[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] layer 2 separation: relay in a Host-only network (was: EFF Tor Challenge)



On Thursday 2 June, 2011 15:45:04 tagnaq wrote:
> > At the end, you will have achieved Bridged networking, so why
> > bother?
> 
> If your Host OS acts as a router your relay running in a VM won't be
> able to perform layer 2 attacks on your LAN as long as the VM can't
> compromise the Host OS.

This has merit.  

And come to think of it, using Shorewall to masquerade the guest through the host, I could force all the guest's traffic to the router -only-.

I think with the guest running Debian SELinux it is unlikely to be compromised, so this may be a good solution.  

Criticisms?



_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk