[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Another Method to Block Java Hijinks

On 4/9/07, Ben Wilhelm <zorba-tor@xxxxxxxxxxxxx> wrote:

Roger Dingledine wrote:
> Kyle: this would be more useful if it didn't depend on a non-free vm
> player. Do any of the free software variants of VMWare actually work
> well enough for this approach?

I've been running Tor clients and servers under VMWare Server for a
while now. I do my secure browsing inside a dedicated VM, and my
firewall is set up to block all outgoing traffic from the VM. The VM
connects directly to my Tor server (on another VM, though that's not as
important) which itself connects to the outside world. It's not quite
ideal because in theory that VM could snoop around my LAN and report on
stuff, but I could disable that with some more work (putting that VM in
a dead-end virtual network so it can't talk to anything except a Tor
server), I'm just lazy and don't think that's really likely to be an issue.

VMWare Player ought to be possible to set up so that it runs behind a
DHCP server on whatever is running VMWare. VMWare Server definitely is.


Ben, you got the right idea.  I use JanusVM with Ubuntu and Backtrack. 

In the first version of JanusVM, we only had the bridged network interface.  With the latest release, we have two network interfaces (bridged and NAT'd).  We changed it for security purposes. 

I changed my Ubuntu network connection in VMWare Server from BRIDGED to NAT. Now with JanusVM and Ubuntu (or Backtrack), I'm using VMWare's NAT'd virtual NIC to connect from Ubuntu to JanusVM.  In Ubuntu, I just filter out all network traffic that not going to or from my NAT'd interface netmask.  So if my LAN is on 192.168.1.X and my NAT'd interface is on 192.168.242.X, then I just filter out everything that is not from 192.168.242.X.  This keeps me safe from the following types of attacks, which I haven't talked about or released until now.  I AM NOT CALLING THIS AN EXPLOIT, it is just a very simple query (nslookup) that can be used as an attack.

Roger Dingledine wrote:
>James Muir, HD Moore, others: can you give some thought to what attacks
>and vulnerabilities remain even in this model? I guess we can still
>overflow the browser and start looking around for private data on the
>computer, like an Outlook address book. What other issues remain? And
>does this approach introduce any new issues?

Here's your answer Roger:

The following is just a very, very simple yet effective means to acquire your REAL EXTERNAL IP address from WITHIN your internal LAN.  This does not work on every router/DNS server out there, but it works on the two ActionTec's and one D-Link retail routers I tested.

DEMO URL:   http://janusvm.peertech.org/Flash/internal-dns-leak.html

(yes, I know I just revealed my IP address to the everyone reading this, but honestly I don't care because [1] I'm making a point and [2] it has already been rolled to a new IP by the time you read this.)

We (coderman and I) have addressed and solved the issues of side-channel attacks to reveal your true IP to a server on the Internet.  Now we started thinking about things that can reveal our true IP INSIDE our LAN.  (HINT: UPNP would be another place to poke around at to get a real external IP, for all you Java fans.)  When using VMWare's NAT'd interfaces in the setup I just described above, you effectively stop this type of attack from working.