[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] layer 2 separation: relay in a Host-only network (was: EFF Tor Challenge)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] layer 2 separation: relay in a Host-only network (was: EFF Tor Challenge)
From: CACook@xxxxxxxxxxxxxxx
Date: Thu, 2 Jun 2011 16:59:38 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 02 Jun 2011 20:00:05 -0400
In-reply-to: <4DE81270.7010206@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <BANLkTikB8BtA8Rdf0eH7-zWi1W6UsZO8Ng@xxxxxxxxxxxxxx> <201106020656.05962.CACook@xxxxxxxxxxxxxxx> <4DE81270.7010206@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.13.5 (Linux/2.6.38; KDE/4.4.5; x86_64; ; )

On Thursday 2 June, 2011 15:45:04 tagnaq wrote:
> > At the end, you will have achieved Bridged networking, so why
> > bother?
> 
> If your Host OS acts as a router your relay running in a VM won't be
> able to perform layer 2 attacks on your LAN as long as the VM can't
> compromise the Host OS.

This has merit.  

And come to think of it, using Shorewall to masquerade the guest through the host, I could force all the guest's traffic to the router -only-.

I think with the guest running Debian SELinux it is unlikely to be compromised, so this may be a good solution.  

Criticisms?

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] EFF Tor Challenge
  - From: Javier Bassi
- Re: [tor-talk] EFF Tor Challenge
  - From: CACook
- Re: [tor-talk] layer 2 separation: relay in a Host-only network (was: EFF Tor Challenge)
  - From: tagnaq

Prev by Author: Re: [tor-talk] EFF Tor Challenge
Next by Author: Re: [tor-talk] EFF Tor Challenge
Previous by thread: Re: [tor-talk] layer 2 separation: relay in a Host-only network (was: EFF Tor Challenge)
Next by thread: Re: [tor-talk] EFF Tor Challenge
Index(es):
- Author
- Thread