[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] dom0 networking

To: Jonathan Vogt <xen-users@xxxxxxxxxxx>
From: Tim Post <tim.post@xxxxxxxxxxxxxxx>
Date: Fri, 07 Jul 2006 16:08:30 +0800
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 07 Jul 2006 01:09:59 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

> > 2. Is such a setup has a security weakness that I'm not seeing?
> Don't know about that one

Any dom-u that broadcasts an IP with that configuration "owns" it. As
long as you specify a mac / ip in your config per dom-u that shouldn't
be an issue. 

If not, its possible for one dom-u to 'hijack' an IP owned by another. 

Really only an issue if untrusted people have root access to the
dom-u's. Its more likely to happen by accident than as some sort of
attack, especially if you're using dhcp. 

We do something similar with dom-u's we use for redundant in-line
firewalls and snort appliances, works very well :)

HTH

Tim


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] dom0 networking
  - From: Paolo Supino
- Re: [Xen-users] dom0 networking
  - From: Jonathan Vogt

Prev by Date: Re: [Xen-users] dom0 networking
Next by Date: RE: [Xen-users] can't create WinXP or Win2003 VMX
Previous by thread: Re: [Xen-users] dom0 networking
Next by thread: [Xen-users] Problems booting Xen with LVM volumes
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.