WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-users

[Top] [All Lists]

Re: [Xen-users] Re: firewalls and Xen

from [Tom Eastep]

[Permanent Link][Original]

To:	Molle Bestefich <molle.bestefich@xxxxxxxxx>
Subject:	Re: [Xen-users] Re: firewalls and Xen
From:	Tom Eastep <teastep@xxxxxxxxxxxxx>
Date:	Fri, 07 Jul 2006 18:24:30 -0700
Cc:	Luke <secureboot@xxxxxxxxx>, Daniel Goertzen <goertzen@xxxxxxxx>, Patrick Wolfe <pwolfe@xxxxxxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Fri, 07 Jul 2006 18:25:20 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<62b0912f0607070921m6d23370dlb0d1af3709ca34b4@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<796A7B7A-174F-4A38-865B-09D316F8CAE8@xxxxxxxxx> <43F1F6EC.4010207@xxxxxxxx> <3988B614-F9C1-4DEB-A97C-65AF8E2F8E06@xxxxxxxxx> <43F20903.5050506@xxxxxxxx> <1139939476.19273.45.camel@xxxxxxxxxxxxxxxxxxxxx> <62b0912f0607070921m6d23370dlb0d1af3709ca34b4@xxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Thunderbird 1.5.0.4 (X11/20060615)

Molle Bestefich wrote:
>
> 
> I'm thinking that if one domU is breached, a hacker will have total
> freedom to poke at any ports on any of the other domUs regardless of
> the firewall.

I disagree.In the topology presented in
http://www.shorewall.net/XenMyWay.html, a breach of the most vulnerable
domU (the 'lists' domain) cannot compromise any of the other domUs or
the dom0 or any of the local systems.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@xxxxxxxxxxxxx
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] Re: firewalls and Xen, Molle Bestefich Re: [Xen-users] Re: firewalls and Xen, Tom Eastep <= Re: [Xen-users] Re: firewalls and Xen, Emiliano Gabrielli Re: [Xen-users] Re: firewalls and Xen, Patrick Wolfe [Xen-users] Re: firewalls and Xen, Molle Bestefich [Xen-users] Re: firewalls and Xen, Patrick Wolfe Re: [Xen-users] Re: firewalls and Xen, Martti Kuparinen Re: [Xen-users] Re: firewalls and Xen, Patrick Wolfe

Previous by Date:	RE: [Xen-users] can't create WinXP or Win2003 VMX, Krysan, Susan
Next by Date:	[Xen-users] sched-sedf with multiple cpu's, Efraim
Previous by Thread:	[Xen-users] Re: firewalls and Xen, Molle Bestefich
Next by Thread:	Re: [Xen-users] Re: firewalls and Xen, Emiliano Gabrielli
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix