[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Securing a Relay - chroot



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 05/27/2011 03:44 PM, CACook@xxxxxxxxxxxxxxx wrote:
> On Thursday 26 May, 2011 06:44:19 CACook@xxxxxxxxxxxxxxx wrote:
>> On Thursday 26 May, 2011 05:37:06 Eugen Leitl wrote:
>>> Why don't you like Linux vserver? My relay did some 350
>>> GByte/day, in a vserver guest on a low-end Atom box.
>> 
>> It must necessarily share the network setup with the host, and so
>> the LAN class C since I can't set up the router downstream with
>> multiple IPs.  Not secure.  Also it would have the same firewall
>> settings, and that is not acceptable either.
> 
> So nobody's actually thought about security for a relay and the need
> for a relay to be in the same class C as the LAN in order to access
> the router?  What can be done?

You do not mention the threats you worry about and assets you care about
(thread model + security requirements).

In [1] you mentioned "can monitor traffic" and Marsh gave you already
hints how to address this (VLAN, virtual host only networks) [2].

[1] https://lists.torproject.org/pipermail/tor-talk/2011-May/020441.html
[2] https://lists.torproject.org/pipermail/tor-talk/2011-May/020442.html

If you want specific answers you should pose specific questions.
"security for a relay" is quite general.
-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAk3fvvYACgkQyM26BSNOM7ZaRwD9GfFRAHgryR71FbrXTPJrind2
bWGwqZpSUsXeoOntdSwBAKD9Wrn86LjwLIvohlqCV4bZBPC9SjjxqLGIoKeUH9Zj
=0Q8T
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk