This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [SPAM] Re: [Xen-users] Re: number of ips

To: Peter Booth <peter_booth@xxxxxxx>
Subject: Re: [SPAM] Re: [Xen-users] Re: number of ips
From: Anand Gupta <xen.mails@xxxxxxxxx>
Date: Sun, 12 Apr 2009 04:35:31 +0530
Cc: Eljas Alakulppi <Buzer@xxxxxxxxx>, Xen Users <Xen-users@xxxxxxxxxxxxxxxxxxx>, Vu Pham <vu@xxxxxxxxxx>
Delivery-date: Sat, 11 Apr 2009 16:06:18 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=WgKLdlo2+Aneuz9JP6k3scdlkU4KaUCXFNXU+sbTe9M=; b=FvRPcmn/vLTyaIIjqsmfScxDTVVOt7aGBVBN2Z3hrB1djf/QaXMw51lMS/zJeWx9ZN qMjsq7sDr3HHgnXnHxKPOQS7YIrOBq9kDMy3/WSbzroQTHcZDDPcz1PyPziIXy/gZ4Jo nPBx2CTElUKARxR/h0SGEHLCH2kePr1tc6+IU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=HD1DbRrw7onmLCJODFTd4pyC/lg0Xn8SXind69WnFdyYe0hZDdmVScqFvnzZgFk/+U UggT5UrVwm4yqfA8ZzRGEQRH/IFh7Wc1ChVdGh14/VuxIR9b8QLHIAdvH3Rra2xueWY8 xWSXM1Yp7B/vB4ayUrHjaPBOpL/q+AFY04V0w=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <E4880FD0-6A69-47BD-A568-B54C45536B58@xxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <acb757c00904090609y3975792dgd89d28e843ee9ee@xxxxxxxxxxxxxx> <49DFDC3F.9080706@xxxxxxxxxx> <49DFDE62.404@xxxxxxxxxx> <acb757c00904110352pafd134bqba01e8a6945f3bbc@xxxxxxxxxxxxxx> <op.ur7y4munrtqp7s@chiyo> <acb757c00904110447h25a98c63w1e86cd0fd2850785@xxxxxxxxxxxxxx> <op.ur73w6jnrtqp7s@chiyo> <acb757c00904111011p23f5aff9yfad1cab32ca9847f@xxxxxxxxxxxxxx> <49E0EDD2.8060201@xxxxxxxxxx> <E4880FD0-6A69-47BD-A568-B54C45536B58@xxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi Peter,

On Sun, Apr 12, 2009 at 1:04 AM, Peter Booth <peter_booth@xxxxxxx> wrote:
I'm a little puzzled by this. My starting point is that I can sometimes use technology to protect against foolishness but it's much harder to protect against malice.

I believe that the xen 3 limit is 3 vifs per VM. So if you create all three, with one bridge mode with an asugned ip and thee two private networks, what can user do thru ignorance or malice to break this?
1. They can reconfigure their "real IP" do a diff value on the subnet and presumably well see an error on both devices that are trying to use the VM
2. What happens if they create virtual devices based on their "real" device? Can they bind these to different IPs on the subnet?

Is there any reason to expect they would do this? Can you fire your users if they are malicious? This seems as much a human issue as a technical one.

Not always you can fire them. Imagine a situation wherein you are the dom0 administrator and all your domU are customers who manage their own domU. Now you have assigned ips to them, and one of them tries to bind a different ip as against to what was assigned to it. I am just trying to find a way to stop that from happening.


Anand Gupta
Xen-users mailing list