В ночь с 15 на 16 июля 2017 в сети Selectel случилось одно из наиболее запомнившихся событий, которое привело к ухудшению (вплоть до полной недоступности) связности сети Selectel с зарубежным сегментом интернета. И это настолько запомнилось, что этому случаю было посвящено выступление технического директора Selectel на конференции сетевых операторов ENOG-14. Читать дальше →
OpenShift doesn't properly verify subdomain ownership, which allows route takeover. Once a custom route is created, the user must update the DNS provider by creating a canonical name (CNAME) record (if he likes to expose this route externally). The CNAME record should point the custom domain to the OpenShift router as the alias. In a case that the CNAME is not removed when the route is not in use anymore we are dealing with a dangling route. A malicious actor may take over the route.
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route.
In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.