[tor-talk] Securing a Relay - chroot
Marsh Ray
marsh at extendedsubset.com
Thu May 26 16:43:01 UTC 2011
On 05/26/2011 11:12 AM, CACook at quantum-sci.com wrote:
> On Thursday 26 May, 2011 07:31:42 Eugen Leitl wrote:
>> So you're worrying about a compromised vserver guest
>> compromising the host, which is then used to attack
>> your LAN segment?
>
> Doesn't even have to compromise the host. With the guest in the same class C it can monitor traffic.
It's more that it's in the same 'broadcast domain' at the switching
layer, whereas 'class C' is an (archaic) routing layer concept.
Depending on the details of the switch though, monitoring (and active
man-in-the-middle attacks) could range from easy to impossible.
But it may be that your virtualization software can force the guest NIC
inside an IEEE 802.1Q VLAN so it can't see the rest of the network.
Which raises the question of what it can see, so you'll have to provide
it with some connectivity, like a 192.168.x.x address and NAT to
publicly-routable IP space. You could even do this NATting and
firewalling on the host kernel, perhaps with a virtual "host only"
segment from the guest to the host.
But don't ask me for every detail on how to set this up :-), I've listed
the key terms for which there are HOWTOs available. You should only
undertake this project if you _like_ digging into this sort of thing.
- Marsh
More information about the tor-talk
mailing list