[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
From: coderman <coderman@xxxxxxxxx>
Date: Sat, 3 Mar 2012 21:01:45 -0800
Authentication-results: mr.google.com; spf=pass (google.com: domain of coderman@xxxxxxxxx designates 10.236.197.98 as permitted sender) smtp.mail=coderman@xxxxxxxxx; dkim=pass header.i=coderman@xxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 04 Mar 2012 00:01:57 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=rZ0BDYH+rlsZ5snrLEkUfdcDL3e0w6k0VKvWNxqAOoU=; b=gG3lYKvctT+ZgODpzQbgLuyAn9p8kPPWVwr54Y4XvFt4m8C212pT/gSp7t4W17OJJU jI+NibJpmTcZpNlqDBFmVYrRJNKIFZe3NU6P6qVKacNmcBB97slR/bIr9rfiZuEmNCZy HmXv1opIggPyTNXu5GWxofgguwIWg4Up9yZwOSgu8pYMaOkQg5XakZcBdpW7KmQIA01n p8KVzHFfP4ljfKIijVGkMlkP4Lwl4OB+UFLjI5LmLuKoFh8HH8pL7jMtZ/mHMSjP00tJ eFWsVDgEG3qIu0eGZvftgG5vRRjgK5Jw2QPyShBpIFQbR3aZlgUClzJVZ8D6+k6GxdoA BKoQ==
In-reply-to: <1330818878.8861.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAJVRA1SG-ciu1h9Jh=wd7OHbF3-9p3D-Ao=wMtZYMQ4Rrop+Uw@xxxxxxxxxxxxxx> <1330818878.8861.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Sat, Mar 3, 2012 at 3:54 PM, Hggiu Uizzu <torboxdev@xxxxxxxxx> wrote:
>.
> We already learned about this in [1] and discussed it on our Dev page [2]
> (and wondered why you said /29 and not /31).

some operating systems (Windows) do not support /31 host-to-host
interface configurations. in which case, a /29 two host subnet
achieves the same result (forcing all remote traffic through default
gateway, transparent proxy port in Tor in this case.

> Could you provide us with some
> pointers how such an attack would work against the currebt TorBOX setup?
>...

the setup looks fine from a cursory check, but i would need to give it
a run to know.  the concern with local network access is primarily at
the client. an insecure configuration would look like:

client(physical)  eth0 192.168.1.100
and
localrouter(physical) via eth0 at 192.168.1.1

virtual torbox at 168.16.1.1 via eth1/tun0 (virtual device) and client
using 168.16.1.100
virtual torbox outgoing bridged to eth0 using 192.168.1.102 using second device.

in this case, even if client was routing all internet access through
168.16.1.1 virtual torbox, it could still be compelled to send TCP or
UDP traffic to the 192.168.1.1 and other hosts on the network. such
reflection off internal hosts can compromise your anonymity.

> The "bare metal" setup would be: client - crossover or isolated LAN -
> - proxy  - (...) - internet.

cross over / isolated LAN is the key part here. if you share same LAN
between client and internal network, hosts within that internal
network can be leveraged to leak.

> If Tor is doing something funky with packets sent to those ports instead of
> routing them through the Tor network that's a serious bug in Tor.

the transparent proxy ports (TCP and DNS) work great in Tor. it is the
routing configuration between the client and these ports which is of
concern.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
  - From: coderman
- Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
  - From: Hggiu Uizzu

Prev by Author: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
Next by Author: Re: [tor-talk] How to contribute / takeover a sub project?
Previous by thread: Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
Next by thread: [tor-talk] Who is 93.114.40.75? Tor check page lists it and says I'm not using Tor. Another user reported this, too.
Index(es):
- Author
- Thread