[pve-devel] pve-firewall: dhcp snooping
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Wed Jun 4 14:30:07 CEST 2014
Am 04.06.2014 14:19, schrieb Dietmar Maurer:
>>> The attacker is inside the VM.
>>>
>> inside the VM where your DHCP live?
>
> no, inside a VM which used dhcp.
That doesn't matter. Normally you don't accept DHCP replies from this VM
only requests.
>> Then he already has control over all your DHCP network.
>
> Besides, we need to handle security for VM which does not use DHCP at all,
> so this does not really help.
>
Sure then we need an extra IP field for each network card.
More information about the pve-devel
mailing list