Luiza Nacshon¹ and Martin Ukrop², ¹Senior Security Engineer, Red Hat, Israel, ²Senior Technical Program Manager, Red Hat, Czech Republic

OpenShift uses Route objects to expose web applications to the outside world through HAproxy. One of the challenges of managing web application routing in containerized environments such as OpenShift is securely transferring information and allowing access to the applications running in those environments. This paper will examine two possible attacks discovered during security research on OpenShift networking: Route takeover and DNS hijacking. While writing this paper, we didn’t find related works discussing the attacks in containerized environments like Openshift. The novelty of the discovered attacks is the way those attacks are implemented and leveraged in the Openshift environment. The techniques used to gain route takeover and DNS hijacking can work only on Openshift clusters. Next, in the paper, we will briefly present and explain how users can prevent those possible attacks by following specific security practices.

Networking, Routes, Containerized Network, Hijacking, Network Security Policies, Route Takeover