--- On Thu, 5/26/11, [email protected] <[email protected]> wrote:
> > So you're worrying about a compromised vserver guest > > compromising the host, which is then used to attack > > your LAN segment? > > Doesn't even have to compromise the host. With the > guest in the same class C it can monitor traffic. This is not true with a vserver, they use IP aliases, and do not have raw access to the network interface (unless you give them those specific capabilities). With lxc you could give it that access, but you could also firewall its interface from within the host so that this is not possible (unless the host is compromised). -Martin _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
