[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge

To: Stefan de Konink <skinkie@xxxxxxxxx>
From: Igor Chubin <igor@xxxxxxx>
Date: Sat, 24 Nov 2007 17:17:09 +0200
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 24 Nov 2007 07:14:59 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>

On Sat, Nov 24, 2007 at 05:12:25PM +0200, Igor Chubin wrote:
> On Fri, Nov 23, 2007 at 04:02:46AM +0100, Stefan de Konink wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> > 
> > Is there a way to prevent hwaddr/mac address spoofing between DomU's?
> > 
> > 
> > So in a way 'binding' a mac-address on boot time with a virtual
> > interface? (with something like ebtables/arptables/etc?)
> 
> 
> As far as I understand, 
> you can solve your task with ebtables you have mentioned.
> 

Additional note.

You can modify vif-bridge script
to automagically add ebtables root
when domain U is started (and itc interfaces are created).



-- 
WBR, i.m.chubin


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
  - From: Igor Chubin

References:
- [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
  - From: Stefan de Konink
- Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
  - From: Igor Chubin

Prev by Date: Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
Next by Date: Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
Previous by thread: Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
Next by thread: Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.