WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge

from [Andy Smith] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge
From: Andy Smith <andy@xxxxxxxxxxxxxx>
Date: Sat, 24 Nov 2007 19:23:34 +0000
Delivery-date: Sat, 24 Nov 2007 17:17:34 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <474642D6.9060905@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Openpgp: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
References: <474642D6.9060905@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11) 
On Fri, Nov 23, 2007 at 04:02:46AM +0100, Stefan de Konink wrote:
> Is there a way to prevent hwaddr/mac address spoofing between DomU's?

I use ebtables alone to do this.  I have the list of MAC addresses
and IP addresses for each domU in a database, and from that I build
an ebtables ruleset.  ARP replies from a MAC that does not
correspond with its assigned IPs are dropped and logged.

Cheers,
Andy

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Resize domU block device?, Andy Smith
Next by Date:  Re: [Xen-users] Resize domU block device?, Andy Smith
Previous by Thread:  Re: [Xen-users] [SECURITY] preventing Hwaddr spoofing on bridge, Stefan de Konink
Next by Thread:  [Xen-users] Xen not detecting all my memory..., James Harper
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy