Hi *,
as there are many guys around here with OVS and qemu-virtualization I
think it's the right place to ask ;)
Currently I have some basic rulesets ala:
# --- 8-< ---
ovs-ofctl add-flow vmbr0 "in_port="${PORT}" ip idle_timeout=0
nw_dst=224.0.0.0/24 priority=40000 action=drop"
ovs-ofctl add-flow vmbr0 "in_port="${PORT}" ip idle_timeout=0
dl_src=${MAC} nw_src=${IP} priority=39000 action=resubmit("${PORT}",1)"
ovs-ofctl add-flow vmbr0 "in_port="${PORT}" ip idle_timeout=0
priority=100 action=drop"
ovs-ofctl add-flow vmbr0 "in_port="${PORT}" table=1 priority=100
action=normal"
# --- 8-< ---
that is: drop some broadcasts, allow VM's configured MAC + IP to jump to
next table, and there place some additional rules, if any.
This works, I see no more traffic if I do some changing of eth0's
MAC-address or changing my VM's IP. Fine.
Now there are evil characters around :-\
My enemy is arp-poisoning via ettercap or arpspoof. Programs that are
available in deb-packages.
Well, what do you do against mangled payload:
# --- 8-< ---
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
.
.
Sender MAC address: 00:f1:70:00:38:b0 (00:f1:70:00:38:b0)
Sender IP address: 192.168.1.30 (192.168.1.30)
# --- 8-< ---
whereas the senders MAC is correct, and the IP is faked, it's from the
VM I want to attack.
Is there any way in OVS to detect via offset/pattern/whatever such a mess?
Or administer a static table in OVS with valid MACs <-> IPs?
Thnx in @vance for any thoughts,
Oliver.
--
Oliver Francke
filoo GmbH
Moltkestraße 25a
33330 Gütersloh
HRB4355 AG Gütersloh
Geschäftsführer: S.Grewing | J.Rehpöhler | C.Kunz
Folgen Sie uns auf Twitter: http://twitter.com/filoogmbh
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
