WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
From: Andy Smith <andy@xxxxxxxxxxxxxx>
Date: Sat, 24 Nov 2007 19:23:34 +0000
Delivery-date: Sat, 24 Nov 2007 17:17:34 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <474642D6.9060905@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Openpgp: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
References: <474642D6.9060905@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)
On Fri, Nov 23, 2007 at 04:02:46AM +0100, Stefan de Konink wrote:
> Is there a way to prevent hwaddr/mac address spoofing between DomU's?

I use ebtables alone to do this.  I have the list of MAC addresses
and IP addresses for each domU in a database, and from that I build
an ebtables ruleset.  ARP replies from a MAC that does not
correspond with its assigned IPs are dropped and logged.

Cheers,
Andy

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users