[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Andy Smith <andy@xxxxxxxxxxxxxx>
Date: Sat, 24 Nov 2007 19:23:34 +0000
Delivery-date: Sat, 24 Nov 2007 17:17:34 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>
Openpgp: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc

On Fri, Nov 23, 2007 at 04:02:46AM +0100, Stefan de Konink wrote:
> Is there a way to prevent hwaddr/mac address spoofing between DomU's?

I use ebtables alone to do this.  I have the list of MAC addresses
and IP addresses for each domU in a database, and from that I build
an ebtables ruleset.  ARP replies from a MAC that does not
correspond with its assigned IPs are dropped and logged.

Cheers,
Andy

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
  - From: Stefan de Konink

Prev by Date: Re: [Xen-users] Resize domU block device?
Next by Date: Re: [Xen-users] Resize domU block device?
Previous by thread: Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
Next by thread: [Xen-users] Xen not detecting all my memory...
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.