On Sun, Feb 02, 2020 at 09:24:20PM +0000, Arthur Wayside wrote:
Hello.
Say I run a websapp inside a chroot and someone manages to hack it and gain
shell access. Can I then somehow hide my server's IP from the likes of ifconfig?
If you want to hide your public IP from a particular application for
security reasons, the only way I know of to reliably do this is to run
that application on a physically separate server or inside a virtual
machine, and then bridge/port forward traffic to the VM. This way the
application (and any system components it has access to) can only ever
know the internal IP address of the server or virtual machine.
Otherwise it would be possible for an attacker to, for example, hack
your webapp to have it phone home to some external server controlled by
the attacker. The attacker would thereby be able to find your IP
address.
A less-secure approach would be a local firewall that only permits
outgoing network access to processes run by a specific user (which is
NOT the user account of your webapp) and then have the forwarding
handled by an application running under that user account. (this is the
approach taken by the TAILS Linux+Tor live USB)
