[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SPAM] Re: [Xen-users] Re: number of ips
- To: Peter Booth <peter_booth@xxxxxxx>
- From: Anand Gupta <xen.mails@xxxxxxxxx>
- Date: Sun, 12 Apr 2009 04:35:31 +0530
- Cc: Eljas Alakulppi <Buzer@xxxxxxxxx>, Xen Users <Xen-users@xxxxxxxxxxxxxxxxxxx>, Vu Pham <vu@xxxxxxxxxx>
- Delivery-date: Sat, 11 Apr 2009 16:06:18 -0700
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=HD1DbRrw7onmLCJODFTd4pyC/lg0Xn8SXind69WnFdyYe0hZDdmVScqFvnzZgFk/+U UggT5UrVwm4yqfA8ZzRGEQRH/IFh7Wc1ChVdGh14/VuxIR9b8QLHIAdvH3Rra2xueWY8 xWSXM1Yp7B/vB4ayUrHjaPBOpL/q+AFY04V0w=
- List-id: Xen user discussion <xen-users.lists.xensource.com>
Hi Peter,
On Sun, Apr 12, 2009 at 1:04 AM, Peter Booth <peter_booth@xxxxxxx> wrote:
I'm a little puzzled by this. My starting point is that I can sometimes use technology to protect against foolishness but it's much harder to protect against malice.
I believe that the xen 3 limit is 3 vifs per VM. So if you create all three, with one bridge mode with an asugned ip and thee two private networks, what can user do thru ignorance or malice to break this?
1. They can reconfigure their "real IP" do a diff value on the subnet and presumably well see an error on both devices that are trying to use the VM
2. What happens if they create virtual devices based on their "real" device? Can they bind these to different IPs on the subnet?
Is there any reason to expect they would do this? Can you fire your users if they are malicious? This seems as much a human issue as a technical one.
Not always you can fire them. Imagine a situation wherein you are the dom0 administrator and all your domU are customers who manage their own domU. Now you have assigned ips to them, and one of them tries to bind a different ip as against to what was assigned to it. I am just trying to find a way to stop that from happening.
-- regards,
Anand Gupta
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|