wiki:doc/TorBOX/BareMetalHints

Version 19 (modified by cypherpunks, 7 years ago) (diff)

expand ntp

https://trac.torproject.org/projects/tor/wiki/doc/TorBOX

Introduction

When setting up TorBOX in the form of two VMs running on the same host, exploits targeting the VM implementation or the host can still break out of the torified Client VM and expose the IP of a user. Malware running on the host has full control over all VMs. To prevent against such attacks we need a different approach: In this context we call it "bare metal" because the gateway system is directly installed on the hardware ("metal") and not in a VM. This drastically reduces the TCB by more than the half.

Overview

In total we'll be installing and configuring two computers and set up an isolated point to point network between them. One computer acts as the client or "Tor-Workstation", the other as a proxy or "Tor-Gateway" which will transparently route all of the Tor-Workstation's traffic through Tor.

Prerequisites

  • A computer with at least two network adapters, at least one of them ethernet1, capable of running Linux. This will be our gateway. It will run Ubuntu Server 11.10 Oneiric Ocelot. Theoretically you could use any OS that supports iptables or pf. If you don't want to use Ubuntu Oneiric you will have to edit the shell script. This will be easy for Debian derivatives but much more difficult for *BSD for example. In any case, the choice of OS shouldn't really matter because this system isn't used for anything but running Tor.

1 The other one may be either an anonymous 3G modem; anonymous wifi adapter or another ethernet.

  • A client computer connected via ethernet to the gateway. It must only have this one NIC and no other network connectivity! This will be the torified client system or Tor-Workstation.
    Any OS can be used (but read warning, especially for Windows: Transparent Proxy Leaks.)
    We recommend you use a VM as the client, preferably the same VM build as the non-bare metal TorBOX uses. Here's why:

Time syncing

Please read and apply Network Time Syncing on both computers. This is a required step on the client computer because ntp doesn't work at all behind tor (it uses UDP) and if it did, it couldn't be trusted! It's also removed on both Tor-Workstation and Tor-Gateway by the the shell scripts.

How To Install

If the physical network (between tor-gateway and a router) uses 192.168.0.* you need to review and edit all shell scripts you are going to use and switch the internal network to something else!

On the Client computer configure host and tor-workstation as detailed here but:

  • Instead of setting Adapter 1 to Internal Networking you'll need to use bridged networking!

For the Tor-Gateway follow these instructions (ignoring VirtualBox sepecific steps) but:

  • Only run tor-gateway.sh, NOT tor-gateway-prepare4export.sh! It's not only not necessary, it is only suited for VMs!
  • If you want to use ssh from another computer you obviously can't use the provided commands (ssh on 127.0.0.1)
  • eth0 needs to be configured according to the requirements of your local network, e.g. static or with dhcp if the gateway is connected to a dhcp capable router.
  • Before running the script make sure eth1 and eth0 refer to the correct interfaces. Otherwise you have to change each instance of "eth*" in the script ('dmesg | grep eth' may be helpful).
  • It's a good idea to set up FDE during installation

Further recommendations

We recommend that you use two dedicated computers for TorBOX that are never used for activities that could lead back to your identity.

non-anonymous use

  • non-anonymous box (leave it as is is, like you want)
  • non-anonymous home dial up internet router (leave it as is is, like you want)

anonymous use

  • Tor-Gateway
    • This really does not have to be a big desktop computer or ordinary server. There are alternatives.
    • smartphone 1, UMPC, pad, tablet, notebook, netbook, Raspberry Pi, router 2, set top box, etc.
    • how to utilize such a device as a linux server is beyond the scope of this guide, there are already better resources
  • anonymous 3G modem (see below) or anonymous wifi adapter (see below)
  • Tor-Workstation
    • You get the idea. Use a device which suits you.

1 for example some rooted android smartphones can install Debian Linux.
2 something like OpenWRT

anonymous 3G modem

Normally your dial up or broadband provider knows your name, postal address and non-anonymous payment method. This is bad. Suppose Tor or TorBOX are compromised. An adversary just has to pressure your provider and can very easily find our your identity. This is not the case here.

  • plugged or integrated into Tor-Gateway
  • Buy the 3G modem anonymously [in a store, second hand, on street, no personal data].
  • Be sure to have never used it for non-anonymous use before.
  • This is because in many countries the telecommunication company log the IMEI and the phone number for each dial up.
  • Also be sure to buy the SIM-card anonymously. Prepaid is better. Buy cash codes in different stores.
  • Optionally use from distant random spots only. (security vs. comfort)
  • 3G uses a shared IP along many users, some providers do yet not log the ports of the users and therefore can not identify them. Nice to have, but don't rely on it.

anonymous wifi adapter

Normally your dial up or broadband provider knows your name, postal address and non-anonymous payment method. This is bad. Suppose Tor or TorBOX are compromised. An adversary just has to pressure your provider and can very easily find our your identity. This is not the case here.

  • plugged or integrated into Tor-Gateway
  • Buy the wifi adapter anonymously [in a store, second hand, on street, no personal data].
  • Be sure to have never used it for non-anonymous use before.
  • This is because a few providers or hotspot providers log the mac address and the username (for paid hotspots) for each dial up.
  • Use only free hotspots or pay them anonymously (if that's possible).
  • Optionally use from distant random spots only. (security vs. comfort)

Further required reading

Readme