[unisog] Experiences with PlanetLab

Paquet Andre Earl andre.earl.paquet at umontreal.ca
Mon Feb 20 21:44:19 GMT 2006


        Here at Université de Montréal, the PlanetLab machines are logically isolated (by ACLs on their local router) : they cannot reach any machine on the internal network, and almost no machine can reach them from there. Apart from the fact that they could attack their router (and any other router on their way to the Internet), they can manifest themselves only on the internet (including our DMZ). On the other hand, they are not submitted to the incoming and outgoing ACLs on our periphery router : this is part of the agreement. We had one complaint, once, that was well taken care of by the PlanetLab people and our security office.

Yours truly,

André Earl Paquet
 Director of I.T. Security
 Université de Montréal
 (andre.earl.paquet at umontreal.ca)

-----Message d'origine-----
De : unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org] De la part de John H. Sawyer
Envoyé : 20 février 2006 16:01
À : UNIversity Security Operations Group
Objet : [unisog] Experiences with PlanetLab

Hi Everyone,

We have a couple of hosts on our campus participating in the PlanetLab
research network. Researchers request "slices" of time and resources on
the PlanetLab network to run experiments such as Internet mapping and
content distribution. We have received various complaints over the last
six months about things like TCP and ICMP scanning.

I know there are institutions represented on this list that are
participating--according to the PlanetLab site--and I was hoping to get
some feedback as to what related security issues you've dealt with and
any policies you may have developed in response to PlanetLab.

[1] http://www.planet-lab.org/php/overview.php

John H. Sawyer - GCFA GCIH GCFW
    UF IT Security Engineer
352.392.2061 -  infosec.ufl.edu
unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list