Nux created CLOUDSTACK-9464: ------------------------------- Summary: VR vulnerable to DNs reflection attacks Key: CLOUDSTACK-9464 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9464 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Virtual Router Affects Versions: 4.9.0, 4.8.0 Environment: Advanced zones with Security Groups Reporter: Nux
In advanced zones with Security Groups and probably Basic Zones, too, the VR opens the DNS service to everyone (-j ACCEPT). As a result Cloudstack VRs are currently used in DNS reflection or amplification attacks. There is some discussion about this in https://issues.apache.org/jira/browse/CLOUDSTACK-6432 This PR tries to rectify the problem: https://github.com/apache/cloudstack/pull/1653 -- This message was sent by Atlassian JIRA (v6.3.4#6332)