Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Re: [Xen-devel] Re: IP addresses used by domU: msg#00047

Subject: Re: [Xen-devel] Re: IP addresses used by domU 
On Thu, Sep 21, 2006 at 10:50:11AM -0700, Sanjam Garg wrote:
> thanks a lot.
>   
>  Your assumption on bridging was correct...but the fact is that i  
> cant use sniffing to make a guess as my system has constraints laid 
>  down by the intentions of the user who may use some packet source 
> IP  spoofing to mislead dom0.if thats all that can be done then i
> would  need to do something more rigrous...

When using bridging the network security concerns are pretty much exactly 
the same for those of a bare metal machine - the whole point of bridging
is that the guest is connecting directly to the LAN as any physical machine
would. 

Thus if you don't trust the admin of the DomU then don't let them connect 
straight
to the network. For example, you can switch Xen to an alternative networking
config where DomU's have to be forwarded & NAT'd using IPTables to get LAN 
access.  If you really want to use bridging I guess you could try filtering
out any traffic from the DomU's particular vif which has an unexpected
source IP address, but really best bet is to go for NAT & remove their 
direct access


Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IP addresses used by domU, Daniel P. Berrange
Next by Date:  Testing for Xen of FC6 Test3 -- 2, Zhao, Yunfeng
Previous by Thread:  Re: IP addresses used by domU, Daniel P. Berrange
Next by Thread:  Re: IP addresses used by domU, Sanjam Garg
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe