Le 21/12/2010 19:53, Simon Hobson a écrit :
> Jean Baptiste FAVRE wrote:
>> I understand what you mean. But even if dom0 has no interface bridged, I
>> think I'll be able to listen to network traffic, no ?
>> I want to mitigate consequences if dom0 get compromised, that's why I'm
>> trying to isolate network.
> All traffic passes through a process in Dom0 - that's just the way it's
> been built. But bear this in mind, if your Dom0 is compromised then
> EVERYTHING running on that physical machine is also compromised. If you
> control Dom0, you have access to all the guests, their memory, and their
> disks - as well as their network traffic.
> In other words, worrying about someone being able to sniff network
> traffic when they've compromised your Dom0 is a bit like the captain of
> the Titanic worrying about someone helping themselves at the bar while
> the crew are distracted by an iceberg !
Well, didn't saw things like that, but must admit you're right :)
And since I don't want to be the captain of the Titanic, I think
protecting dom0 from direct access with my firewall domU is better than
Thanks all of you for helping me better understanding of Xen !
I'll now make my tests, write documentation and publish it. Will keep
Xen-users mailing list