[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] traffic sniff problem

  • To: xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: Thomas Ronner <thomas@xxxxxxxxxx>
  • Date: Fri, 18 Jun 2010 15:02:57 +0200
  • Delivery-date: Fri, 18 Jun 2010 06:05:13 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

On 18 Jun 2010, at 14:51, Jingyun He wrote:

I have xen node, it has a few VPSes, it used bridge network mode, and
we noticed that if one vps is restarted or a new vps is started, the
bridge will send all traffic to all interface during a few seconds,
and I did run a sniff program in one vps, it successful restrived some
password with these traffic.

Any solution?

The above situation also occurs with physical switches. When the topology changes or someone floods the switch with lots of mac- addresses it temporarily runs in hub-mode forwarding everything. A switch is a device for enhancing performance, not security.

The only solution is not to send passwords in clear text (which is a good idea in any case).


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.