[tor-bugs] #5928 [Tor Client]: Research: IP discovery through Tor behind isolated network
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat May 19 11:52:15 UTC 2012
#5928: Research: IP discovery through Tor behind isolated network
------------------------+---------------------------------------------------
Reporter: proper | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
There are some integrations with Tor possible, where the client operating
system is not aware of its own external IP address. It can only exit
traffic through Tor. No direct connections possible.
The setup is implemented, because Tor is running on machine 1, which acts
as server. And the client operating system is running on machine 2. The
machines can be either a virtual machines or real hardware and are
connected through an isolated LAN. The server has two network cards, one
for the internal network and one to allow Tor to communicate with the
outside world. All connections go through Tor. [1] [2]
The setup as many advantages [8], for example that some severe IP leaks,
such as [6], [7] are prevented in the first place.
It is also assumed, that a successful exploit and infection (for example
with a Trojan horse) of the isolated client system would not lead into IP
discovery.* As long as the adversary is unable to exploit and infect the
Tor server from there as well.
The research question is, is that actually true?
One, already mentioned way, for IP discovery would be to exploit and
infect the Tor server as well. That's obvious and should be excluded from
the research.
It may make a difference if the whole client system is directed with help
of iptables through Tor's TransPort or if the client operating system is
supposed to use Tor's SocksPort(s).
Another attack vector may be mistakes in the configuration, which no one
has noticed yet.
The most interesting question is, how resistant is the Tor process against
malicious input (in form of network traffic)?
Obviously the attacker could control if any traffic and how much traffic
is transmitted into the Tor network. This might make certain active or
passive attacks easier.
The research paper could cover attacks and additional propose defenses.
The topic has been discussed a few times on the mailing list, but with no
results to this particular question. [3] [4] [5]
[1] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
[2] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX
[3] [https://lists.torproject.org/pipermail/tor-
talk/2012-April/023888.html tor-talk Can Tor resist active IP discovery
attacks from inside the client?]
[4] [https://lists.torproject.org/pipermail/tor-
talk/2012-March/023531.html tor-talk Risk with transparent proxy mode was
Re:Operating system updates / software installation behind Tor Transparent
Proxy]
[5] [https://lists.torproject.org/pipermail/tor-
talk/2012-March/023519.html tor-talk Obtain real IP behind Tor transparent
proxy; was: Operating system updates / software installation behind Tor
Transparent Proxy]
[6]
https://tails.boum.org/security/IP_address_leak_with_icedove/index.en.html
[7] https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-
current-tbbs
[8]
https://trac.torproject.org/projects/tor/wiki/doc/TorBOX#AdvantagesofTorBOX
Feel free to edit Summary and Description as required, if something is not
optimally chosen.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5928>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list