[tor-talk] EFF Tor Challenge
CACook at quantum-sci.com
CACook at quantum-sci.com
Thu Jun 2 23:02:19 UTC 2011
On Thursday 2 June, 2011 14:50:44 Martin Fick wrote:
> --- On Thu, 6/2/11, CACook at quantum-sci.com <CACook at quantum-sci.com> wrote:
>
> > For those interested, so far my best idea is running the
> > daemon in a VirtualBox VM running SELinux as guest, and
> > bridged to the outside. This should substantially
> > solve most problems except membership in the local
> > LAN.
>
> I don't think that this would make for a best practice,
> I think that a linux lxc should be encouraged instead,
> it is way more efficient.
I looked at containers in depth. They are simply not secure.
On Thursday 2 June, 2011 14:50:44 Martin Fick wrote:
> As fir isolation, I think that a best practice
> should use iptable rules. But if you want to
> go the cheap hardware route, buy a $5/15 nic
> and add it to your box and plug that nic into
> your modem's DMZ port, most of them have one.
Goes without saying (although I should have said it), iptables for sure, blocking everything in and out except what is absolutely needed. I use a fine firewall called Shorewall, developed a couple blocks away from me actually.
Most ppl have consumer-grade routers; no DMZ port. Wish there was...
More information about the tor-talk
mailing list