Re: [tor-talk] Dutch police break into webservers over hidden services
[I initially sent this just to Mike Cardwell. Sorry about that.] On 09/09/11 10:36, Gregory Maxwell wrote: > On Fri, Sep 9, 2011 at 6:14 AM, Gozu-san wrote: >> Alternatively, one could run Tor on VMs that can only access the >> internet via OpenVPN-based "anonymity services". OpenVPN clients can be > > OpenVPN-based "anonymity services" ~= snake oil. Although some are over-hyped, that's a very broad generalization. > If you're running a hidden service you've already got a perfectly good > network anonymity service running. I totally agree. Upon reflection, I get the elegance and wisdom of Mike Cardwell's guidance. The approach that I suggested, except perhaps with elaborate implementations that I didn't explain, is clearly inferior. I apologize to anyone whom I've misled. FWIW, my comments were colored by considerations re discretely hosting multiple hidden services. I'll explain that in a new thread. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Dutch police break into webservers over hidden services
On Fri, Sep 09, 2011 at 05:43:50AM +, tor-ad...@orionjurinform.com wrote 2.2K bytes in 45 lines about: : Very intresting what is the vulnerabilities they used for breaking systems? This question can likely only be answered by the authorities. The obvious attacks are against the webserver itself (apache, IIS, nginx, etc) or some interpreted language, like PHP, Python, or Java. Hidden services provide the path and addressing to a destination. They don't provide the application or content at the address. You need some sort of daemon/server software to provide the content and application. -- Andrew pgp key: 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Dutch police break into webservers over hidden services
On 09/09/11 12:19, Orionjur Tor-admin wrote: > How I need to set my VM for thas purposes? > I use a VirtualBox under transparently torified user on host machine for > the most secure browsing in the Internet but I cannot to get access to > that machine through ssh from my host machine inspite setting up > suitable port forwarding in VBox settings. > I think that the settings of my host firewall prevent that access. > So, I'll probably have such problem in the connection between my host > and guest machines if I set up a web-server on VM, and my hidden service > on my host. I don't know what you're asking from me... If your firewall is blocking the connections, reconfigure your firewall to allow them. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Dutch police break into webservers over hidden services
On 09.09.2011 08:36, t...@lists.grepular.com wrote: > On 09/09/11 06:43, Orionjur Tor-admin wrote: > >> Very intresting what is the vulnerabilities they used for breaking systems? >> In the lite of that facts I don't know what I need to advice my clients >> - setting up hidden services on their home computers or on overseas >> vdses? (My clients are not providers of child pornography but they are >> fighters with tyrannical regim). >> The first method is the best from the point of view of information >> defense but the second method is the best for defense of persons of >> operators of that services... > > Probably the safest way to run a hidden service is to do it from inside > a VM. > > Install Tor on the host OS. Configure up the Hidden Service on the host > OS, but point it at the IP of the VM. Set up a firewall on the VM to > prevent all other network traffic going in or out of it. Or > alternatively use the TransPort functionality of Tor so all traffic > leaving the VM goes through Tor. > > If the webserver on the VM is compromised, they get access to the VM, > but the VM shouldn't know its real IP address (just the NAT'd one), or > anything else about where it is or who it belongs to. > > You're still relying on there being no vulnerabilities in the VM > software or the Tor software which allow an attacker to access the host > system, but that sort of attack is much more difficult to pull off than > compromising a web server, or any of the software being served by the > web server. > > For all we know, this was a simple PHP exploit that allowed the attacker > to make a HTTP request from the target server to a host on the wider > Internet, to discover its IP. > > > How I need to set my VM for thas purposes? I use a VirtualBox under transparently torified user on host machine for the most secure browsing in the Internet but I cannot to get access to that machine through ssh from my host machine inspite setting up suitable port forwarding in VBox settings. I think that the settings of my host firewall prevent that access. So, I'll probably have such problem in the connection between my host and guest machines if I set up a web-server on VM, and my hidden service on my host. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Dutch police break into webservers over hidden services
On Fri, Sep 9, 2011 at 6:14 AM, Gozu-san wrote: > Alternatively, one could run Tor on VMs that can only access the > internet via OpenVPN-based "anonymity services". OpenVPN clients can be OpenVPN-based "anonymity services" ~= snake oil. If you're running a hidden service you've already got a perfectly good network anonymity service running. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Dutch police break into webservers over hidden services
Alternatively, one could run Tor on VMs that can only access the internet via OpenVPN-based "anonymity services". OpenVPN clients can be run on physical routers, with tunnels routed to physical LANs that lack management access. Even if attackers manage to compromise VM hosts, getting real external IPs also requires compromising the routers. One can readily extend this approach using nested OpenVPN tunnels. On 09/09/11 08:36, t...@lists.grepular.com wrote: > Probably the safest way to run a hidden service is to do it from inside > a VM. > > Install Tor on the host OS. Configure up the Hidden Service on the host > OS, but point it at the IP of the VM. Set up a firewall on the VM to > prevent all other network traffic going in or out of it. Or > alternatively use the TransPort functionality of Tor so all traffic > leaving the VM goes through Tor. > > If the webserver on the VM is compromised, they get access to the VM, > but the VM shouldn't know its real IP address (just the NAT'd one), or > anything else about where it is or who it belongs to. > > You're still relying on there being no vulnerabilities in the VM > software or the Tor software which allow an attacker to access the host > system, but that sort of attack is much more difficult to pull off than > compromising a web server, or any of the software being served by the > web server. > > For all we know, this was a simple PHP exploit that allowed the attacker > to make a HTTP request from the target server to a host on the wider > Internet, to discover its IP. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Dutch police break into webservers over hidden services
On 09/09/11 06:43, Orionjur Tor-admin wrote: > Very intresting what is the vulnerabilities they used for breaking systems? > In the lite of that facts I don't know what I need to advice my clients > - setting up hidden services on their home computers or on overseas > vdses? (My clients are not providers of child pornography but they are > fighters with tyrannical regim). > The first method is the best from the point of view of information > defense but the second method is the best for defense of persons of > operators of that services... Probably the safest way to run a hidden service is to do it from inside a VM. Install Tor on the host OS. Configure up the Hidden Service on the host OS, but point it at the IP of the VM. Set up a firewall on the VM to prevent all other network traffic going in or out of it. Or alternatively use the TransPort functionality of Tor so all traffic leaving the VM goes through Tor. If the webserver on the VM is compromised, they get access to the VM, but the VM shouldn't know its real IP address (just the NAT'd one), or anything else about where it is or who it belongs to. You're still relying on there being no vulnerabilities in the VM software or the Tor software which allow an attacker to access the host system, but that sort of attack is much more difficult to pull off than compromising a web server, or any of the software being served by the web server. For all we know, this was a simple PHP exploit that allowed the attacker to make a HTTP request from the target server to a host on the wider Internet, to discover its IP. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Dutch police break into webservers over hidden services
On 09/09/11 09:36, t...@lists.grepular.com wrote: > Set up a firewall on the VM to prevent all other network traffic > going in or out of it. I meant to say set up a firewall on the *host* OS to prevent all other traffic going in or out of the VM. I'd probably set up a firewall on the VM it's self too though as an extra layer of protection. If they hack the VM but don't get root, they wont be able to bypass the VMs firewall. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Dutch police break into webservers over hidden services
On 01.09.2011 13:24, Roger Dingledine wrote: > Several people have asked us on irc about recent news articles like > http://wireupdate.com/wires/19812/dutch-police-infiltrate-hidden-child-porn-websites-in-the-u-s/ > > Apparently the Dutch police exploited vulnerabilities in the webservers > reachable over the hidden services. Some people are confusing this issue > with an attack on Tor. Tor just transports bytes back and forth. If you > have an instant messaging conversation with a Tor user and convince her > to tell you her address, did you break Tor? Having an http conversation > with a webserver running over a Tor hidden service, and convincing it > to tell you its address, is not much different. > > So what lessons can we learn here, other than the usual "criminals > are not as smart as your average bear"? (If only we could count on bad > people to run insecure software, and good people to secure their software > correctly, the world would be a much simpler place.) One lesson is that > there are a lot of non-Tor components that can go wrong in keeping a > hidden service hidden -- just as we have a laundry list of security > and privacy issues to consider when using Tor as a normal client (at > the bottom of https://www.torproject.org/download/download.html.en ) > there's a whole other set of issues, mostly unexplored, for hidden > service operators to keep in mind: > https://www.torproject.org/docs/tor-hidden-service.html.en#three > > --Roger > > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > Very intresting what is the vulnerabilities they used for breaking systems? In the lite of that facts I don't know what I need to advice my clients - setting up hidden services on their home computers or on overseas vdses? (My clients are not providers of child pornography but they are fighters with tyrannical regim). The first method is the best from the point of view of information defense but the second method is the best for defense of persons of operators of that services... ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Dutch police break into webservers over hidden services
On 2011-09-01 15:24 , Roger Dingledine wrote: > Several people have asked us on irc about recent news articles like > http://wireupdate.com/wires/19812/dutch-police-infiltrate-hidden-child-porn-websites-in-the-u-s/ [..] In addiotion I want to refer to the below article from the Dutch "Public Ministry" (literal translation) or how Google Translate translates it as 'the prosecution' which is a bit off also I think, see and throw it trough your favorite translator if you like: http://www.om.nl/actueel-0/nieuws-persberichten/@156657/kinderporno-anonieme/ It is in Dutch, but here are the Tor related portions and my translation of it: "In dit onderzoek wil de politie ook duidelijk maken dat anonimiteit binnen het Tor-netwerk en ook landsgrenzen de opsporing van kinderporno niet in de weg staan." english: "With this investigation the police wants to make clear that anonimity inside the Tor network and also country borders do not limit the investigation into childporn". And then the section at the end "Vrijheid van meningsuiting" which is IMHO a good thing of them to publish in that way: my free translation: 8<-- Freedom of expression The police investigation that took the whole month of August, did not target the Tor network itself, but targeted the 'hidden services' which contained the childporn, which is run inside this underground part of the Internet. The Tor network makes users of the Internet anonymous by sending their IP-address passing different servers. Originally Tor was a project of the US Marines The network consists mostly of private persons that make Tor work with the use of their computers and internet connection. The use of Tor is not criminal per definition. In countries without freedom of speech Tor can for example be used by journalists and the opposition of a ruling regime. --->8 (the "IP-address" portion is a but odd, but for laymen pretty good ;) It think it is actually quite nice of the OM to list that last portion there as they effectively state that they in a mild way support the existence of Tor and see it as a good thing for the prime purpose that most people support Tor for: freedom of speech. Childporn though should be completely eradicated from this world and the folks who are responsible for it released to the people who are directly hurt by it... Greets, Jeroen ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk