Aws Rfc1918 Ip Ranges
Description
Detects EC2 security groups that use private RFC1918 IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) in their inbound rules. The use of broad private IP ranges could lead to overly permissive access from unintended private networks, potentially compromising network segmentation.
Detection Strategy
• Examines all security groups in the specified AWS region
• Analyzes each inbound rule (IpPermissions) within the security groups
• Flags any rule that uses one of the RFC1918 private IP ranges: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16
• Reports a vulnerability when a security group contains any matching private IP ranges in its rules
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.