Vulnerability Assessment to prevent the detection of the presence of a load-balancing device based on HTTP header analysis
Issue
- We did a
Vulnerability Assessment
on the openshift cluster. As result, the assessment found that an attacker can detect the LB that we have in front of our cluster and use this info for other attacks. - To prevent detection by analyzing IP TTL values, IP ID values, and TCP ISN values, it is suggested to use hosts with a TCP/IP implementation that generates randomized numbers for these values. However, most operating systems available today do not come with such a TCP/IP implementation.
Environment
- Red Hat OpenShift Container Platform
- 4.7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.