Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Can users sniff each other's packets and perform man in the middle attacks?

Say that I have a user (user A)that creates a VM that hosts a LAMP stack. However, user A does not enable https, and people logging in to the user's website will have unencrypted data going to/from the VM. Can other OpenStack users, who are malicious, sniff packets that go from/to the VM of user A? In this malicious scenario, would other users then be able to gather any unencrypted data (potentially login info) that get transferred to the VM? And can these malicious users do spoofing and man-in-the-middle attacks? Let's assume that the malicious OpenStack users can create VMs that will be in the same subnet as user A, and assume that the malicious OpenStack users don't have access or have not broken into the hypervisors.