cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [2/3] git commit: updated refs/heads/master to 1d9735c
Date Tue, 30 Aug 2016 17:14:56 GMT
Merge pull request #1663 from shapeblue/4.9-dnsreflection-attack

[LTS/blocker] CLOUDSTACK-6432: Prevent DNS reflection attacksCLOUDSTACK-6432: Prevent DNS
reflection attacks

    DNS on VR should not be publically accessible as it may be prone to DNS
    amplification/reflection attacks. This fixes the issue by only allowing VR
    DNS (port 53) to be accessible from guest network cidr, as per the fix in:
    https://issues.apache.org/jira/browse/CLOUDSTACK-6432

    - Only allows guest network cidrs to query VR DNS on port 53.
    - Includes marvin smoke test that checks the VR DNS accessibility checks from
      guest and non-guest network.
    - Fixes Marvin sshClient to avoid using ssh agent when password is provided,
      previous some environments may have seen 'No existing session' exception without
      this fix.
    - Adds a new dnspython dependency that is used to perform dns resolutions in the
      tests.

Due to repository commit issues I've created this PR, based on #1653 .

/cc @jburwell @karuturi @NuxRo @ustcweizhou @wido  and others

* pr/1663:
  CLOUDSTACK-6432: Prevent DNS reflection attacks

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3e6f49d9
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3e6f49d9
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3e6f49d9

Branch: refs/heads/master
Commit: 3e6f49d9e28007d8c4a0b51b34e32e7f6d724c1e
Parents: 0671a80 14504dc
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Tue Aug 30 22:42:40 2016 +0530
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Tue Aug 30 22:43:17 2016 +0530

----------------------------------------------------------------------
 .../debian/config/opt/cloud/bin/cs/CsAddress.py |  24 +-
 test/integration/smoke/test_router_dns.py       | 268 +++++++++++++++++++
 tools/marvin/marvin/sshClient.py                |   3 +-
 tools/marvin/setup.py                           |   1 +
 4 files changed, 282 insertions(+), 14 deletions(-)
----------------------------------------------------------------------



Mime
View raw message