[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden service security w. Apache/Win32

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Hidden service security w. Apache/Win32
From: "Fred Toben" <redguy@xxxxxxxxxxx>
Date: Sun, 19 Feb 2012 18:13:22 -0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 19 Feb 2012 13:14:30 -0500
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tormail.net; s=tm; h=Message-Id:X-TorMail-User:Content-Transfer-Encoding:Content-Type:MIME-Version:To:From:Subject:Date:References:In-Reply-To; bh=ltTsvOryAFQvka4cIGKMulEj98UHqzOFaw3tdjrQ9AU=; b=mP5QDGJJ15u3oKyDi0bW5UFO1z01g1d+h5QLmmDM45+P1n4/zMM1xpwzhtec4w1gqNhouCoVHaWFiacuBLPejv9FMZRG3iK8VI/0Wbn9xH0BWRa6mVdFU3mpauDrozETV55nhv/BZnCqzhBF9i5NCZZBxfqnJoBlFpkHiT1O5r0=;
Importance: Normal
In-reply-to: <4F412C8B.1000507@xxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1Rz6E3-000Fdr-HE@xxxxxxxxxxxxxxxxxxxx> <4F412C8B.1000507@xxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

proper@xxxxxxxxxxx  wrote:

>> So far I haven't found any public info about the possible downsides of
> running a hidden service under Windows.
>
> Let's assume a fresh, clean windows installation. Have you found a list
> and description of all outgoing network connections, that will be made by
> that windows installation? I haven't found any documentation. Information
> is spread all over the web. So far I discovered Windows Update, WGA and
> time sync.
>

> I am collecting all that information including source. [1]
>
> There are still open questions. Is the time sync authenticated or can it
> be spoofed by the Tor exit? How safe is it, to rely on Microsoft time sync
> servers? (just one server, single point of failure)

There should be no Tor exit, if you mean exit node.

Is the time sync spoofing even applicable to hidden services?

What I am concerned about is the security of the OS under which Apache is
running.

I have so far identified the following possibilities:

1. Exposing the date and time of the webserver.
I haven't managed to disable this info.

Telnet (VM1) on port internalport  and sending the command
OPTIONS / HTTP/1.0

returns the date, time and timezone  and the Apache server string.

But the Tor running on VM2 doesn't as far I know care about what date,
time or timezone the HTTP server running on VM 1 returns to the user
agent.

If I really wanted, I could script a reset of the date, time and timezone
on VM 1 to a random value at each startup.

2. Exposing the currently running username, computername or even product
ID of the Windows installation.

I can't see how it could happen.

I deliberately disable all Apache modules which could leak such info (no
PHPINFO) and even if Apache could somehow "break out" into the OS, access 
to sensitive folders (systemroot, userprofile) and the registry is locked
by a group policy.

The VM 1 and VM 2 is on a different subnet from my physical router and
VMware host.

3. Antivirus, Windows Update and browser fingerprints.

VM 1 serving the Apache installation doesn't even have internet access,
and no other services (IRC, web browser are allowed).

VM 2 has internet access, but the only non-system process allowed to
connect to the internet is tor.exe.

The limited user account is not permitted to download or run new programs
or to terminate existing processes.

4. A yet unpublicized exploit allowing an unknown intruder to break out of
the virtual environment.

Some years ago, it was discovered that the folder sharing option in VMware
Workstation (?) might enable a breakout of the guest OS.

But what about other virtualization products like Virtualbox?

I share your concerns, but if there is a security issue with running a
hidden service in Windows, one solution is replacing the VM running Tor
with a linux distro.

How can the MS time server tampering with the exit nodes be applicable to
hidden services?

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Hidden service security w. Apache/Win32
  - From: Fred Toben
- Re: [tor-talk] Hidden service security w. Apache/Win32
  - From: Gozu-san

Prev by Author: [tor-talk] Hidden service security w. Apache/Win32
Next by Author: Re: [tor-talk] Hidden service security w. Apache/Win32
Previous by thread: Re: [tor-talk] Hidden service security w. Apache/Win32
Next by thread: Re: [tor-talk] Hidden service security w. Apache/Win32
Index(es):
- Author
- Thread