vendors? Experiences? Any pitfalls?

Linux-based "appliances" and I have a bad (and very public) history.


The small "original" Lantronix SCS100/200 products are fine, the larger products are an embedded linux with a history of vulnerability. Other vendors, including Digi, also ship Linux "appliances" with many more services running than I like to see on a dedicated console server.


I'm using an ancient 72-port Xylogics RemoteAnnex 4000 together with an
OpenBSD box running conserver. it works just dandy.

Wow, 72 ports in one chassis. Cool. We use Lucent Portmasters, readily available from portmasters.com

Old school terminal servers like the Xylogics and Portmasters
have ancient IP stacks and are likely vulnerable to many attacks,
so the solution I use (and presumably Lars too) is to put the
terminal server(s) on a second NIC of an OpenBSD box, so the
weak stack is never exposed on the network.

If only a few serial port are needed, there are many different
multiport cards supported by the puc(4) driver.  Either way we deploy
an OpenBSD solution for well under the $50/port price point of
Lantronix, Digi, and other Linux-based "appliance" console servers.

Kevin

(P.S. And unlike the "appliance" consoles, we can do OTP
authentication with S/Key without shelling out for expensive
SecurID/Safeword/etc tokens and auth servers.)