Can other EC2 users network sniff my traffic? [closed] - security

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Is there any way another EC2 user can network sniff the traffic coming from or going to one of my EC2 instances, even if both our virtual instance are on the same physical host? And because this one is the most sensitive one to me, I will ask specifically, could another EC2 used find a way to sniff the traffic between my EC2 instance and my RDS database?

I'm not an expert on EC2, but if Amazon sets up NAT'ed DomU's for separate instances (and I'm sure they do), you should be safe.
With NAT, every instance only receives packets that were intended for that host. So no packet sniffing possible (at least in theory).
I should add that there are some interesting (as in "look we did it and wrote a paper about it") sniffing attacks based on L1 cache sniffing.
link to paper, if you're interested.

Related

in linux, does routing take different path on loopback vs IP assigned to NIC [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I am using RHEL 6.3 (2.6.x kernel). I have tcp based client server applications. I noticed that when i run them on the same host, the throughput is approx the same, irrespective whether server binds to loopback or local IP assigned to NIC.
What is the reason behind it? My understanding is that loopback is software based routing, where as when local IP assigned to NIC is involved, the hardware is involved in the data path. Is that true?
The hardware does not get involved.
As soon as the routing function knows that the destination address is local, the packet is switched to ingress path. Which is incidentally why sniffers can't capture such packets, because that hook happens to be after the point of this decision.

How do I count I/O paths in a virtual machine? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
How many I/O paths would a virtual machine -- like an EC2 instance or a Linode instance -- have available? I'm interested in learning more about this because I don't know an appropriate value for PostgreSQL's effective_io_concurrency setting. Thanks!
You don't know what's behind the mountpoints of your virtual machines. So the best thing you can and, actually, should do: test the performance of the disks alone and then testing it with different values of effective_io_concurrency.
I would took each /dev/* device that is used in your mountpoints as a separate IO path, at least this can be a good start.
I also think, that this configuration parameter has more value on the dedicated physical servers, rather then virtual ones (provided externally of course).

Modify http packets in linux gateway [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Greets,
I have a CentOS installed as a gateway, and some clients connect to internet via this gateway(NAT).
Now I want to insert some string to each webpage that clients requested. How to achieve this? netfilter, winpcap or something else ?
Any comments will be appreciated:-)
Ideally, don't. Doing this blindly will break a lot of web pages, especially ones which make heavy use of AJAX. (Because your inserted strings will end up in places where they will cause errors, like JSON responses.)
If you must, the term for what you're trying to do is "transparent proxying". Squid supports this: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy
Modifying the response content requires something that knows how to parse and correctly change that content. That means you can't do it at the packet layer (layer 3, where NAT is also implemented) but you need something at the application layer (layer 7). Application level gateways are usually called proxies :-)
And since this question is actually in the wrong forum I will stop answering for now :-) Please move it to i.e. Server Fault.

BitTorrent: How do peers connect to each other even in the absence of port forwarding? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
When you download a file using BitTorrent, you can download parts of the file from others who already have the file or from the original host. Once you've finished downloading the file, you too can help others download it by sending them parts of it.
How are peers able to connect to each other even if they are behind routers that don't forward any incoming connections to them? Does the original host help with this somehow?
If your router does not support upnp, many bittorrent implementations will try to connect to other peers using NAT punchthrough (see http://www.raknet.net/raknet/manual/natpunchthrough.html for some examples).
If you cannot punch through, that just means that you cannot host a connection. You can still make a connection with another host and send/receive packets to them. It's only when both parties are behind routers that can't be punched through that there is a problem. In this case, no data can be directly sent between the peers.

what is proxy server [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
What is proxy server exactly. What its purpose ?
there are two types of firewall: packet filters and proxies.
A proxy can have many purposes. Essentially it's a gateway that can restrict and/or log network accesses.
Maybe you're the admin of a network and you want to monitor the web traffic being accessed by company employees.
In that case you might have your client computers configured such that their web browsers / other apps are configured to access the internet through the proxy.
The proxy can then log what is being accessed - and by whom.
Proxies like squid specialise in caching frequently accessed network resources, in order to reduce bandwidth consumption.
There are many other uses, these are just a few. Hope this helps!

Resources