You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I couldnt understand the last cmd he posted: iptables -t nat -A PREROUTING -i tornet -p tcp -m tcp --dport 9050 -j DNAT --to-destination 127.0.0.1:9050
This is for Applications supporting SOCKS5, Im not sure why this traffic needs to be redirected if we have already created a separate SOCKS5 proxy 127.0.0.1:9040 ??
How could apps that support SOCKS5 still connect through the bridge?
I did a lot of tests, and it seems that if you run for example xterm in firejail using that bridge, if you decide to stop the tor service, and if the app (in this case xterm) is malicious and isnt able to connect to their servers (you can still ping from the jail by the way), it can try to ping their own servers, and they could analyze with tcpdump on their end where the ping is coming from. The ping reveals the users REAL IP address. I have tried to block icmp to/from the bridge tornet using iptables, but the jail STILL is able to ping outside, even though there is no resolving of any kind.
Does anyone know why this happens here?
How is orjail different from this? Does it block icmp and any connectivity in the namespace when TOR service is stopped?
How is creating a network namespace different from a bridge when being used with TOR and firejail?
Thank you in advance
The text was updated successfully, but these errors were encountered:
I started off using many of my hours analyzing the way this guy did it from https://www.void.gr/kargig/blog/2016/12/12/firejail-with-tor-howto/
But theres 3 questions i have about this.
I couldnt understand the last cmd he posted:
iptables -t nat -A PREROUTING -i tornet -p tcp -m tcp --dport 9050 -j DNAT --to-destination 127.0.0.1:9050
This is for Applications supporting SOCKS5, Im not sure why this traffic needs to be redirected if we have already created a separate SOCKS5 proxy 127.0.0.1:9040 ??
How could apps that support SOCKS5 still connect through the bridge?
I did a lot of tests, and it seems that if you run for example xterm in firejail using that bridge, if you decide to stop the tor service, and if the app (in this case xterm) is malicious and isnt able to connect to their servers (you can still ping from the jail by the way), it can try to ping their own servers, and they could analyze with tcpdump on their end where the ping is coming from. The ping reveals the users REAL IP address. I have tried to block icmp to/from the bridge tornet using iptables, but the jail STILL is able to ping outside, even though there is no resolving of any kind.
Does anyone know why this happens here?
How is orjail different from this? Does it block icmp and any connectivity in the namespace when TOR service is stopped?
How is creating a network namespace different from a bridge when being used with TOR and firejail?
Thank you in advance
The text was updated successfully, but these errors were encountered: