| 1 |
On Sun, Jan 24, 2016 at 1:36 PM, Mick <michaelkintzios@×××××.com> wrote: |
| 2 |
> On Sunday 24 Jan 2016 11:40:04 Rich Freeman wrote: |
| 3 |
>> On Sun, Jan 24, 2016 at 10:56 AM, Grant <emailgrant@×××××.com> wrote: |
| 4 |
>> > So the user is safe if I send all internet requests from her remote |
| 5 |
>> > laptop through the Zerotier connection (instead of only sending |
| 6 |
>> > requests to my server through Zerotier)? |
| 7 |
>> |
| 8 |
>> It depends on what you mean by "safe." If you mean that there is no |
| 9 |
>> possibility of malware stealing or messing with your data this is the |
| 10 |
>> case if: |
| 11 |
>> |
| 12 |
>> As long as: |
| 13 |
>> 1. You ensure that no malware enters through zerotier. |
| 14 |
>> 2. No malware is present before you set up zerotier. |
| 15 |
>> 3. No network connections are ever used other than zerotier. |
| 16 |
>> |
| 17 |
>> If you mean safe to mean that nothing bad happens to the user's system |
| 18 |
>> that wouldn't have happened if they use their own internet connect, |
| 19 |
>> there is no real harm in using yours, assuming you don't leak your own |
| 20 |
>> malware onto their system. |
| 21 |
> |
| 22 |
> As Rich alludes to if through Zerotier the user can only connect to your |
| 23 |
> webserver and no connections of the user are forwarded (through your Zerotier- |
| 24 |
> LAN, or your webserver) to the Internet, the XSS kind of threats will be |
| 25 |
> contained. |
| 26 |
> |
| 27 |
> However, as I understand it the Zerotier provides a split tunnel arrangement. |
| 28 |
> The user will be able to use their browser to connect through Zerotier to your |
| 29 |
> LAN, while through another window on the same browser they will be able to |
| 30 |
> connect to the Internet using their own network. |
| 31 |
|
| 32 |
That, and after they disconnect from zerotier the malware that has |
| 33 |
been logging everything can go ahead and phone home to report in |
| 34 |
without going through whatever protections you'd have on your own |
| 35 |
network for outbound connections. |
| 36 |
|
| 37 |
-- |
| 38 |
Rich |
Archives