[Ebtables-user] Xen security / MAC hijack
Brought to you by:
bdschuym
From: Stefan de K. <sk...@xs...> - 2007-11-23 13:47:11
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I'm trying to prevent the follow scenario: Xen host 1 has a hwaddr. Xen host 2 steels hwaddr of host 1. At that moment Xen host 1 is not reachable anymore. Now I tried to prevent ARP packets in the forwarding chain that didn't match the mac that Xen reports as valid. But it seems the bridge get informed about this 'new interface' upon ifconfig eth0 up in an other way, or via an other route. Is it possible to limit a source mac to a specific interface in a way that also ARP replies are blocked that indicate other macs? Stefan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHRtnYYH1+F2Rqwn0RCrz5AJ9pQP0pH++WfkrqUwmvda97JEF4mwCfSe/a PhiE8w2vojsz7zcUF+IzoL0= =oCup -----END PGP SIGNATURE----- |