[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Securing a Relay - chroot

On 05/26/2011 11:12 AM, CACook@xxxxxxxxxxxxxxx wrote:
On Thursday 26 May, 2011 07:31:42 Eugen Leitl wrote:
So you're worrying about a compromised vserver guest
compromising the host, which is then used to attack
your LAN segment?

Doesn't even have to compromise the host.  With the guest in the same class C it can monitor traffic.

It's more that it's in the same 'broadcast domain' at the switching layer, whereas 'class C' is an (archaic) routing layer concept. Depending on the details of the switch though, monitoring (and active man-in-the-middle attacks) could range from easy to impossible.

But it may be that your virtualization software can force the guest NIC inside an IEEE 802.1Q VLAN so it can't see the rest of the network.

Which raises the question of what it can see, so you'll have to provide it with some connectivity, like a 192.168.x.x address and NAT to publicly-routable IP space. You could even do this NATting and firewalling on the host kernel, perhaps with a virtual "host only" segment from the guest to the host.

But don't ask me for every detail on how to set this up :-), I've listed the key terms for which there are HOWTOs available. You should only undertake this project if you _like_ digging into this sort of thing.

- Marsh
tor-talk mailing list