This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-users] traffic sniff problem

To: "Thomas Ronner" <thomas@xxxxxxxxxx>, <Xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] traffic sniff problem
From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
Date: Fri, 18 Jun 2010 14:07:56 +0100
Delivery-date: Fri, 18 Jun 2010 06:15:16 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <AANLkTil4-Xjs42mUa3wuYC35TF5ZlTygORHobe7EcaAn@xxxxxxxxxxxxxx> <4A5AA1A5-DD56-4B3A-A0B8-4CA9534FB63B@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcsO5xIwfQUPsVDlSDyRzgzZPvHeKwAADLM8
Thread-topic: [Xen-users] traffic sniff problem


From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Thomas Ronner
Sent: Fri 18/06/2010 14:02
To: xen-users
Subject: Re: [Xen-users] traffic sniff problem

On 18 Jun 2010, at 14:51, Jingyun He wrote:

> Hello,
> I have xen node, it has a few VPSes, it used bridge network mode, and
> we noticed that if one vps is restarted or a new vps is started, the
> bridge will send all traffic to all interface during a few seconds,
> and I did run a sniff program in one vps, it successful restrived some
> password with these traffic.
> Any solution?

The above situation also occurs with physical switches. When the 
topology changes or someone floods the switch with lots of mac-
addresses it temporarily runs in hub-mode forwarding everything. A 
switch is a device for enhancing performance, not security.

The only solution is not to send passwords in clear text (which is a 
good idea in any case).



Can you not use arptables to prevent the above happening?

Xen-users mailing list