[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: FYI: ultimate security proxy with tor



On Wed, Oct 29, 2008 at 04:08:09PM +0100, eugen@xxxxxxxxx wrote 1.9K bytes in 30 lines about:
: 1. 8 tor processes, each using separate spool directory
: 2. 8 privoxy processes, each configured to talk to separate tor.

Why 8?  Why not 1? 2? 16?

: 3. First squid, with malware domains blacklist, will have 8 round robin cache peers configured. (squid-in)

Using blacklists seems like a recipe for disaster.  Much like the
various lists floating around of suspect tor nodes, I suspect these
blacklists are based on very little research and more on "I
heard my 3rd cousin once received a virus from some site that looked
like this".  I could be wrong.

: 4. Havp, with squid-in as parent. (Anti-virus proxy, using clamav :) )
: 5. Second squid, that will use havp as parent (squid-out). Users will connect to this one.

Why the double proxy?  And does this open up a new threat for shared
users on the system to see when/how someone downloaded something through
this setup based on how long it takes to retrieve an object?  

-- 
phobos@xxxxxxxxxxxxx
SDF Public Access UNIX System - http://sdf.lonestar.org