6 Apr
2014
6 Apr
'14
6:33 a.m.
On Wed, Apr 2, 2014 at 10:59 AM, Rusty Bird
... Maybe it can be boiled down to this: When redirecting *and* filtering, the filtering should be done in OUTPUT (instead of INPUT), ...
this is where defense in depth at the multiple-virtual machine / routing layer fails safe in ways that a single / monolithic Tor setup cannot, when applied with care. what i mean by "applied with care" is that forwarding through Tor only is the default. Anything unexpected / unsupported gets the bit bucket. the best target is actually TARPIT, not DROP, but that's another discussion... [this advice to default drop and isolate at routing level applies to Tails, Whonix, Qubes TorVM, and whoever else allows a transparent proxy model, IMHO] best regards,