irsl
commented
3 years ago Communication between VMs on the same network is unfiltered by default, so udp/68 is accessible and can be targeted. This is what attack 1 and 2 are about. Exploitation here of course requires attacker presence in that subnet (a compromised VM, container, or similar where UDP traffic can be initiated from.) If you want to ensure that a compromised VM can't infect the others in the same project, you can do that by setting up a host level firewall rule blocking udp/68 with source IP other than the metadata server. The "full remote" attack 3 does not work in default setups as it requires the firewall to allow udp/68 either explicitly or by disabling the firewall as is.
I carried out the research with the default VM OS in GCE, which is "Debian GNU/Linux 10 (buster)". I didn't test Google COS at all.
ct-dh
c3st7n
Apologies if I have misunderstood something here, but in my tests, if I have Google firewall rules in place denying ingress on UDP port 68 (or no rules explicilty allowing it) then the traffic does not get through. From reading the README, I was led to think this was not possible and it had to be achieved using host based firewall rules.
Can you confirm if I am correct in my assessment that the GCP SDN network based firewall is capable of mitigating this attack?
Also, I checked some Google COS (container optimized OS) based images, and I don't see the DHCP hook google_set_hostname on the filesystem. Can you confirm what images/distros you tested in this exploit?