Hi Armando, I'm also impressed by the thorough investigation. Especially the resize insight.
Please carefully read point two below. I think the issue is more serious because of it.
1) Turning the port down (as a user) is not necessary, but it changes the trunk-mode time from a couple of seconds to indefinitely.
2) There's no need to put the port (eth0) back up, if the attacker creates a secondary network interface (eth1) to access the instance. No console access is needed. This is the described scenario in the original report.
Hi Armando, I'm also impressed by the thorough investigation. Especially the resize insight.
Please carefully read point two below. I think the issue is more serious because of it.
1) Turning the port down (as a user) is not necessary, but it changes the trunk-mode time from a couple of seconds to indefinitely.
2) There's no need to put the port (eth0) back up, if the attacker creates a secondary network interface (eth1) to access the instance. No console access is needed. This is the described scenario in the original report.
Thanks,
Gerhard.