Page MenuHomePhabricator
Create Task
Maniphest T878

remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users
Closed, InvalidPublic
Actions

Description

You make use of MapAddress in the default torrc on whonix-gw
https://www.torproject.org/docs/tor-manual.html.en#MapAddress

https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/usr/share/tor/tor-service-defaults-torrc.anondist#L107
contains:

mapaddress 1.1.1.1 k54ids7luh523dbi.onion
mapaddress 2.2.2.2 gbhpq7eihle4btsn.onion

Why are you redirecting traffic aiming to 1.1.1.1 (Cloudflare DNS resolver IP address) and 2.2.2.2 (Orange France) to some onion addresses?

This breaks connectivity to these destinations for all Whonix users by default and discloses the traffic to the operators of the onion addresses.

What are you trying to do with these torrc configuration lines?

Details

Impact
Normal

Event Timeline

nusenu triaged this task as High priority.Nov 26 2018, 9:41 PM
nusenu created this task.
Herald added a project: Whonix. · View Herald TranscriptNov 26 2018, 9:41 PM
Herald added subscribers: entr0py, Patrick. · View Herald Transcript
Patrick added projects: anon-mixmaster, Whonix 15.Nov 27 2018, 7:27 AM
Patrick added a subscriber: HulaHoop.

The rationale is making mixmaster work by default.

https://github.com/Whonix/anon-mixmaster/blob/master/etc/skel/.Mix/mix.cfg

Any suggestions for invalid IP addresses that we can use instead?

nusenu added a comment.Nov 27 2018, 12:41 PM

first rule: don't use public IP addresses that are not assigned to you

The rationale is making mixmaster work by default.

does that require a MapAddress entry?

Patrick renamed this task from mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 are likely not what you want to remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.Nov 28 2018, 6:26 AM
Patrick added a project: anon-gw-anonymizer-config.
Patrick changed the task status from Open to testing-in-next-build-required.Nov 28 2018, 6:28 AM

Removed for now.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/377bbef9585ea067990ee54c1e40a6bb5eabd6da

Package upgrade available in Whonix testers repository soon.

HulaHoop added a comment.Dec 5 2018, 12:13 AM

My advice is to use a private address range reserved for this purpose by IANA. These will never be used in the future by anyone. Sine we use 10.x.x.x and moved away from 192.x.x.x, this leaves 172.x.x.x

172.16.0.0 – 172.31.255.255

https://en.wikipedia.org/wiki/Private_network

Patrick lowered the priority of this task from High to Normal.Dec 9 2018, 6:52 AM
Patrick changed the task status from testing-in-next-build-required to Open.Jan 31 2019, 12:06 PM
Patrick added a comment.Jan 31 2019, 12:15 PM
In T878#17661, @HulaHoop wrote:

My advice is to use a private address range reserved for this purpose by IANA. These will never be used in the future by anyone. Sine we use 10.x.x.x and moved away from 192.x.x.x, this leaves 172.x.x.x

172.16.0.0 – 172.31.255.255

https://en.wikipedia.org/wiki/Private_network

Ok.

Please pick some range in the middle. Not the very first ones. This is to prevent issues for someone changing internal IP addresses (not likely using the same) or perhaps also to avoid issues with VPNs.

HulaHoop added a comment.Feb 2 2019, 3:36 AM

172.24.0.0
&
172.24.0.1

Middle of the range solution. How does this sound? Confirmed it falls within the private address CIDR:

https://ipduh.com/ip/cidr/?172.24.0.0/24

172.24.0.0 is in the 172.16.0.0/12 block which is set aside for use in private networks. Addresses within this block do not legitimately appear on the public Internet. Addresses within 172.16.0.0/12 can be used without any coordination with IANA or an Internet registry.

Patrick added a comment.Feb 2 2019, 9:19 AM

Sounds good!

HulaHoop added a comment.Feb 18 2019, 7:01 PM

Other imporvements in this thread such as functioning SMTP gateways are also part of this ticket:

https://forums.whonix.org/t/mixmaster-no-longer-working-in-whonix-14/6761

@Patrick Are pull requests needed?

Patrick added a comment.Feb 18 2019, 10:47 PM

Yes.

HulaHoop added a comment.Mar 25 2019, 12:33 AM

https://github.com/Whonix/anon-gw-anonymizer-config/pull/17/commits/5351bd4765476e9522c77cea5a8e30e6c4f94083

HulaHoop added a comment.Mar 25 2019, 12:35 AM

@Patrick Now we have to figure out how or if we can use the version in sid on Buster since it is no longer available in stable-next after the freeze. Let me know what you think and I will open a ticket for it is doable.

Patrick added a comment.Mar 25 2019, 7:42 AM

https://github.com/Whonix/anon-gw-anonymizer-config/pull/17

On a second thought I wonder if this is still a Whonix specific fingerprinting vector. Any DNS request for 172.24.0.0 would resolve to bshc44ac76q3kskw.onion. Not something a remote website could exploit?

Patrick added a comment.Mar 25 2019, 7:43 AM

https://github.com/Whonix/anon-gw-anonymizer-config/commit/57e3976d9726fc636741865ee90d1bb2bbf3dfad

HulaHoop added a comment.Mar 25 2019, 8:39 PM

On a second thought I wonder if this is still a Whonix specific fingerprinting vector. Any DNS request for 172.24.0.0 would resolve to bshc44ac76q3kskw.onion. Not something a remote website could exploit?

No because Tor Browser blocks access to localhost and all private IANA addresses by default to prevent malicious websites tricking itinto leaking a user's identity.

Patrick added a comment.Mar 26 2019, 1:00 PM

But this isn't a Tor Browser only thing. Applies to any application, specifically those using system default networking (Tor's TransPort).

HulaHoop added a comment.EditedMar 26 2019, 6:04 PM

Can you think of any other app besides a browser that parses JS/Remote code that can manipulate it into requesting those particular addresses?

No user would consciously configure a daemon running on the internal network to use these IPs since it doesn't make sense - they are not within the 10.x.x.x range that we use.

Patrick added a comment.Apr 4 2019, 8:16 PM
In T878#18059, @HulaHoop wrote:

Can you think of any other app besides a browser that parses JS/Remote code that can manipulate it into requesting those particular addresses?

Yes. A file sharing protocol or messenger protocol (something with a feature to get around firewalls / discovery protocol like retroshare).

Patrick closed this task as Invalid.Apr 6 2019, 4:57 PM
Patrick claimed this task.

mixmaster is unavaiable in Debian version 10 codename Buster.

https://packages.debian.org/search?keywords=mixmaster

Therefore closing this ticket to have one ticket less for Whonix 15. Please feel free to re-open this ticket or creating a new one in case you think it's possible to still have mixmaster working.

remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users

This was done.

Patrick added a comment.Apr 6 2019, 8:06 PM

mixmaster said to be dead upstream and permanently removed from Debian

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880101

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer