[kuryr] Job running open resolver
Maysa De Macedo Souza
mdemaced at redhat.com
Tue Mar 3 17:14:28 UTC 2020
Hi James,
Thank you for reporting it. We will take a look at it.
Best,
Maysa.
On Tue, Mar 3, 2020 at 5:11 PM James E. Blair <corvus at inaugust.com> wrote:
> Hi,
>
> The openstack-infra team received a report from one of our
> infrastructure donors that a gate job run by Kuryr is running a DNS
> resolver open to the Internet. This is dangerous as, if discovered, it
> can be used as part of DNS reflection attacks. The community and our
> infrastructure donors share an interest in avoiding misuse of our
> resources.
>
> Would you please look into whether this job is perhaps opening its
> iptables ports too liberally, and whether that can be avoided?
>
> The job is kuryr-kubernetes-tempest-containerized-ovn, and the build
> which triggered the alerting system is this one:
>
> https://zuul.opendev.org/t/openstack/build/166301f57b21402d8d8443bb1e17f970
>
> Thanks,
>
> Jim
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200303/ed0be2c0/attachment.html>
More information about the openstack-discuss
mailing list