Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If only one site is visited per session and the live CD is rebooted between sessions, and the TOR IP is changed between sessions (done on the gateway), then is the profile unique, as built by a single site? Noise probably makes it more unique, cause no one else will be doing such random-looking browsing.
If you say so.
Quote:
Originally Posted by Ulysses_
We do not want to stop execution of trojans here, we want to execute them and survive them (ie keep anonymity).
Doesn't seem like the right approach to me.
Quote:
Originally Posted by Ulysses_
The routers see TOR traffic coming out of the gateway VM. What can a rigged router do about TOR packets passing to reveal my true IP to the site being visited or register me as interested in the site?
If it's part of a larger setup you won't know it could be sending data for analysis.
Quote:
Originally Posted by Ulysses_
How will a rigged live CD reveal my true IP if the gateway is rock solid openbsd (sources thoroughly reviewed with structured walkthroughs etc).
Phone home?
Quote:
Originally Posted by Ulysses_
Even a rigged vmware hypervisor cannot see my true IP if the gateway is not a VM
The routers see TOR traffic coming out of the gateway VM. What can a rigged router do about TOR packets passing to reveal my true IP to the site being visited or register me as interested in the site?
If it's part of a larger setup you won't know it could be sending data for analysis.
OK, and the data would be timing of packets that is compared with the timing of packets at a monitored site?
If yes, then doesn't a big download from one site while you'll browsing another site remove the timing information at your end?
Quote:
Quote:
How will a rigged live CD reveal my true IP if the gateway is rock solid openbsd (sources thoroughly reviewed with structured walkthroughs etc).
Phone home?
Rigged live CD does not know my true IP, but if it phones home to tell what site I am visiting, this is proposed:
Quote:
the gateway can be set up to prompt you with
"Allow connection to 215.34.3.4 (somedomain.com)?"
every time you visit a site and if this is not the site you want, you say no.
Quote:
Originally Posted by Smokey_justme
the weakest link is actually the browsers while being connected to the internet (think about a 0-day XSS exploit found in some weird combination of unclosed tags, or some 0-day header exploit).
How much harm can they do though in this setup? They do not know the true IP, they cannot phone home, what harm are they going to do in their short life span till the next reboot?
There is a difference between insecurity because your knowledge is incomplete and insecurity because you know but do not bother. Let us concentrate on the issues we know of and can do something about.
Since TOR is clearly the weakest link, what else is available? How about ultra long chains of socks proxies (not http proxies), spanning as many hostile countries as possible?
VPNs in certain countries offer anonymity. The question is how much you trust them to do what they say they do. Then there's also the question of encryption. I won't even ask if the NSA can crack it, because it's a rhetorical question.
Personally, I would start by asking myself how much anonymity I need, and who my adversary is. If you know these, then you know what you need. 100% anonymity doesn't exist, and maybe it's a good thing. Can you get away with less, it's a roll of the dice. Carefully consider why you need it, how much you need, and who your adversary is.
If you're not doing anything the three letter agencies care about, then Tor should do fine. Either way, they have bigger fish to fry like I posted about the Silk Road.
Last edited by metaschima; 01-12-2014 at 12:02 PM.
Among the conclusions of the above, a promising one:
"Surprisingly, we observe that high diversity in destinations may actually result in improved security against a network adversary."
May be re-inventing the wheel here, but what if lots of scripts pretending to be firefox are made to browse a high diversity of destinations, for example retrieved from search engine results with search terms picked randomly from an offline dictionary over and over? With some country-specific searches too to diversify geographically?
In other words, one VM is your normal browsing VM, another is a bot with extremely diverse interests in many country domains. Both running under instances of the same live CD.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.