Great talk by Matthew Garrett on the insecurity of ipmi. A number of security issues including
* Upgrade your BMC firmwares!
* Ensure cipher 0 is disabled on all BMCs (only requires valid username, not password!)
* Filter all incoming ipmi on the network (if BMC nic is unplugged ipmi will dhcp on the main interface)