[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] NFS and interface security

To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
From: stevegt@xxxxxxxxxxxxx
Date: Sat, 17 Jan 2004 08:04:41 -0800
Delivery-date: Sat, 17 Jan 2004 16:05:51 +0000
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

Two Xen features I like very much:

- Virtual domains can't see each others' traffic via 'tcpdump', which
  means that, for instance, guests using NFS root partitions are
  relatively isolated from each other on the wire.

- In a virtual domain, I can't simply 'ifconfig eth0:1 ip.on.my.lan' and
  expect it to route; i.e. virtual domains can't steal IP addresses.

Kudos to whoever made this work right.  Am I correct in my
interpretations here?  I.e. is this as secure as it looks?

There's a note in TODO that says "The current virtual firewall/router is
completely broken."  Is this still valid?

Steve
-- 
Stephen G. Traugott  (KG6HDQ)
UNIX/Linux Infrastructure Architect, TerraLuna LLC
stevegt@xxxxxxxxxxxxx 
http://www.stevegt.com -- http://Infrastructures.Org 


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] NFS and interface security
  - From: Ian Pratt

Prev by Date: Re: [Xen-devel] Cannot open root device for dom0
Next by Date: Re: [Xen-devel] Cannot open root device for dom0
Previous by thread: [Xen-devel] Xen and Xen
Next by thread: Re: [Xen-devel] NFS and interface security
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.