The best way to run a hidden service: one or two computers?
Robert Ransom
rransom.8774 at gmail.com
Fri Sep 17 00:47:32 UTC 2010
On Thu, 16 Sep 2010 15:32:21 -0400
hikki at Safe-mail.net wrote:
> Do you say that Ethernet cards may have backdoors built in,
Yes. I read a report years ago that at least one model of Ethernet
card had a remote ‘firmware upgrade’ ‘feature’ built in, with
absolutely no authentication of the new firmware blob. The card
firmware had access to the host's DMA hardware, which can be used to
root the host.
> or did I
> misunderstand that?
No.
> What if you put a hardware firewall router between the first computer and
> the second:
>
> [Server box with web server] -> [Hardware firewall router] -> [Gateway box with Tor] -> Internet/Tor entry node
>
> And computer 1 and computer 2 operate on two different IP ranges, while
> the firewall router sets all the firewall directives between them.
>
> Could this be safer?
Only if you trust the hardware firewall/router. I wouldn't.
> (I'm not sure if this message came within the thread, since I'm not yet sure about how to reply like that.)
It did.
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100916/f3018e0d/attachment.pgp>
More information about the tor-talk
mailing list