Hey all! First off - great work to the authors on the article Attacking Kubernetes Clusters Through Your Network Plumbing: Part 1, I found it super interesting!
To increase my understanding, I’m trying to replicate the first attack described within an Azure Kubernetes Service cluster that I spun up for this purpose within my lab account, and running into an issue with the ARP spoofing portion. Specifically, when I target another pod in the cluster and use the gateway IP I found with the command
kubectl describe services -n kube-system, I get the error “Target machine did not respond to ARP broadcast”. If I modify the code to print out the text of the exception caught, it’s a list index out of range error.
I tried adding port 53 to my kubernetes manifest file and re-applying, to make sure the pods are listening on port 53 just in case that was an issue, but no change.
I feel dumb now, but the problem was that the pod I was targeting was in a different /24 block.