About this list Date view Thread view Subject view Author view Attachment view

From: Luís Miguel Silva (lms_at_ispgaya.pt)
Date: Tue 21 Jan 2003 - 00:18:09 GMT


Hello Nuno :o)

When i mentioned using lo for "sniffing protection" i was thinking about
protecting the vservers network data flow from other servers on the same
network! :o) (not about sniffing the data beetween vservers/root server).

Regards,
Luís Miguel Silva

>
>
> Luís Miguel Silva wrote:
>
> [..snip..]
>
>> Since i thought *somebody could sniff the data beetween vservers* i
>> choosed to bind them into the lo interface! That way they can still
>> communicate with each other and be "secure" ;o) [would somebody
>> correct me on this if im wrong?]
>
> Olá Luís!
>
> In the default vserver .conf, the vservers' root can't control the
> network interfaces, so vservers' root can't enable promisc mode and
> can't run a sniffer.
>
> If the vservers' root could enable sniffing (you added CAP_NET_* to the
> vservers' capabilities list, for instance) then he could do it in eth0
> or lo... So, afaict, chbind'ing to eth0: or lo: it's the same in terms
> of "sniffer protection".
>
> Um abraço,
> Nuno Silva

+-----------------------------------------
| Luís Miguel Silva
| Network Administrator@ ISPGaya.pt
| Rua António Rodrigues da Rocha, 291/341
| Sto. Ovídio • 4400-025 V. N. de Gaia
| Portugal
| T: +351 22 3745730/3/5 F: +351 22 3745738
| G: +351 93 6371253 E: lms_at_ispgaya.pt
| H: http://lms.ispgaya.pt/
+-----------------------------------------


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 20 Jan 2003 - 17:00:36 GMT by hypermail 2.1.3