Feature #5340

Analyze "vpwns" FOCI12 paper

Added by Tails about 12 years ago. Updated about 6 years ago.

Status:
Confirmed
Priority:
High
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

10%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

We should analyze https://www.usenix.org/conference/foci12/vpwns-virtual-pwned-networks and decide what we should do.

Being discussed on tails-dev, starting with https://mailman.boum.org/pipermail/tails-dev/2012-August/001487.html


Files


Subtasks


Related issues

Related to Tails - Feature #5293: Block dangerous LAN traffic Confirmed
Related to Tails - Feature #7976: Disable LAN access in Tor Browser Resolved 2014-11-05
Blocks Tails - Feature #15167: Decide what to do with LAN traffic Confirmed 2018-01-15

History

#1 Updated by BitingBird about 11 years ago

  • Description updated
  • Target version set to Hole in the Roof
  • Starter set to No

Setting priority according to https://mailman.boum.org/pipermail/tails-dev/2014-March/005265.html

#2 Updated by BitingBird about 11 years ago

  • Subject changed from analyze Jake FOCI12 paper to Analyze Jake FOCI12 paper

#3 Updated by Dr_Whax about 11 years ago

Added more information to Feature #5293

#4 Updated by BitingBird about 11 years ago

  • Assignee set to Dr_Whax

DrWhax, do you think you finished analyzing the paper, or it should be read again?

#5 Updated by intrigeri about 11 years ago

I’ve sent my initial (rough, old, incomplete, possibly flawed) notes and security discussion to DrWhax. Hoping it helps.

#6 Updated by ioerror about 11 years ago

I’ve created a patch that largely resolves this issue. The patch does not fix it for users which are allowed to directly connect to the internet.

#7 Updated by ioerror about 11 years ago

I realized that while the firewall rules must be updated, the browser also needs an update - I had forgotten that the LAN Foxyproxy rule was in place by default. I’ve added a second patch - please merge both of these patches to fix the leaks in the browser and the firewall.

#8 Updated by Dr_Whax about 11 years ago

  • Target version changed from Hole in the Roof to Tails_1.2
  • QA Check set to Ready for QA

#9 Updated by anonym about 11 years ago

  • related to Feature #7976: Disable LAN access in Tor Browser added

#10 Updated by intrigeri about 11 years ago

  • QA Check deleted (Ready for QA)

(Removing “Ready for QA”, as this ticket is about researching how much of the problem applies to Tails, before we can discuss what we want to do, and then we’ll have another ticket about implementing the chosen solution, which may be Jake’s proposed one, or something else.)

#11 Updated by intrigeri about 11 years ago

DrWhax, any status update? What milestone can we postpone this to?

#12 Updated by anonym about 11 years ago

  • Target version changed from Tails_1.2 to Tails_1.2.1

#13 Updated by ioerror about 11 years ago

Any update on this?

The patch that I provided on the mailing list should fix the leak for the general case.

#14 Updated by BitingBird about 11 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

#15 Updated by BitingBird about 11 years ago

  • Target version changed from Tails_1.2.1 to Tails_1.2.2

#16 Updated by anonym about 11 years ago

  • Target version changed from Tails_1.2.2 to Tails_1.2.3

#17 Updated by intrigeri about 10 years ago

intrigeri wrote:
> DrWhax, any status update? What milestone can we postpone this to?

Three months later, ping?

#18 Updated by intrigeri about 10 years ago

  • Target version changed from Tails_1.2.3 to Tails_1.3

#19 Updated by Dr_Whax about 10 years ago

  • Target version changed from Tails_1.3 to Tails_1.4

#20 Updated by Dr_Whax about 10 years ago

I will have to sum up discussions that have happened and put them on a blueprint.

#21 Updated by intrigeri about 10 years ago

  • Target version changed from Tails_1.4 to Hole in the Roof

We’ve been postponing this analysis for way too long. We decided it was a Hole in the Roof a year ago, then someone committed to work on it and 10 months later we’re basically at the same point, as far as I can see => setting back to Hole in the Roof (and will ask someone to unassign it, since I don’t manage to do it via Redmine email interface).

#22 Updated by BitingBird about 10 years ago

  • Assignee deleted (Dr_Whax)

#23 Updated by sajolida about 10 years ago

  • Description updated

#24 Updated by Anonymous about 7 years ago

  • Subject changed from Analyze Jake FOCI12 paper to Analyze "vpwns" FOCI12 paper

#25 Updated by Anonymous about 7 years ago

#26 Updated by Anonymous about 6 years ago

  • Status changed from In Progress to Confirmed