[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Securing a Relay - chroot

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Securing a Relay - chroot
From: CACook@xxxxxxxxxxxxxxx
Date: Thu, 26 May 2011 09:12:25 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 26 May 2011 12:12:43 -0400
In-reply-to: <20110526143142.GK19622@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <520290.88475.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <201105260644.19967.CACook@xxxxxxxxxxxxxxx> <20110526143142.GK19622@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.13.5 (Linux/2.6.37; KDE/4.4.5; x86_64; ; )

On Thursday 26 May, 2011 07:31:42 Eugen Leitl wrote:
> You don't have another NIC to bind it to? Isolate the
> traffic via VLANs?

No the way out to The Internets is the only way out.  There is one router out.

 
> So you're worrying about a compromised vserver guest
> compromising the host, which is then used to attack
> your LAN segment?

Doesn't even have to compromise the host.  With the guest in the same class C it can monitor traffic.




_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Securing a Relay - chroot
  - From: Marsh Ray
- Re: [tor-talk] Securing a Relay - chroot
  - From: Martin Fick

References:
- Re: [tor-talk] Securing a Relay - chroot
  - From: Martin Fick
- Re: [tor-talk] Securing a Relay - chroot
  - From: CACook
- Re: [tor-talk] Securing a Relay - chroot
  - From: Eugen Leitl

Prev by Author: Re: [tor-talk] Securing a Relay - chroot
Next by Author: Re: [tor-talk] Securing a Relay - chroot
Previous by thread: Re: [tor-talk] Securing a Relay - chroot
Next by thread: Re: [tor-talk] Securing a Relay - chroot
Index(es):
- Author
- Thread