[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx, cpunks <cypherpunks@xxxxxxxxxx>
Subject: Re: [tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)
From: coderman <coderman@xxxxxxxxx>
Date: Sat, 5 Apr 2014 23:33:54 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 06 Apr 2014 02:41:21 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=R8kRygCcqvnuLFaCnNOkzA+i5xTbAPi+Er06ICe58FI=; b=nGRFch30UJsk1Ly7AbH0QbamX3ekO8CADOiIDjtw47zBi4t1ER5d8250P+tcp1xzmH ItETlI5uHq8w/cz91b3ng5uKG3CV14v1qIAc+6ZefxTm5t9giWHacHJA9XzSQ7P00vsX 3tlDYk8qIjeHw6wWkLAnvyIKBmxnPWhpvpVZVJ+ePyLlkZTZrr9KQB32ayU6t3bymdtu 0yzY7+J8dR176/az30poiBOz3SQgFtqHrVbYfWzSzsni20uj37S1ZrhMRyankivfnX6n vCvvb+RWltZD97s1KtqMBJCeRg7jPxndaGkGMfNMi2SRdB7CaQRuOxQ/HmjeMJNYI70A F19w==
In-reply-to: <533C4FFE.2050702@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20140328194312.GD31390@xxxxxxxxxxxxxx> <533AC785.9010005@xxxxxxxxxxxxxxx> <533C4FFE.2050702@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, Apr 2, 2014 at 10:59 AM, Rusty Bird <rustybird@xxxxxxxxxxxxxxx> wrote:
> ...
> Maybe it can be boiled down to this: When redirecting *and* filtering,
> the filtering should be done in OUTPUT (instead of INPUT), ...

this is where defense in depth at the multiple-virtual machine /
routing layer fails safe in ways that a single / monolithic Tor setup
cannot, when applied with care.

what i mean by "applied with care" is that forwarding through Tor only
is the default.  Anything unexpected / unsupported gets the bit
bucket.  the best target is actually TARPIT, not DROP, but that's
another discussion...

[this advice to default drop and isolate at routing level applies to
Tails, Whonix, Qubes TorVM, and whoever else allows a transparent
proxy model, IMHO]

best regards,
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)
  - From: Rusty Bird

References:
- Re: [tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)
  - From: Rusty Bird
- Re: [tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)
  - From: Rusty Bird

Prev by Author: Re: [tor-talk] How safe is smartphones today?
Next by Author: Re: [tor-talk] How safe is smartphones today?
Previous by thread: Re: [tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)
Next by thread: Re: [tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)
Index(es):
- Author
- Thread