[tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)
coderman
coderman at gmail.com
Sun Apr 6 06:33:54 UTC 2014
On Wed, Apr 2, 2014 at 10:59 AM, Rusty Bird <rustybird at openmailbox.org> wrote:
> ...
> Maybe it can be boiled down to this: When redirecting *and* filtering,
> the filtering should be done in OUTPUT (instead of INPUT), ...
this is where defense in depth at the multiple-virtual machine /
routing layer fails safe in ways that a single / monolithic Tor setup
cannot, when applied with care.
what i mean by "applied with care" is that forwarding through Tor only
is the default. Anything unexpected / unsupported gets the bit
bucket. the best target is actually TARPIT, not DROP, but that's
another discussion...
[this advice to default drop and isolate at routing level applies to
Tails, Whonix, Qubes TorVM, and whoever else allows a transparent
proxy model, IMHO]
best regards,
More information about the tor-talk
mailing list