[openstack-dev] [neutron][metadata] Is there HTTP attack issue in metadata proxy functionality offered by reference implementation?
hdh_1983 at 163.com
Wed Nov 16 16:05:39 UTC 2016
Currently, nova metadata service is proxy by metadata agent in dhcp agent or l3 router agent, it is depended on whether network attach to router or not. In essential, metadata agent implements a http proxy functionality by computer node host protocal stack. In other words, it exposes host protocol stack to vm. If vm is a attacker, it can launch a HTTP GET flood attacks. then it may affect this computer node. I would like to hear you guy's opinion. any comment is welcome. thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev