What Runs on Port 623
Port 623 carries IPMI (Intelligent Platform Management Interface) and ASF-RMCP (Alert Standard Format Remote Management and Control Protocol). Both protocols give administrators hardware-level control of servers, independent of the operating system.12
The baseboard management controller (BMC)—a specialized microcontroller embedded on the server's motherboard—listens on port 623 for incoming management commands. The BMC runs its own operating system, separate from whatever runs on the server itself.3
How IPMI Works
IPMI operates out-of-band, meaning it functions independently of the server's main operating system. The BMC has direct access to the motherboard and can:4
- Power control — Turn the server on, off, or force a reboot
- Hardware monitoring — Check CPU temperatures, fan speeds, voltage levels
- Console access — Provide remote keyboard, video, and mouse (KVM) access
- Firmware updates — Apply patches to BIOS or BMC firmware
- Event logging — Record hardware failures and system events
Commands travel to port 623 as RMCP packets wrapped in UDP datagrams. The BMC receives the packet, executes the command, and sends back a response—all while the server's operating system might be completely unaware, crashed, or not even installed yet.5
The History
IPMI was developed jointly by Intel, Dell, Hewlett-Packard, and NEC. The first specification (IPMI v1.0) was published on September 16, 1998.6
Before IPMI, managing a crashed or powered-off server meant physical access. You drove to the datacenter, plugged in a monitor and keyboard, and fixed it manually. IPMI changed that. Suddenly you could power on a dead server from home, watch it boot, see the BIOS screen, and diagnose hardware failures—all over the network.
IPMI v1.5 (February 2001) added IPMI over LAN, making remote management practical.7 IPMI v2.0 (February 2004) added encryption, serial-over-LAN, and enhanced authentication to address early security concerns.8
ASF-RMCP, standardized by DMTF as specification DSP0136, defines the message format for remote control in OS-absent environments. When your server is powered down or the OS has crashed, ASF-RMCP messages on port 623 still reach the BMC.9
The Computer Inside Your Computer
Here's the genuine strangeness of IPMI: the BMC is a separate computer running inside your server.
While your main system runs Linux, Windows, or ESXi, the BMC runs its own embedded Linux or proprietary firmware. It has its own network interface (often sharing the same physical port as the host OS), its own memory, its own storage. It watches the hardware continuously.
When your server is powered off, the BMC is still running. When the OS crashes, the BMC keeps logging events. When you pull the power plug (but leave the power supply connected), the BMC is still listening on port 623, waiting for the command to power everything back on.
This is why IPMI works for remote recovery. The thing listening on port 623 is not your server—it's the smaller computer watching over your server.
Security: The Most Dangerous Port in the Datacenter
Access to port 623 is effectively physical access to the server.10 An attacker with BMC credentials can:
- Power off production servers
- Install malicious firmware
- Monitor everything displayed on the screen
- Type commands as if physically present
- Steal data through virtual media mounts
Worse, IPMI has a history of serious vulnerabilities:
CVE-2013-4786 — The IPMI v2.0 password hash disclosure vulnerability allowed attackers to extract password hashes from the BMC without authentication. An attacker could send a crafted request to port 623, receive the password hash, crack it offline, and gain full BMC access.11
Cipher 0 bypass — Some implementations allowed authentication bypass by requesting cipher suite 0 (no encryption, no authentication).12
Default credentials — Many vendors shipped BMCs with well-known default passwords: "ADMIN" for Supermicro, "calvin" for Dell iDRAC, "PASSW0RD" (with a zero) for IBM IMM.13
Cleartext storage — Some implementations stored administrator credentials in plaintext in the BMC's filesystem.14
The BMC runs continuously, often on outdated firmware, with privileged hardware access. If you expose port 623 to the Internet without proper protection, you are handing attackers the keys to your physical hardware.
Best Practices
Never expose port 623 to the public Internet. Use a VPN, jump host, or firewall to restrict access to trusted management networks only.
Change default credentials immediately. Every vendor ships with known defaults. Change them before connecting to any network.
Enable RMCP+ encryption. IPMI v2.0 supports encrypted communication. Use it. Unencrypted IPMI traffic on port 623 exposes credentials and commands to anyone who can see the packets.
Keep BMC firmware updated. Vendors release security patches. Apply them. The BMC is a computer, and like any computer, it has vulnerabilities.
Monitor for unauthorized access. Log who connects to port 623 and alert on unexpected connections. This port should see predictable, infrequent administrative traffic.
How to Check What's Listening
On Linux, to see if anything is listening on port 623:
On Windows:
If you see port 623 listening, you likely have a BMC or IPMI service running. On servers, this is expected. On workstations or laptops, it's unusual and worth investigating.
To scan a network for exposed IPMI services:
Related Ports
- Port 80/443 — Many BMCs also provide a web interface for management
- Port 22 — Some BMCs offer SSH access for command-line management
- Port 5900 — VNC ports sometimes used for remote console access
Why This Port Matters
Port 623 has been listening in datacenters since 1998. Every time you remotely power-cycle a frozen server at 3am instead of driving to the facility, you're using this port. Every automated temperature alert, every remote firmware update, every lights-out management operation—port 623 makes it possible.
But the power comes with responsibility. This port offers hardware-level access. Protect it accordingly.
The BMC never sleeps. It's always listening. Make sure only the right people can talk to it.
Nakatulong ba ang pahinang ito?