Page MenuHomePhabricator

remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users
Closed, InvalidPublic

Description

You make use of MapAddress in the default torrc on whonix-gw
https://www.torproject.org/docs/tor-manual.html.en#MapAddress

https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/usr/share/tor/tor-service-defaults-torrc.anondist#L107
contains:

mapaddress 1.1.1.1 k54ids7luh523dbi.onion
mapaddress 2.2.2.2 gbhpq7eihle4btsn.onion

Why are you redirecting traffic aiming to 1.1.1.1 (Cloudflare DNS resolver IP address) and 2.2.2.2 (Orange France) to some onion addresses?

This breaks connectivity to these destinations for all Whonix users by default and discloses the traffic to the operators of the onion addresses.

What are you trying to do with these torrc configuration lines?

Details

Impact
Normal

Event Timeline

nusenu created this task.Nov 26 2018, 9:41 PM
nusenu triaged this task as High priority.
Patrick added a subscriber: HulaHoop.

The rationale is making mixmaster work by default.

https://github.com/Whonix/anon-mixmaster/blob/master/etc/skel/.Mix/mix.cfg

Any suggestions for invalid IP addresses that we can use instead?

first rule: don't use public IP addresses that are not assigned to you

The rationale is making mixmaster work by default.

does that require a MapAddress entry?

Patrick renamed this task from mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 are likely not what you want to remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.Nov 28 2018, 6:26 AM
Patrick changed the task status from Open to testing-in-next-build-required.Nov 28 2018, 6:28 AM

Removed for now.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/377bbef9585ea067990ee54c1e40a6bb5eabd6da

Package upgrade available in Whonix testers repository soon.

My advice is to use a private address range reserved for this purpose by IANA. These will never be used in the future by anyone. Sine we use 10.x.x.x and moved away from 192.x.x.x, this leaves 172.x.x.x

172.16.0.0 – 172.31.255.255

https://en.wikipedia.org/wiki/Private_network

Patrick lowered the priority of this task from High to Normal.Dec 9 2018, 6:52 AM
Patrick changed the task status from testing-in-next-build-required to Open.Jan 31 2019, 12:06 PM

My advice is to use a private address range reserved for this purpose by IANA. These will never be used in the future by anyone. Sine we use 10.x.x.x and moved away from 192.x.x.x, this leaves 172.x.x.x

172.16.0.0 – 172.31.255.255

https://en.wikipedia.org/wiki/Private_network

Ok.

Please pick some range in the middle. Not the very first ones. This is to prevent issues for someone changing internal IP addresses (not likely using the same) or perhaps also to avoid issues with VPNs.

172.24.0.0
&
172.24.0.1

Middle of the range solution. How does this sound? Confirmed it falls within the private address CIDR:

https://ipduh.com/ip/cidr/?172.24.0.0/24

172.24.0.0 is in the 172.16.0.0/12 block which is set aside for use in private networks. Addresses within this block do not legitimately appear on the public Internet. Addresses within 172.16.0.0/12 can be used without any coordination with IANA or an Internet registry.

Sounds good!

Other imporvements in this thread such as functioning SMTP gateways are also part of this ticket:

https://forums.whonix.org/t/mixmaster-no-longer-working-in-whonix-14/6761

@Patrick Are pull requests needed?

@Patrick Now we have to figure out how or if we can use the version in sid on Buster since it is no longer available in stable-next after the freeze. Let me know what you think and I will open a ticket for it is doable.

https://github.com/Whonix/anon-gw-anonymizer-config/pull/17

On a second thought I wonder if this is still a Whonix specific fingerprinting vector. Any DNS request for 172.24.0.0 would resolve to bshc44ac76q3kskw.onion. Not something a remote website could exploit?

On a second thought I wonder if this is still a Whonix specific fingerprinting vector. Any DNS request for 172.24.0.0 would resolve to bshc44ac76q3kskw.onion. Not something a remote website could exploit?

No because Tor Browser blocks access to localhost and all private IANA addresses by default to prevent malicious websites tricking itinto leaking a user's identity.

But this isn't a Tor Browser only thing. Applies to any application, specifically those using system default networking (Tor's TransPort).

HulaHoop added a comment.EditedMar 26 2019, 6:04 PM

Can you think of any other app besides a browser that parses JS/Remote code that can manipulate it into requesting those particular addresses?

No user would consciously configure a daemon running on the internal network to use these IPs since it doesn't make sense - they are not within the 10.x.x.x range that we use.

Can you think of any other app besides a browser that parses JS/Remote code that can manipulate it into requesting those particular addresses?

Yes. A file sharing protocol or messenger protocol (something with a feature to get around firewalls / discovery protocol like retroshare).

Patrick closed this task as Invalid.Sat, Apr 6, 4:57 PM
Patrick claimed this task.

mixmaster is unavaiable in Debian version 10 codename Buster.

https://packages.debian.org/search?keywords=mixmaster

Therefore closing this ticket to have one ticket less for Whonix 15. Please feel free to re-open this ticket or creating a new one in case you think it's possible to still have mixmaster working.

remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users

This was done.

mixmaster said to be dead upstream and permanently removed from Debian

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880101