[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
From: Hggiu Uizzu <torboxdev@xxxxxxxxx>
Date: Sat, 3 Mar 2012 23:54:38 +0000 (GMT)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 03 Mar 2012 18:54:54 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1330818878; bh=6wGBqFAgn7nUI8HTbgjoDk+oiw7ls+l5GIXFPhfd9zc=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=0VeHZJF8fkD5lteLM4LzhKsUELV6ysNZXizsI5ZAgaeLQfkFtiBf3tPG+r9m4jE8kbO7V/586yuBZ7kul0N7wcWUXyCjXUCnKPgiUtXmB+6Krg2RjAqh4DsTklYX+fna37kRgnBL4bse1r7n1zdM4wj/50kdjVVLjn9y26pNxbY=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=WoRLextHKzrH7AT2faT0rFKmJBjWd0W4Jsr33N1i3DtSPyQ5K1CD5d6I0MQDLyt94c+MgEKVEuk9viCVxqyX/oMP80t56h1eAb2/R1DKMYLeBDkBUU8BhUk3JyujK6Wu9ho4UWXbkqkAdk6OhnDiQ2eWQN7ft0DisaXod8Zw0ns=;
In-reply-to: <CAJVRA1SG-ciu1h9Jh=wd7OHbF3-9p3D-Ao=wMtZYMQ4Rrop+Uw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAJVRA1SG-ciu1h9Jh=wd7OHbF3-9p3D-Ao=wMtZYMQ4Rrop+Uw@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

>coderman wrote:
>On Sat, Mar 3, 2012 at 12:33 AM,  <proper@xxxxxxxxxxxxxxx> wrote:
>>...
>> Application level leaks are problematic. We have a page which describes many of these problems i>ncluding with workarounds (we recommend Tor Browser etc.).

>these are significant if you are mixing tor and non-tor access on the
>same system. much of this is covered in the thread, and the particular
>risks are very specific to context and nature of use, as discussed.

Precisely why we don't do allow (try at least) any communication from the system to 
bypass Tor.

>> The transparently proxied operating system does not know it's real external
>> IP, only it's Tor exit IP. >>And can therefore never leak it's real external
>> IP. ... DNS / UDP leaks are impossible. Real IP may also not leak, the 
>>operating system doesn't have a way to find it out.

>this is not true; you must also prevent all local subnet access when
>in this mode. this may entail removing IPv6 interfaces, changing the
>default route to a /31 or /30 path, etc.

>otherwise there are attacks which reflect or bounce traffic on the
>local network to obtain public IP address or leak endpoint to an
>attacker.

We already learned about this in [1] and discussed it on our Dev page [2]
(and wondered why you said /29 and not /31). Could you provide us with some
pointers how such an attack would work against the currebt TorBOX setup?

To quickly outline TorBOX:
Client is connected to Proxy through a virtual "internal" network. No dhcp, no
IPv6, no route to physical devices or the internet. It got a static IP, no firewall 
active. The Proxy has two NICs, the external one is managed by VirtualBox dhcp
and NAT. Firewall can be found at [3]. All allowed traffic from the client is
redirected either to TransPort or to DNSPort. 

The "bare metal" setup would be: client - crossover or isolated LAN -
- proxy  - (...) - internet.

If Tor is doing something funky with packets sent to those ports instead of
routing them through the Tor network that's a serious bug in Tor. If iptables is
doing something funky with tcp packets to 169.254.0.0/16,
that's a serious bug in netfilter. What am I missing?

[1] http://archives.seul.org/or/talk/Jul-2010/msg00012.html
[2] http://archives.seul.org/or/talk/Jul-2010/msg00012.html
[3] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/ShellScript
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
  - From: coderman

References:
- [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
  - From: coderman

Prev by Author: Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy
Next by Author: Re: [tor-talk] Awareness for identity correlation through circuit sharing is almost zero.
Previous by thread: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
Next by thread: Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
Index(es):
- Author
- Thread