WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] RE: If a DomU was compramised..

To: matt@xxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] RE: If a DomU was compramised..
From: Steve Spencer <sspencer@xxxxxxxx>
Date: Thu, 20 May 2010 11:31:32 -0500
Cc: vburke@xxxxxxxx, xen-users-bounces@xxxxxxxxxxxxxxxxxxx, Jonathan Tripathy <jonnyt@xxxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 20 May 2010 09:32:42 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <319c2e5b66d09eeea2db5ea10b7e5461.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <46C13AA90DB8844DAB79680243857F0F061FD0@xxxxxxxxxxxxxxxxxxx><5DB0519124BB3D4DBEEB14426D4AC7EA17E924DAF8@xxxxxxxxxxxxxxxxxxxxx><46C13AA90DB8844DAB79680243857F0F061FD3@xxxxxxxxxxxxxxxxxxx><60154c577b6ed8a864e1178d234da21d.squirrel@xxxxxxxxxxxxxxxxxxxxxx><46C13AA90DB8844DAB79680243857F0F061FD5@xxxxxxxxxxxxxxxxxxx><30b387284de5988cb98227695ccb5339.squirrel@xxxxxxxxxxxxxxxxxxxxxx><46C13AA90DB8844DAB79680243857F0F061FD9@xxxxxxxxxxxxxxxxxxx> <292698811-1274370456-cardhu_decombobulator_blackberry.rim.net-2007909532-@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <319c2e5b66d09eeea2db5ea10b7e5461.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.24 (X11/20100411)
Matthew Law wrote:
> On Thu, May 20, 2010 4:47 pm, Vern Burke wrote:
>> Anything is possible, but I think it's unlikely. Given the number of VMs
>> on Amazon, if this was a real problem, we'd have seen it long before
>> this.
>>
>> Most likely way to get hacked is still what it's always been, lousy admin
>> practices.
> 
> I agree with Vern although I would go as far as to say that even with
> exceptionally good security and admin practices in place I think that if
> someone really wants to get in and has the skill, they will, eventually.
> 
> Buy more insurance! :-P
> 
> Cheers,
> 
> Matt
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

Just as an aside, we also use ossec-hids (client/server setup) for any
host that has the potential for being compromised (web servers,
generally, but others apply).  I've not done this for our Dom0's,
however, because the only access to them is administrative.  (ssh from
about 3 addresses)


-- 
--
Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 231
Mobile 308-380-7957

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users