minimal traffic footprint Tor on the road
Eugen Leitl
eugen at leitl.org
Tue Sep 29 08:14:56 UTC 2009
On Tue, Sep 29, 2009 at 03:29:01AM -0400, grarpamp wrote:
> If you want to be safe from whatever random app fires [or you fire] up,
> and all their various requests... run in/behind/under some form of network
> sandbox that catches all traffic and shoves it through Tor or sinks it.
Most decent operating systems these days come bundled with
virtualization solutions, from heavy-weight (Xen, KVM) to
lightweight (containers, OpenVZ, VServer). What is needed
is packaging the browser/proxy/Tor into such guests, leaving
only the I/O to the host. It would be probably also good if
one reverts to a clean/known good snapshot after each new start,
and/or comes bundled with IDS.
Such guests should come as appliances, or at least be easy
enough to instantiate with a script, or a few commands.
It would be still possible to compromise the host, but it would
be much harder, and perhaps require manual intervention, making
compromise slower, and easier to detect.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list