Open Stack

Interesting.  Sounds like a useful thing to continue.  We should find
someone that can pick up this effort.  Anyone out there able to help with
this?

Also, I think that this could be a useful topic for an OSSN (a security
note that will help guide people towards better configuration practices for
their cloud).  Rob et al... you agree?

Cheers,
-bryan


On Thu, Jan 2, 2014 at 9:36 AM, Florian Weimer <fw at deneb.enyo.de> wrote:

> It has been suggested that I bring up this matter here.
>
> Some variants of the EC2 instance-data injection protocol use a DNS
> lookup for the domain "instance-data".  If the instance data client is
> not careful, the DNS stub resolver can add a search path to the
> domain, resulting in a name like "instance-data.example.com".
> (cloud-init was fixed in October 2012.)  However, if the search path
> is misconfigured, results like "instance-data.com" are possible.
>
> I've registered instance-data.com and instance-data.net, but I would
> like to transfer them to someone doing proper sinkholing, or
> de-register them altogether.  Occassionally, there is traffic
> targeting these domains.  Ideally, someone would monitor them and
> contact those who send HTTP requests which look like the instance-data
> injection protocol.  Covering more TLDs might make sense as well.
>
> Thoughts?
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140102/04344986/attachment.html>