Packet mirroring resource in use Affecting Compute Engine service in Google
Severity Framework
Snyk CCSS
Rule category
Threat Detection / Network
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
- Snyk ID SNYK-CC-00397
- credit Snyk Research Team
Description
Packet mirroring can be abused to intercept traffic and access sensitive information.
How to fix?
Remove google_compute_packet_mirroring when not in active use.
resource "google_compute_instance" "example397" {
name = "my-instance1"
machine_type = "e2-medium"
zone = "us-central1-a"
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
network_interface {
network = google_compute_network.example397.id
access_config {
}
}
}
resource "google_compute_network" "example397" {
name = "my-network"
}
resource "google_compute_subnetwork" "example397" {
name = "my-subnetwork"
network = google_compute_network.example397.id
ip_cidr_range = "10.2.0.0/16"
}
resource "google_compute_region_backend_service" "example397" {
name = "my-service"
health_checks = [google_compute_health_check.example397.id]
}
resource "google_compute_health_check" "example397" {
name = "my-healthcheck"
check_interval_sec = 1
timeout_sec = 1
tcp_health_check {
port = "80"
}
}
resource "google_compute_forwarding_rule" "example397" {
depends_on = [google_compute_subnetwork.example397]
name = "my-ilb"
is_mirroring_collector = true
ip_protocol = "TCP"
load_balancing_scheme = "INTERNAL"
backend_service = google_compute_region_backend_service.example397.id
all_ports = true
network = google_compute_network.example397.id
subnetwork = google_compute_subnetwork.example397.id
network_tier = "PREMIUM"
}