|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Re: Network isolation - PCI passthrough question
Jean Baptiste FAVRE wrote: I understand what you mean. But even if dom0 has no interface bridged, I think I'll be able to listen to network traffic, no ? ... I want to mitigate consequences if dom0 get compromised, that's why I'm trying to isolate network. All traffic passes through a process in Dom0 - that's just the way it's been built. But bear this in mind, if your Dom0 is compromised then EVERYTHING running on that physical machine is also compromised. If you control Dom0, you have access to all the guests, their memory, and their disks - as well as their network traffic. In other words, worrying about someone being able to sniff network traffic when they've compromised your Dom0 is a bit like the captain of the Titanic worrying about someone helping themselves at the bar while the crew are distracted by an iceberg ! -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |