hi
Currently, nova metadata service is proxy by metadata agent in dhcp agent
or l3 router agent, it is depended on whether network attach to router or not.
In essential, metadata agent implements a http proxy functionality by computer
node host protocal stack. In other words, it exposes host protocol stack to vm.
If vm is a attacker, it can launch a HTTP GET flood attacks. then it may affect
this computer node. I would like to hear you guy's opinion. any comment is
welcome. thanks.
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
