[tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
Hggiu Uizzu
torboxdev at yahoo.com
Sat Mar 3 23:54:38 UTC 2012
>coderman wrote:
>On Sat, Mar 3, 2012 at 12:33 AM, <proper at secure-mail.biz> wrote:
>>...
>> Application level leaks are problematic. We have a page which describes many of these problems i>ncluding with workarounds (we recommend Tor Browser etc.).
>these are significant if you are mixing tor and non-tor access on the
>same system. much of this is covered in the thread, and the particular
>risks are very specific to context and nature of use, as discussed.
Precisely why we don't do allow (try at least) any communication from the system to
bypass Tor.
>> The transparently proxied operating system does not know it's real external
>> IP, only it's Tor exit IP. >>And can therefore never leak it's real external
>> IP. ... DNS / UDP leaks are impossible. Real IP may also not leak, the
>>operating system doesn't have a way to find it out.
>this is not true; you must also prevent all local subnet access when
>in this mode. this may entail removing IPv6 interfaces, changing the
>default route to a /31 or /30 path, etc.
>otherwise there are attacks which reflect or bounce traffic on the
>local network to obtain public IP address or leak endpoint to an
>attacker.
We already learned about this in [1] and discussed it on our Dev page [2]
(and wondered why you said /29 and not /31). Could you provide us with some
pointers how such an attack would work against the currebt TorBOX setup?
To quickly outline TorBOX:
Client is connected to Proxy through a virtual "internal" network. No dhcp, no
IPv6, no route to physical devices or the internet. It got a static IP, no firewall
active. The Proxy has two NICs, the external one is managed by VirtualBox dhcp
and NAT. Firewall can be found at [3]. All allowed traffic from the client is
redirected either to TransPort or to DNSPort.
The "bare metal" setup would be: client - crossover or isolated LAN -
- proxy - (...) - internet.
If Tor is doing something funky with packets sent to those ports instead of
routing them through the Tor network that's a serious bug in Tor. If iptables is
doing something funky with tcp packets to 169.254.0.0/16,
that's a serious bug in netfilter. What am I missing?
[1] http://archives.seul.org/or/talk/Jul-2010/msg00012.html
[2] http://archives.seul.org/or/talk/Jul-2010/msg00012.html
[3] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/ShellScript
More information about the tor-talk
mailing list