[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)

On Wed, Apr 2, 2014 at 10:59 AM, Rusty Bird <rustybird@xxxxxxxxxxxxxxx> wrote:
> ...
> Maybe it can be boiled down to this: When redirecting *and* filtering,
> the filtering should be done in OUTPUT (instead of INPUT), ...

this is where defense in depth at the multiple-virtual machine /
routing layer fails safe in ways that a single / monolithic Tor setup
cannot, when applied with care.

what i mean by "applied with care" is that forwarding through Tor only
is the default.  Anything unexpected / unsupported gets the bit
bucket.  the best target is actually TARPIT, not DROP, but that's
another discussion...

[this advice to default drop and isolate at routing level applies to
Tails, Whonix, Qubes TorVM, and whoever else allows a transparent
proxy model, IMHO]

best regards,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to