[Expired for neutron because there has been no activity for 60 days.]
** Changed in: neutron
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1699495
Title:
security groups allows localhost (127.0.0.0/8) to pass
Status in neutron:
Expired
Bug description:
Host local IP addresses shouldn't be in source_ip for incoming
packets. No exceptions.
Current implementation of security groups, when user allow a wide
range of IP addresses to pass, allow to pass 127.0.0.0/8.
Steps to reproduce:
1. Create rule in security groups which allows from 0.0.0.0/0
2. send spoofed traffic with source 127.0.0.1 to instance (hping3 -a
127.0.0.1 target_ip)
Expected behavior: no malformed traffic on instance interface.
Actual behavior: Traffic with source=127.0.0.1 on instance interface.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1699495/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
