[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Securing a Relay - chroot
-----BEGIN PGP SIGNED MESSAGE-----
On 05/27/2011 03:44 PM, CACook@xxxxxxxxxxxxxxx wrote:
> On Thursday 26 May, 2011 06:44:19 CACook@xxxxxxxxxxxxxxx wrote:
>> On Thursday 26 May, 2011 05:37:06 Eugen Leitl wrote:
>>> Why don't you like Linux vserver? My relay did some 350
>>> GByte/day, in a vserver guest on a low-end Atom box.
>> It must necessarily share the network setup with the host, and so
>> the LAN class C since I can't set up the router downstream with
>> multiple IPs. Not secure. Also it would have the same firewall
>> settings, and that is not acceptable either.
> So nobody's actually thought about security for a relay and the need
> for a relay to be in the same class C as the LAN in order to access
> the router? What can be done?
You do not mention the threats you worry about and assets you care about
(thread model + security requirements).
In  you mentioned "can monitor traffic" and Marsh gave you already
hints how to address this (VLAN, virtual host only networks) .
If you want specific answers you should pose specific questions.
"security for a relay" is quite general.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
tor-talk mailing list