Page MenuHomePhabricator
Feed Advanced Search

Dec 7 2018

Patrick closed T881: remove attempts to hide CPU information from VM in VirtualBox as Resolved.
Dec 7 2018, 12:09 PM · build, VirtualBox, Whonix 15, Whonix, Whonix 14
Patrick removed a project from T530: CPU-induced latency Covert Channel Countermeasures: Whonix 15.
Dec 7 2018, 12:06 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
Patrick removed a project from T687: Supress VB error messages.: Whonix 15.
Dec 7 2018, 11:58 AM · build, VirtualBox, Whonix, usability
Patrick removed a project from T378: make vbox-disable-timesync compatible with guest additions from virtualbox CD: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, VirtualBox, Whonix, vbox-disable-timesync

Dec 3 2018

HulaHoop added a comment to T881: remove attempts to hide CPU information from VM in VirtualBox.

There's been research showing that trying to hide CPU information in a virtualizer is futile.

Dec 3 2018, 7:07 PM · build, VirtualBox, Whonix 15, Whonix, Whonix 14

Nov 28 2018

Patrick closed T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? as Resolved.

This will be undone. Ticket:

Nov 28 2018, 7:44 AM · Whonix 14, Whonix, VirtualBox
Patrick triaged T881: remove attempts to hide CPU information from VM in VirtualBox as Normal priority.
Nov 28 2018, 7:43 AM · build, VirtualBox, Whonix 15, Whonix, Whonix 14
Patrick reopened T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? as "Open".
Nov 28 2018, 7:40 AM · Whonix 14, Whonix, VirtualBox

Nov 22 2018

Patrick added a project to T825: Add “Description” to whonix-vbox images : Whonix 15.
Nov 22 2018, 10:59 AM · Whonix 15, Whonix, VirtualBox

Oct 1 2018

Patrick placed T848: [VirtualBox] [FAILED] Failed to start Virtualbox guest utils. up for grabs.
Oct 1 2018, 1:30 PM · vbox-disable-timesync, Whonix 15, VirtualBox, Whonix
Patrick changed the status of T848: [VirtualBox] [FAILED] Failed to start Virtualbox guest utils. from Open to testing-in-next-build-required.
Oct 1 2018, 1:28 PM · vbox-disable-timesync, Whonix 15, VirtualBox, Whonix
Patrick lowered the priority of T848: [VirtualBox] [FAILED] Failed to start Virtualbox guest utils. from High to Low.
Oct 1 2018, 1:26 PM · vbox-disable-timesync, Whonix 15, VirtualBox, Whonix

Sep 20 2018

Patrick triaged T848: [VirtualBox] [FAILED] Failed to start Virtualbox guest utils. as High priority.
Sep 20 2018, 9:19 AM · vbox-disable-timesync, Whonix 15, VirtualBox, Whonix

Sep 3 2018

TNTBOMBOM triaged T825: Add “Description” to whonix-vbox images as Normal priority.
Sep 3 2018, 5:30 PM · Whonix 15, Whonix, VirtualBox

Aug 27 2018

Patrick added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Regarding the spectre vulnerability and its effect on VirtualBox your input is desired. @dumbmouse

Aug 27 2018, 8:32 PM · Whonix 14, Whonix, VirtualBox
Patrick updated subscribers of T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

"Hiding CPU model is futile." Any reference for that? @HulaHoop

Aug 27 2018, 8:32 PM · Whonix 14, Whonix, VirtualBox

Jun 30 2018

Patrick closed T790: Reducing the size of raw files as Resolved.
Jun 30 2018, 12:34 PM · build, KVM, VirtualBox, Whonix, Whonix 15

Apr 30 2018

Onion_Knight added a comment to T790: Reducing the size of raw files.

virt-sparsify solution dropped because needs booting the image with qemu-system (not clean, to much unknown consequences, see attached ouptut).

Apr 30 2018, 3:50 PM · build, KVM, VirtualBox, Whonix, Whonix 15
Onion_Knight added a comment to T790: Reducing the size of raw files.
Apr 30 2018, 11:54 AM · build, KVM, VirtualBox, Whonix, Whonix 15

Apr 26 2018

Patrick triaged T790: Reducing the size of raw files as Normal priority.
Apr 26 2018, 9:25 AM · build, KVM, VirtualBox, Whonix, Whonix 15

Apr 6 2018

Patrick changed the status of T782: Change Settings in VirtualBox GW and WS - boot devices and audio from Open to testing-in-next-build-required.

https://github.com/Whonix/Whonix/pull/415

Apr 6 2018, 9:30 AM · VirtualBox, Whonix 15, Whonix
Patrick assigned T782: Change Settings in VirtualBox GW and WS - boot devices and audio to unman.
Apr 6 2018, 9:30 AM · VirtualBox, Whonix 15, Whonix

Mar 11 2018

Patrick closed T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? as Resolved.
Mar 11 2018, 2:44 PM · Whonix 14, Whonix, VirtualBox

Mar 1 2018

HulaHoop added a comment to T550: Clock Drift Detection.

NB for the record: with qemu-ga a guest can still shut itself off via crafted input to the agent. So besides removing timer access to the guest, there was no other advantage to removing ACPI.

Mar 1 2018, 6:13 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Actually we don't have to suspend the guest. Execution of any command on the host after resume is enough to create a uniqu event in the qemu-ga's log file.

Mar 1 2018, 4:34 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The proper and direct way to use virsh to communicate with guest agent:

Mar 1 2018, 12:53 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The YAJL parser used in libvirt is tiny, modern (written in2007) and has no CVEs. It is an SAX type event-driven parser unlike the vulnerable, top-down recursive descent type that was used in QEMU.

Mar 1 2018, 12:03 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 28 2018

HulaHoop added a comment to T550: Clock Drift Detection.

https://wiki.libvirt.org/page/Qemu_guest_agent

Feb 28 2018, 11:39 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

It turns out the QEMU guest agent warning was not relevant to those who use libvirt. With libvirt a safe parser is used. Breakouts can only happen if a process on the host is designed to parse guest input because there is no way to control that otherwise it should be safe for our uses. This potentially simplifies the design in many respects but a host package will still be needed. I will update the task list.

Feb 28 2018, 8:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

https://www.redhat.com/archives/libvirt-users/2018-February/msg00083.html
[libvirt-users] QEMU guest-agent safety in hostile VM?

Feb 28 2018, 7:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 23 2018

Patrick closed T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log) as Resolved.
Feb 23 2018, 2:41 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Feb 14 2018

HulaHoop added a comment to T550: Clock Drift Detection.

Yes there are less moving parts especially when multiple WSs share a GW. Some way to exempt timesync traffic from the WS would be needed though.

Feb 14 2018, 1:12 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 12 2018

Patrick added a comment to T550: Clock Drift Detection.

HulaHoop (HulaHoop):

HulaHoop added a comment.

With qemu-ga code the whole clock drift detection code becomes redundant. If a
suspend event is triggered the GW should assume clocks are out of sync and
trigger lockdown.

Feb 12 2018, 11:01 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

With qemu-ga code the hwclock drift detection code becomes redundant. If a suspend event is triggered the GW should assume clocks are out of sync and trigger lockdown.

Feb 12 2018, 5:23 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Oops didn't realize ntpdate requires query of remote servers. ntpdate is obsolete anyhow but the newer clockdiff still talks to online servers instead of comparing local values. hwclock can give us that:

Feb 12 2018, 4:52 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a comment to T550: Clock Drift Detection.

It's a very good rehash!

Feb 12 2018, 10:43 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 11 2018

HulaHoop added a comment to T550: Clock Drift Detection.

@Patrick I wrote a rehash. If you think is too complicated, let me know. It was the simplest and most reliable way I could think of:

Feb 11 2018, 6:09 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 4 2018

Patrick added a comment to T550: Clock Drift Detection.

Didn't rehash. What's next here? Looks like we learned a lot, but then things stalled. Could you please rehash, and then create a follow-up ticket with the way forward? @HulaHoop

Feb 4 2018, 4:17 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a project to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log): Whonix 14.
Feb 4 2018, 4:11 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Jun 5 2017

Patrick added projects to T687: Supress VB error messages.: VirtualBox, build, Whonix 15.
Jun 5 2017, 3:00 PM · build, VirtualBox, Whonix, usability

Apr 13 2017

Patrick edited projects for T378: make vbox-disable-timesync compatible with guest additions from virtualbox CD, added: Whonix 15; removed Whonix 14.
Apr 13 2017, 11:14 AM · enhancement, VirtualBox, Whonix, vbox-disable-timesync
Patrick edited projects for T530: CPU-induced latency Covert Channel Countermeasures, added: Whonix 15; removed Whonix 14.
Apr 13 2017, 11:11 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Mar 10 2017

Patrick changed the status of T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? from Open to Review.

Added. Not yet tested by me but will test in the next build.

Mar 10 2017, 2:01 AM · Whonix 14, Whonix, VirtualBox

Jan 22 2017

anonymous1 added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Works for me, hid my cpu name

Jan 22 2017, 8:23 AM · Whonix 14, Whonix, VirtualBox

Jan 21 2017

dumbmouse added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Here is a more limited version, but better for general distribution:

Jan 21 2017, 9:00 PM · Whonix 14, Whonix, VirtualBox

Jan 18 2017

Patrick added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Alright, great!

Jan 18 2017, 7:35 AM · Whonix 14, Whonix, VirtualBox
dumbmouse added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Actually I need to test this more. I will fine tune it and add another comment here in couple of days.

Jan 18 2017, 7:04 AM · Whonix 14, Whonix, VirtualBox
Patrick removed a project from T530: CPU-induced latency Covert Channel Countermeasures: Whonix 13.
Jan 18 2017, 7:00 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
Patrick updated subscribers of T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.
Jan 18 2017, 6:30 AM · Whonix 14, Whonix, VirtualBox
Patrick added a comment to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?.

Thanks! Without your research, this almost certainly would not have had a chance to make it into Whonix 14. Can you commit your changes to git please? (And/or create a github pull request?)

Jan 18 2017, 6:29 AM · Whonix 14, Whonix, VirtualBox
dumbmouse reopened T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? as "Open".

After much research this is the best way to hide the CPU using VirtualBox:

Jan 18 2017, 5:59 AM · Whonix 14, Whonix, VirtualBox

Jan 17 2017

Patrick added a project to T408: --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall?: Whonix 14.

https://github.com/Whonix/Whonix/commit/6db3c345c80ee9841fcae57621cafbfcdd000a0f

Jan 17 2017, 11:02 AM · Whonix 14, Whonix, VirtualBox

Jan 13 2017

Patrick closed T593: document disk image mounting of VirtualBox vmdk disks as Resolved.

This was done by @TNTBOMBOM:

Jan 13 2017, 10:40 PM · user documentation, research, Whonix, VirtualBox
Patrick assigned T593: document disk image mounting of VirtualBox vmdk disks to TNTBOMBOM.
Jan 13 2017, 10:39 PM · user documentation, research, Whonix, VirtualBox

Jan 9 2017

Patrick created T593: document disk image mounting of VirtualBox vmdk disks.
Jan 9 2017, 2:00 AM · user documentation, research, Whonix, VirtualBox

Dec 28 2016

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Another LAN/Public wifi fingerprinting attack that Ethan's code can defeat:

Dec 28 2016, 2:08 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Nov 28 2016

HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Done. Added io limit commits to open pull requests. Each vm can only use a maximum of 25% of the host io resources.

Nov 28 2016, 12:18 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 20 2016

Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Yes.

Nov 20 2016, 5:07 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Should limits be enforced for GW too?

Nov 20 2016, 4:16 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 19 2016

Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

HulaHoop (HulaHoop):

HulaHoop added a comment.

Though I agree with anonym's argument that resource exhaustion goes
against the purpose of advanced malware that wants to hide

Nov 19 2016, 6:51 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Though I agree with anonym's argument that resource exhaustion goes against the purpose of advanced malware that wants to hide - I still looked at io limits in case you still think its valuable to set.

Nov 19 2016, 5:39 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 12 2016

Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

HulaHoop (HulaHoop):

HulaHoop added a comment.

There's a problem with setting this. SSD vs HDD io throughput is very different. What is reasonable for one will be excessive or too low for the other.
Nov 12 2016, 3:22 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

There's a problem with setting this. SSD vs HDD io throughput is very different. What is reasonable for one will be excessive or too low for the other.

Nov 12 2016, 12:20 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 11 2016

Patrick updated the task description for T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 11 2016, 3:55 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
Patrick updated the task description for T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 11 2016, 3:54 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

blkiotune and iotune can restrict io (KVM only)

https://libvirt.org/formatdomain.html#elementsBlockTuning

Nov 11 2016, 3:45 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Oct 11 2016

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Looks like I overlooked python3-netfilterqueue-packager.

Oct 11 2016, 10:40 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Oct 1 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Also with 64bit compatibility this means the repo paths have changed.

Oct 1 2016, 5:31 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Yes it can stay as it is.

Oct 1 2016, 5:10 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 30 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

That's great! So https://github.com/Whonix/whonix-gw-network-conf/blob/master/etc/network/interfaces.d/30_non-qubes-whonix can stay as is?

Sep 30 2016, 11:24 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Great news! This config works without hacks. You can keep 10.0.2.15 unchanged too. Turns out the gateway ip address was just called "ip address"...

Sep 30 2016, 9:36 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

No idea. But we should probably stay on the subnet we have.

Sep 30 2016, 5:05 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

OK I will try route but I need some help with commands.

Sep 30 2016, 4:58 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Seems like an awful hack. Last resort. If it somehow by some update (by ifupdown) is run after ifupdown, it breaks connectivity.

Sep 30 2016, 3:24 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

We're using ConditionVirtualization=kvm elsewhere already.(shared-folder-help systemd unit file) Should be doable to reuse it for the route command also.

Sep 30 2016, 5:19 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 29 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

We're using ConditionVirtualization=kvm elsewhere already.
(shared-folder-help systemd unit file) Should be doable to reuse it for
the route command also.

Sep 29 2016, 11:03 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Can you redirect these packages using route? (Try in a Debian VM first to exclude Whonix firewall from interfering.)

Sep 29 2016, 10:41 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Can you redirect these packages using route? (Try in a Debian VM first to exclude Whonix firewall from interfering.)

Sep 29 2016, 7:33 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

A very ugly hack:

Sep 29 2016, 3:20 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Then we have reached an impasse because nothing I can put in the network configuration can change the gateway IP. Its not KVM's fault as its the norm to have gateway IPs of x.x.x.1 for a given subnet. Because some idiot on the VBox team chose .2 compatibility is impossible.

Sep 29 2016, 2:42 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

address 10.0.2.128
netmask 255.255.255.0

Sep 29 2016, 5:17 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).
address 10.0.2.128
netmask 255.255.255.0
gateway 10.0.2.1
Sep 29 2016, 3:10 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Looks like libvirt supports a gateway= keyword. Does that work?

Sep 29 2016, 2:50 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Looks like libvirt supports a gateway= keyword. Does that work?

Sep 29 2016, 2:31 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

address 10.0.2.15
netmask 255.255.252.0

Sep 29 2016, 2:28 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Various documentation changes:

Sep 29 2016, 1:45 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

These steps were not needed at all. Once I selected non-conflicting settings everything worked. Some changes to the netmask and gateway will need to be made to interfaces.d

Sep 29 2016, 1:42 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 28 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

I doubt it is possible to successfully use a dhcp client with raw sockets disabled. It may be possible to develop such a thing in theory, but I don't think it exists.

Sep 28 2016, 7:03 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

What I meant was subnet range using the CIDR calculator:

Sep 28 2016, 6:44 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Same as VirtualBox.

Sep 28 2016, 5:10 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

My mistake I was not clear. By network configuration I mean yet another XML to create a new separate network as an alternative to "default" (like how I do it now with whonix internal network for KVM). It has nothing to do with GW files at all. No changes have to be made there.

Sep 28 2016, 3:58 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

192... will be a huge generator of FUD "conflicts with my router". Long time ago we moved away from that exactly for that reason.

Sep 28 2016, 12:19 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 27 2016

HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

So can we move to something static in the 192.168.122.2 - 192.168.122.254 range (depends on VBox choking or not) or should I include another network file with the whonix-libvirt package?

Sep 27 2016, 5:59 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).
By working you mean in multi-GW usecase too?
Sep 27 2016, 4:28 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Can you emulate these changes, use that static IP?

Sep 27 2016, 5:29 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Can you emulate these changes, use that static IP? What will need changes? KVM documentation?

Sep 27 2016, 1:21 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

With libvirt a user can create another NAT network besides the default - with the same IP range. So another GW would have its own dedicated NAT without conflicts.

Sep 27 2016, 12:57 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 26 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Switched to static network configuration.

Sep 26 2016, 8:52 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added projects to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log): VirtualBox, KVM, Physical Isolation.
Sep 26 2016, 8:41 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 8 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I've now added Debian packaging support to the actual filter. Both packages install correctly and work well.

Sep 8 2016, 10:38 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix