Hi, Diki Hacker: > Following my mail June 18, 2016 citing a bug in the distribution Tails 2.4, > I finally managed to find the source of the bug. I inform you that the > distribution Tails 2.4 generates a serious security flaw at the SSDP and > UPnP services.
Why is it a serious security flaw? (This is a real question: I'm not familiar with the security risks associated with announcing services over SSDP, in a context when no connection to local services is allowed by the firewall.) > I discovered on the network analysis (via WHIRESHARK) > between my host and my virtual machine where Tails than 2.4 calls on the > UDP multicast stream (IGMPv2 protocol) were performed Tails 2.4 to my host > machine (Windows )! Sorry it took us so long to reply! I did not manage to reproduce this with Tails 2.7.1 running in libvirt/QEMU. He're what I did: 1. start Tails 2.7.1, and immediately: 2. run tcpdump (vnet0 is the virtual network interface assigned to the VM): tcpdump -i vnet0 -w dump --immediate-mode 3. wait for Tails to have started and OnionCircuits to say Tor is ready, and open the file manager (in case it's the one triggering the problem) 4. shut down the VM 5. kill tcpdump 6. wireshark dump 7. sort lines by protocol, look for NBNS, SSDP and UDP ⇒ nothing 8. sort lines by time, look at what happens after the DHCP transaction ⇒ only TLS traffic (presumably Tor) Can you please provide us with some more guidance to reproduce this? Just a random guess: maybe you have one additional software package in your persistent volume configuration, that triggers the behaviour you've seen? Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
