|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Networking privacy and DomU
On Mon, 2006-01-09 at 16:31 +0100, Martin Dziobek wrote: > Hello All, > > I'm not seeing the wood for trees ... > > In Xen 3.0 with standard setup (1 Dom 0, several > Dom U),how can I prevent a DomU from reading > the other DomUs network traffic with a sniffer ? > Can I use bridging at all ? > <snip> That's a very interesting question. I have not explored this in any detail but, it seems to me upon casual observation, that a domU cannot put the hardware NIC into promiscuous mode. I have tried to do this when troubleshooting various network problems. I have launched tcpdump in a domU and it does not appear to see all traffic -- only traffic destined for the domU address. Again, I did not try to work around it or even completely confirm that was the case but it is my casual observation. Perhaps since it is indeed a bridge, it is like plugging a protocol analyzer into a switch port -- one only sees broadcast traffic and the unicast traffic for that port. I suppose one could use arp poisoning to see other traffic but that would be true of any switch - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx Financially sustainable open source development http://www.opensourcedevel.com _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |