© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
As mentioned earlier, the number of Neutron resources a user/project can create is usually stricly limited by quotas, the default limit is 10 security groups and 100 rules in them [0]. Because of this, it is also unlikely that deployments use additional resource monitoring systems for this, since they can expect the quotas to be respected.
Also, since the trigger is just a GET query, not a PUT/POST, creating an empty response, I'd assume API rate limiters to also usually not be too strict about this, if they are at all.
Lastly, the main DoS vector likely is not the database size itself filling up, but performance issues in the lookup of security groups and rules, though I have no idea how fast this would happen and how severe the impact might be. Maybe some testing on this might be needed. But I would consider a plausible result could be that other rules fail to get applied in the expected way.
All in all I think that an advisory could be warranted, but would also be very interested to hear other Neutron maintainers' opinions.
[0] https:/