[openib-general] Re: RDMA connection and address translation API

Michael S. Tsirkin mst at mellanox.co.il
Thu Aug 25 01:51:36 PDT 2005


Quoting r. Roland Dreier <rolandd at cisco.com>:
> Of course for real security some stronger authentication is needed in
> any case (even in the iWARP case the source IP can't be trusted; an
> attacker could DOS the real owner of the IP, flood the switches MAC
> tables so it becomes a hub, and then take over any IP it wants).

I think you could get basically to the same level with IB by performing
an additional ARP lookup on the IP address, and comparing the port GIDs.

-- 
MST



More information about the general mailing list