[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Securing a Relay - chroot
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 05/27/2011 03:44 PM, CACook@xxxxxxxxxxxxxxx wrote:
> On Thursday 26 May, 2011 06:44:19 CACook@xxxxxxxxxxxxxxx wrote:
>> On Thursday 26 May, 2011 05:37:06 Eugen Leitl wrote:
>>> Why don't you like Linux vserver? My relay did some 350
>>> GByte/day, in a vserver guest on a low-end Atom box.
>>
>> It must necessarily share the network setup with the host, and so
>> the LAN class C since I can't set up the router downstream with
>> multiple IPs. Not secure. Also it would have the same firewall
>> settings, and that is not acceptable either.
>
> So nobody's actually thought about security for a relay and the need
> for a relay to be in the same class C as the LAN in order to access
> the router? What can be done?
You do not mention the threats you worry about and assets you care about
(thread model + security requirements).
In [1] you mentioned "can monitor traffic" and Marsh gave you already
hints how to address this (VLAN, virtual host only networks) [2].
[1] https://lists.torproject.org/pipermail/tor-talk/2011-May/020441.html
[2] https://lists.torproject.org/pipermail/tor-talk/2011-May/020442.html
If you want specific answers you should pose specific questions.
"security for a relay" is quite general.
-----BEGIN PGP SIGNATURE-----
iF4EAREKAAYFAk3fvvYACgkQyM26BSNOM7ZaRwD9GfFRAHgryR71FbrXTPJrind2
bWGwqZpSUsXeoOntdSwBAKD9Wrn86LjwLIvohlqCV4bZBPC9SjjxqLGIoKeUH9Zj
=0Q8T
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk