[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: minimal traffic footprint Tor on the road

On Tue, Sep 29, 2009 at 03:29:01AM -0400, grarpamp wrote:

> If you want to be safe from whatever random app fires [or you fire] up,
> and all their various requests... run in/behind/under some form of network
> sandbox that catches all traffic and shoves it through Tor or sinks it.

Most decent operating systems these days come bundled with
virtualization solutions, from heavy-weight (Xen, KVM) to 
lightweight (containers, OpenVZ, VServer). What is needed
is packaging the browser/proxy/Tor into such guests, leaving
only the I/O to the host. It would be probably also good if
one reverts to a clean/known good snapshot after each new start,
and/or comes bundled with IDS.

Such guests should come as appliances, or at least be easy
enough to instantiate with a script, or a few commands.

It would be still possible to compromise the host, but it would
be much harder, and perhaps require manual intervention, making
compromise slower, and easier to detect.

Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/