Does anyone use a dedicated Tor router box..?
neilh...@gmail.com
The theory is, Tor is secure, but Firefox is not.
Therefore, you have 1 computer that runs Tor only, and a WiFi hotspot... Another computer runs Firefox and any other programs.
So long as the other computer connects to the Tor computer for network access, it doesn't matter if it gets hacked, because your real IP address never leaks.
Qubes implements this somewhat by separating the Whonix Net VM and App VM.
However, the problem with Qubes, of course, is all the Xen exploits which make it insecure.
If you were hacked in Qubes, the hacker could easily then leak out your real IP address.
But if you were hacked behind a physical Tor box, your real IP can never leak, unless the Tor box itself can be compromised... And as far as we know, there are no exploits for the Tor network itself, only for Firefox.
I would use Qubes for the Tor box and the other box, if only for the VT-D protection, although maybe there are other free Linux OSs that have VT-D protection.
What do you think...? Has anyone tried doing this..? How did it work out...?
nikosp...@gmail.com
Fabian Wloch
But its about a year ago, and my raspi died a few months ago after I tried
some... stupid thing with it.
But it worked without any problems, so if you think it makes sense to you,
I don't see any problems with this.
I personally didn't thought about it, but now as you write it.. maybe I'll
give it another try with a new raspberry.
If/How good it works on a real router - no idea. As I wrote, I took my
rasbperry pi.
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/99f09226-7eb1-48db-8927-a1809a4a0db1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
neilh...@gmail.com
Once they hack the computer, they simply start scanning for nearby non-tor routers, and they can identify you by which non-tor router you connect to.
Even if they don't have your router's WPA2 password, they have your router's NAME.
I am talking about a nation-state quality hacker here.
They will have a database of every house in the country (and world?) and the name and addresses of every router... Therefore, they just hack in, and figure out who you are by which router is the core router.
They just skip the Tor router altogether, and find out the nearest non-Tor routers.
Unless... there is some way to make a router hidden from the outside world somehow. But I don't think that's possible. If you have an ISP, then the nation state can correlate router to person.
Jeremy Rand
with running the Workstation and Gateway on 2 physical machines instead
of 2 VM's. I've never tried those instructions, and I don't know if
that setup is still maintained, but yes, it has been thought of.
Also, I think SecureDrop uses 4 physical machines, 1 of which runs Tor
and another of which runs the hidden service, a 3rd of which is offline
completely (I can't remember the purpose of the 4th offhand). So it's
fairly similar to a Qubes setup in many ways.
Cheers,
-Jeremy Rand
neilh...@gmail.com
I just thought though... maybe use an all-wired network.
You would have a wire from Router => Tor router => Workstation
If it's all wired, then surely the workstation can never see the regular Router, or in fact, any routers at all.
So what do people think..? Could an all-wired solution solve this problem..?
3n7r...@gmail.com
https://www.whonix.org/wiki/Physical_Isolation
(Unsupported but it worked fine under Whonix 12 - haven't tested Whonix 13)
>>They will have a database of every house in the country (and world?) and the name and addresses of every router... Therefore, they just hack in, and figure out who you are by which router is the core router.
Or they just use the compromised Workstation to connect to the neighbor's xfinitywifi hotspot and look up the address. Wireless networking opens up a whole new set of risks.
>> So long as the other computer connects to the Tor computer for network access, it doesn't matter if it gets hacked, because your real IP address never leaks.
Joanna's paper will interest you:
http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf
AFAIK, there haven't been any attempts to have a Tor Gateway in one Qubes machine acting as a router for Workstations in a second Qubes machine.
jkitt
> the problem with Qubes, of course, is all the Xen exploits which make it insecure.
Off-topic here but is Qubes really insecure? Should I be worried?
neilh...@gmail.com
Qubes tends to quickly patch the exploits, but we know how it works in the real world... nation states and other people buy up the exploits before they can get to the market.
I would also suggest that if you are using Qubes, this may even be a flag at somewhere like the NSA to target you for surveillance.
I could be wrong, but see the NSA Snowden documents mentioning "extremist" Tails OS.
So if you assume that simply using Qubes puts you on a nation state's attention list... then, at this point, the question is.. do you think the NSA has Xen exploits before everyone else finds out about them...?
Considering that Snowden is literally advertised on the Qubes home page, I would suggest the answer is "Yes".... The NSA is now very likely spending money buying up Xen exploits and developing them themselves.
Holger Levsen
On Sat, Sep 10, 2016 at 04:08:53AM -0700, neilh...@gmail.com wrote:
> Qubes is insecure due to Xen exploits.
Of course Qubes is attackable via Xen exploits. Like all the other OSes
are attackable via *other* exploits, which attackers have been
targetting since almost half a century already.
The biggest and most valuable target is still Windows, then MacOS, and
then an attacker also want to own Redhat and Debian, preferedly via holes
in the source codes, to also catch all those other Linux distros.
And, yes, Qubes is attackable via Xen.
(And maybe, one would ignore all those OSes and just attack via Intel ME
or the AMD and ARM equivalents of that..)
So as said, you mostly missed the point. Security ain't binary.
--
cheers,
Holger
Chris Laprise
Xen is far smaller and simpler than the kernels that protect Windows and
Linux, and it has fewer vulnerabilities as a result. Its also worth
noting that a large number of Xen vulns are either not serious or don't
affect Qubes... they affect Xen installations configured for maximum
features and convenience.
I think the problem Qubes has with the Xen project is that the latter
merely has a security "focus" (among others) instead of making security
their number-one priority (as Qubes does). It also doesn't help that
they publish additional bug-prone code which -- although secure
installations like Qubes won't trust it -- nevertheless gets reported as
simply "Xen vulnerabilities" when said bugs are discovered.
Chris
neilh...@gmail.com
But just in the last 1 year, 2 Xen exploits have directly affected Qubes.
Hence, why they switched over to SLAT for QUBES 4.0.
So no.. Xen really is a very big issue for Qubes.
Holger Levsen
> That also misses the point.
> Xen is far smaller and simpler than the kernels that protect Windows and
> Linux, and it has fewer vulnerabilities as a result. Its also worth noting
> that a large number of Xen vulns are either not serious or don't affect
> Qubes... they affect Xen installations configured for maximum features and
> convenience.
>
> I think the problem Qubes has with the Xen project is that the latter merely
> has a security "focus" (among others) instead of making security their
> number-one priority (as Qubes does). It also doesn't help that they publish
> additional bug-prone code which -- although secure installations like Qubes
> won't trust it -- nevertheless gets reported as simply "Xen vulnerabilities"
> when said bugs are discovered.
--
cheers,
Holger