[Openstack-security] instance-data sinkholing
Florian Weimer
fw at deneb.enyo.de
Thu Jan 2 17:36:18 UTC 2014
It has been suggested that I bring up this matter here.
Some variants of the EC2 instance-data injection protocol use a DNS
lookup for the domain "instance-data". If the instance data client is
not careful, the DNS stub resolver can add a search path to the
domain, resulting in a name like "instance-data.example.com".
(cloud-init was fixed in October 2012.) However, if the search path
is misconfigured, results like "instance-data.com" are possible.
I've registered instance-data.com and instance-data.net, but I would
like to transfer them to someone doing proper sinkholing, or
de-register them altogether. Occassionally, there is traffic
targeting these domains. Ideally, someone would monitor them and
contact those who send HTTP requests which look like the instance-data
injection protocol. Covering more TLDs might make sense as well.
Thoughts?
More information about the Openstack-security
mailing list