Hello guys,
So I have come across this issue where if you run ping command in shell code execution, it would keep running endlessly. Being a security guy, this would a great attack vector for internal threat actor. Check it out once and let me know if this happens to you as well?
Thank you.
hello @0xParth
Actually, that’s not an issue, that’s how the ping command works. According to the man page:
If the ‘threat actor’ able to get into n8n, the possible ddos won’t be your main problem 
There are many ways to hang the n8n entirely or get access to the another docker instances, or even leave the docker container and sneak into the corporate network.
The way to prevent this would be to block access to the execute command node, this way the internal users you give n8n access to won’t be able to run commands that may be different on Linux to what they would expect from Windows.
The env option to set is NODES_EXCLUDE you can find the information on it here: Environment variables reference | n8n Docs
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
