You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, we mostly trust the input that comes from the controller. However, with knowing the shared-secret, some of these attacks may be possible
Sending load-balancing rules with IP-addresses not intended for load-balancing. For example, one may could let the agent create DNAT rules for SSH on the management IP-address.
-> Create an (optional) IP-address whitelist on the agent
Doing "NFTables-Injection" by inserting malicious nftables control characters
Pushing malicious keepalived config
The text was updated successfully, but these errors were encountered:
Currently, we mostly trust the input that comes from the controller. However, with knowing the shared-secret, some of these attacks may be possible
-> Create an (optional) IP-address whitelist on the agent
The text was updated successfully, but these errors were encountered: