Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

option to make Sandstorm run anonymously, only through a Tor Hidden Service #25

Open
jacksingleton opened this issue Nov 16, 2015 · 7 comments
Open

option to make Sandstorm run anonymously, only through a Tor Hidden Service #25

jacksingleton opened this issue Nov 16, 2015 · 7 comments

Comments

@jacksingleton
Copy link
Collaborator

There are some things that can be done independently of the sandstorm code.

Since this specific information leak comes from DNS, and DNS is a common source
of information leakage, we can allow a toggle to resolve DNS via. Tor instead
of the default resolvers. This might make sense to be split into a separate
issue. This can be done through /etc/resolv.conf (would still allow direct
nameserver queries) or by capturing the outbound packets at the firewall
(captures all DNS traffic).

There may be threats not yet identified, either in sandstorm or grains. It may
be beneficial to implement a toggle that redirects all outbound traffic on
standard web ports to be sent through a transparent proxy that will scrub out
common leaks. (privoxy comes to mind) While related, this would also probably
be better as a separate issue.

The same basic procedure could be applied to ALL outbound traffic to be sent
directly through tor's transparent proxy.

I would propose that all three of these features default to true if
sandstorm_onion: true. If these preventative measures are combined with the
sandstorm enhancements listed above, we can make it much more difficult for
information to leak (accidental or otherwise).

  • ckxng
@jacksingleton
Copy link
Collaborator Author

Splitting this issue from #14 based on great recommendations from Cameron 👍

@ckxng
Copy link
Contributor

ckxng commented Nov 16, 2015

I'll work on this over the next week.

@ckxng
Copy link
Contributor

ckxng commented Nov 17, 2015

Actually, part 1 was the easiest of the three - and I knocked it out this evening.

@jacksingleton
Copy link
Collaborator Author

Cool, did you use resolv.conf or iptables forwarding?

@ckxng ckxng mentioned this issue Nov 17, 2015
Merged
@jacksingleton
Copy link
Collaborator Author

Merged!

We will have to think about how to look up MX records as currently our login depends on the server being able to send emails

@ckxng
Copy link
Contributor

ckxng commented Nov 17, 2015

Email will not be reliable on an isolated server that's routing traffic over tor. I would expect email providers to heavily filter tor exit nodes, and mail sent over clearnet will immediately expose the server due to the mail headers. That being said, it's not impossible. Added issue #29

@jacksingleton
Copy link
Collaborator Author

Yeah you're right it wouldn't make sense to run the MTA locally when running in this mode. This might not be a problem then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jacksingleton @ckxng