Whack-On-Lan

[bill.n1vux-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org (Bill Ricker)]

On Wed, Apr 22, 2009 at 9:01 PM, Christopher Rutter
<christopherrutter-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Ok you guys got me, I'll give it a shot on a testbed rig at home and then
> bring it down to Georgia on my next trip if all goes well.

This is a fine technique for a lab, but a  PDU with some security
should be investigated if this is business critical as it seems to be.
For several reasons.

If the PDU for $200 off the shelf isn't cheaper than your time
building, testing, installing the one dollar solution, you aren't
charging enough per hour.

You are quite correct not to trust novice soldering skill in a
production environment. So-called 'Cold' solder joints and similar
faults often work initially and fail randomly as they accumulate
humidity, oxide, mechanical stresses.

ANYONE who can route a packet to your server via your NAT address and
guess (or iterate) your  NIC MAC can reboot your server. Since the
manufacturer and model number are encoded in the MAC, there are far
fewer than 48 secret bits. Maybe this and and attacker who finds this
thread googling for Business and Whack on lan and then googling for
your customer is comfortable but i would be leery.

Why is it ok for the authors then? The one dollar solution is cost
effective if a grad student (or salaried tech with slack time) makes a
couple hundred assembly-line style and installs them in an S/HPC
Cluster as it's built.  An assembly line supervised by a professor of
EE will be producing good solder joints with good mechanicals. Since
the cluster compute nodes are typically on a private, non-routable LAN
segment, there is NO security concern, as only the head node can Whack
them.

-- 
Bill
n1vux-WYrOkVUspZo at public.gmane.org bill.n1vux-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org