Newly Discovered Route Takeover and DNS Hijacking Attacks in Openshift


Luiza Nacshon1 and Martin Ukrop2, 1Senior Security Engineer, Red Hat, Israel, 2Senior Technical Program Manager, Red Hat, Czech Republic


OpenShift uses Route objects to expose web applications to the outside world through HAproxy. One of the challenges of managing web application routing in containerized environments such as OpenShift is securely transferring information and allowing access to the applications running in those environments. This paper will examine two possible attacks discovered during security research on OpenShift networking: Route takeover and DNS hijacking. While writing this paper, we didn’t find related works discussing the attacks in containerized environments like Openshift. The novelty of the discovered attacks is the way those attacks are implemented and leveraged in the Openshift environment. The techniques used to gain route takeover and DNS hijacking can work only on Openshift clusters. Next, in the paper, we will briefly present and explain how users can prevent those possible attacks by following specific security practices.


Networking, Routes, Containerized Network, Hijacking, Network Security Policies, Route Takeover

Full Text  Volume 13, Number 1