1 |
On Sun, Jan 24, 2016 at 1:36 PM, Mick <michaelkintzios@×××××.com> wrote: |
2 |
> On Sunday 24 Jan 2016 11:40:04 Rich Freeman wrote: |
3 |
>> On Sun, Jan 24, 2016 at 10:56 AM, Grant <emailgrant@×××××.com> wrote: |
4 |
>> > So the user is safe if I send all internet requests from her remote |
5 |
>> > laptop through the Zerotier connection (instead of only sending |
6 |
>> > requests to my server through Zerotier)? |
7 |
>> |
8 |
>> It depends on what you mean by "safe." If you mean that there is no |
9 |
>> possibility of malware stealing or messing with your data this is the |
10 |
>> case if: |
11 |
>> |
12 |
>> As long as: |
13 |
>> 1. You ensure that no malware enters through zerotier. |
14 |
>> 2. No malware is present before you set up zerotier. |
15 |
>> 3. No network connections are ever used other than zerotier. |
16 |
>> |
17 |
>> If you mean safe to mean that nothing bad happens to the user's system |
18 |
>> that wouldn't have happened if they use their own internet connect, |
19 |
>> there is no real harm in using yours, assuming you don't leak your own |
20 |
>> malware onto their system. |
21 |
> |
22 |
> As Rich alludes to if through Zerotier the user can only connect to your |
23 |
> webserver and no connections of the user are forwarded (through your Zerotier- |
24 |
> LAN, or your webserver) to the Internet, the XSS kind of threats will be |
25 |
> contained. |
26 |
> |
27 |
> However, as I understand it the Zerotier provides a split tunnel arrangement. |
28 |
> The user will be able to use their browser to connect through Zerotier to your |
29 |
> LAN, while through another window on the same browser they will be able to |
30 |
> connect to the Internet using their own network. |
31 |
|
32 |
That, and after they disconnect from zerotier the malware that has |
33 |
been logging everything can go ahead and phone home to report in |
34 |
without going through whatever protections you'd have on your own |
35 |
network for outbound connections. |
36 |
|
37 |
-- |
38 |
Rich |