Comment 29 for bug 1558658
Revision history for this message
| Dustin Lundquist (dlundquist) wrote Re: Security Groups do not prevent MAC and/or IPv4 spoofing in DHCP requests | #29 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
Still a bit muddled, DHCP is IP traffic, and ARP is already filtered by ebtables. How about:
By forging DHCP discovery messages or non-IP traffic, an instance may spoof IP or MAC source addresses on attached networks resulting in denial of services and/or traffic interception. Moreover when L2population isn't used, other tenants attached to a shared network are also vulnerable. Neutron setups using the IPTables firewall driver are affected.