top | item 31840622

(no title)

albatruss | 3 years ago

> Also - shouldn't the web be full off vurnurable database servers then?

No, the docker bridge network is not on a routable subnet.

discuss

TekMol|3 years ago

Does it have to? The attack looks like it would also work over the internet:

    2. [ATTACKER] Route all packets destined for 172.16.0.0/12 through the victim's machine.

    ip route add 172.16.0.0/12 via 192.168.0.100

Here, "192.168.0.100" could be exchange for any ip address I guess?

jandrese|3 years ago

That will only work if you are on the same subnet.

When you craft a packet for that address, the stack will see that route and send an ARP "who has" request out whatever interface you assigned when you did that IP route rule (probably your default ethernet). If nobody responds than the packet dies in the stack.

Plutoberth|3 years ago

172.16.0.0/12 is a private subnet. This means that it's addresses are relevant only within a local network, and never over the internet. If you try to send a packet to an address within that subnet, layer 3 devices (i.e. routers) on the internet will drop it.

thedougd|3 years ago

If that's true, you can then send packets to it, but not receive replies. That's still a problem.

gcbirzan|3 years ago

Except you would have to be on the same layer 2 network as the "victim" for this to work.