warewolf wrote:
Because of the way caker has the linode networking stuff set up, no linode can see the traffic that isn't explicitly destined for it.
well, that's comforting
| Linode Forum https://forum.linode.com/ |
|
| How Private is Private? https://forum.linode.com/viewtopic.php?f=19&t=4592 |
Page 1 of 1 |
| Author: | egus [ Thu Sep 03, 2009 11:39 pm ] |
| Post subject: | How Private is Private? |
Sorry for the stupid question, but I just want to make sure I understand Private IPs. So if I have two Linodes with private IPs, clearly any traffic between the two is hidden from the Internet, but is it hidden from other Linodes in the same data center? Or on the same subnet? In other words, do I need to encrypt private IP traffic between my two Linodes, or is it impossible for anyone else to sniff my private IP traffic? |
|
| Author: | marcus0263 [ Thu Sep 03, 2009 11:46 pm ] |
| Post subject: | |
No it's not accessible from the Internet Private Network As for internally, you really do need take measures, I may be mistaken but everyone within Linode's network in that data center would be visible. |
|
| Author: | sackler [ Thu Sep 03, 2009 11:50 pm ] |
| Post subject: | |
marcus0263 wrote: No it's not accessible from the Internet
Private Network As for internally, you really do need take measures, I may be mistaken but everyone within Linode's network in that data center would be visible. iirc, your internal (private) interface(s) are visible to other linoden in your datacenter. it's up to you to lock it down. |
|
| Author: | warewolf [ Thu Sep 03, 2009 11:51 pm ] |
| Post subject: | |
Because of the way caker has the linode networking stuff set up, no linode can see the traffic that isn't explicitly destined for it. |
|
| Author: | sackler [ Thu Sep 03, 2009 11:51 pm ] |
| Post subject: | |
warewolf wrote: Because of the way caker has the linode networking stuff set up, no linode can see the traffic that isn't explicitly destined for it.
well, that's comforting
|
|
| Author: | H3LR4ZR [ Fri Sep 04, 2009 9:26 am ] |
| Post subject: | |
Thought I would maybe clarify this a bit. You DO need to secure your ports because anyone in your datacenter can connect to services you make available via the private network. So you should only allow IPs which you expect to communicate with. So don't leave your memcached server exposed so that someone can come across it on a port scan and steal your data over the private net. However, they have promiscuous mode turned off, and no broadcast/multicast stuff so you don't need to worry about someone sniffing your traffic as it goes across the wire. |
|
| Author: | fukawi2 [ Mon Sep 07, 2009 12:28 am ] |
| Post subject: | |
H3LR4ZR wrote: ...and no broadcast/multicast stuff...
(Sorry for the partial quote) Broadcast is certainly enabled -- whoever has 192.168.139.100 in the Atlanta DC seems to enjoy Samba on their Linode and I keep seeing all the damn MS protocol broadcasts traffic on my Linode: Code: [IPTABLES REJECT] : IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:fe:fd:40:16:47:15:08:00 SRC=192.168.139.100 DST=192.168.255.255 LEN=243 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=223 |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|