HPE Community
BladeSystem - General
1752653 Members
5684 Online
108788 Solutions
New Discussion

OA Module Compromised

 
sgunelius
Trusted Contributor

‎10-18-2013 06:55 AM

‎10-18-2013 06:55 AM

OA Module Compromised

Our security team discovered a Standby OA Module making NTP connection attempts to IP addresses (registered in South Africa) not defined in our configuration.  We were running v3.71 firmware which I've since upgraded to v4.01 in response to this.  I opened a support call with HP (getting more and more frustrated with them after 15 years of good service) and was told that from what they could see the OA module was functioning properly.  Even though I explained it was their hardware, firmware and software, that I had made no customizations that would've resulted in this issue, they stuck to the script.  I ended up opening a ticket online and calling our HP rep to have this kicked upstairs.  I also reported this through their website as a possible vulnerability.

 

Has anyone seen anything similar with the OA module and/or the 3.71 firmware?  Thanks.

 

Scott

0 Kudos
Reply
1 REPLY 1
Torsten.
Acclaimed Contributor

‎10-18-2013 11:11 AM

‎10-18-2013 11:11 AM

Re: OA Module Compromised

Could it be another component (ILO, interconnect) is asking for this NTP server via the OA network? Check the settings.


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.