ipmi_scan_external

Explanation

IPMI (Intelligent Platform Management Interface) is a protocol that enables remote management of servers and other network devices without relying on the device's CPU or Operating System. IPMI is known to have several security weaknesses. This NDM is designed to detect IPMI scanning that is hitting the customer’s network from the Internet.

What to Look For

Scanning activity on the Internet is quite commonplace. Under normal circumstances, IPMI services should not be exposed to the open Internet.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise
Active Scanning, Technique T1595 - Enterprise