[tor-talk] Securing a Relay - chroot

[CACook at quantum-sci.com]

On Thursday 26 May, 2011 07:31:42 Eugen Leitl wrote:
> You don't have another NIC to bind it to? Isolate the
> traffic via VLANs?

No the way out to The Internets is the only way out.  There is one router out.

 
> So you're worrying about a compromised vserver guest
> compromising the host, which is then used to attack
> your LAN segment?

Doesn't even have to compromise the host.  With the guest in the same class C it can monitor traffic.