Vulnerability Assessment to prevent the detection of the presence of a load-balancing device based on HTTP header analysis

Solution In Progress - Updated -

Issue

  • We did a Vulnerability Assessment on the openshift cluster. As result, the assessment found that an attacker can detect the LB that we have in front of our cluster and use this info for other attacks.
  • To prevent detection by analyzing IP TTL values, IP ID values, and TCP ISN values, it is suggested to use hosts with a TCP/IP implementation that generates randomized numbers for these values. However, most operating systems available today do not come with such a TCP/IP implementation.

Environment

  • Red Hat OpenShift Container Platform
    • 4.7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content