yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1699495] Re: security groups allows localhost (127.0.0.0/8) to pass

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1699495@xxxxxxxxxxxxxxxxxx>
Date: Tue, 22 Aug 2017 04:17:44 -0000
Reply-to: Bug 1699495 <1699495@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1699495

Title:
  security groups allows localhost (127.0.0.0/8) to pass

Status in neutron:
  Expired

Bug description:
  Host local IP addresses shouldn't be in source_ip for incoming
  packets. No exceptions.

  Current implementation of security groups, when user allow a wide
  range of IP addresses to pass, allow to pass 127.0.0.0/8.

  Steps to reproduce:
  1. Create rule in security groups which allows from 0.0.0.0/0
  2. send spoofed traffic with source 127.0.0.1 to instance (hping3 -a 127.0.0.1 target_ip)

  Expected behavior: no malformed traffic on instance interface.
  Actual behavior: Traffic with source=127.0.0.1 on instance interface.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1699495/+subscriptions

References

[Bug 1699495] [NEW] security groups allows localhost (127.0.0.0/8) to pass
From: George Shuklin, 2017-06-21