Comment 28 for bug 1558658
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Security Groups do not prevent MAC and/or IPv4 spoofing in DHCP requests | #28 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Thank you Dustin for this review! How about:
By forging non-IP traffic such as DHCP discovery or ARP messages, an instance may spoof IP or MAC source addresses on attached networks resulting in denial of services and/or traffic interception. Moreover when L2population isn't used, other tenants attached to a shared network are also vulnerable. Neutron setups using the IPTables firewall driver are affected.