Tuesday, November 19 • 11:50am - 12:25pm
CAP_NET_RAW and ARP Spoofing in Your Cluster: It's Going Downhill From Here - Liz Rice, Aqua Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Did you know that by default, your applications running in Kubernetes can open raw network sockets? This talk demonstrates how, in the right circumstances, the CAP_NET_RAW capability that allows this can be abused by a compromised application.

* ARP spoofing: pretending to represent the wrong IP address
* If the app can ARP spoof the IP address of the DNS service, this potentially lets it spoof DNS addresses: pretending to represent the wrong domain name

Sounds bad, doesn't it?

These attacks, and their consequences, will be demonstrated live, along with preventative measures that you can take to ensure they aren't happening on your cluster.

This talk explains CAP_NET_RAW and spoofing, but the audience is expected to be comfortable with Kubernetes concepts like pod specs and admission controllers.

avatar for Liz Rice

Liz Rice

Vice President, Open Source Engineering, Aqua Security
Liz Rice is VP Open Source Engineering at cloud native security specialists Aqua Security. She also chairs the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon + CloudNativeCon in 2018. She has a wealth of software engineering experience working on network protocols... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm
Room 11AB - San Diego Convention Center Upper Level