DigitalOcean DNS/ARP Exposure
I'm not sure if this is an issue or not, but I noticed that running tcpdump on a DigitalOcean droplet shows you ARP and DNS requests. This lets you get a list of machines hosted by DigitalOcean... I might be way off here, but could this make DO vulnerable to ARP spoofing?
Made a quick video to demonstrate what I mean: http://www.youtube.com/watch?v=gmNaJCkGFOw
4 comments
[ 2.8 ms ] story [ 21.4 ms ] thread-- Jeff Carr Chief Architect Digital Ocean Inc.
By the way - it's nice to see such a pro-active response from DO. Great work!