np-guard / vpc-network-config-analyzer

A tool for analyzing the configured network connectivity of VPCs as specified by various VPC resources
Apache License 2.0
7 stars 0 forks source link

support all protocol numbers #812

Open olasaadi99 opened 2 months ago

olasaadi99 commented 2 months ago

support https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml protocol numbers for aws sg and nacl

zivnevo commented 1 month ago

Should also check if in IBM VPCs, setting protocols to all allows protocols which are not TCP, UDP or ICMP.

zivnevo commented 1 month ago

Made an experiment with live VPCs (thanks @kyorav), sending SCTP traffic when "all" protocols are allowed in both NACLs and SGs. Conclusions:

  1. In AWS: SCTP traffic is allowed to flow - SCTP connections can be established.
  2. In IBM Cloud: Attempts to make SCTP connection timed out.

So indeed, the two clouds interpret "all" protocols differently.