29/10/12 01:30, adrelanos wrote: > anonym: >>> * Allows stronger enforcement of tor-only connections, an attacker must >>>> break out of a virtual machine, in addition to previous steps taken. A VM >>>> can be configured to only be able to send traffic through the tor process >>>> running on the host machine. >> Sure, but to configure the applications in the guest to use the host's >> Tor is non-trivial for most users (and would require us to make Tor's >> ports listen on more than localhost). I'd like a way so a whole VM is >> Torified without additional configuration inside the VM. Here's some an >> article one can find inspiration from: >> >> <http://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network> >> >> (Added to the todo item) >> > > What about identity corelation since all VM traffic would go through a > single Tor socks port?
In this setup the VMs' traffic would be redirected to a dedicated Tor TransPort via netfilter, so we could just set IsolateDestAddr on that TransPort. It's perhaps not ideal, but I think I prefer that to requiring users to make sane choices about which SocksPort:s to use. Cheers! _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
