> In our (I'm cc'ing Marsh here, please keep him in the cc list unless he
> objects) recent FOCI12 paper, we discuss some novel attacks on VPNs and
> we focus on anonymity related issues. Largely, I think that this paper
> is not news to Tails developers, I even sent in a per-release copy
> months in advance to a few Tails hackers.
>
> Here are the urls for the paper:
> https://www.usenix.org/conference/foci12/vpwns-virtual-pwned-networks
> https://www.usenix.org/system/files/conference/foci12/foci12-final8.pdf
We have already put on our plate to do a proper review of it:
<
https://tails.boum.org/todo/analyze_Jake_FOCI12_paper/>
> So my main concern was that we found the lack of transparent routing to
> be an actual hole in Tails. There is not a compelling reason for
> allowing all RFC1918 space given our findings.
This might need to be discussed some more, but probably what needs to be
done is filtering RFC1918 by default. But Tails is also meant to be able
to produce documents. Some users might need to get sources on a NAS or
use a printer in their local network.
So implementation is not only about about changing three lines in the
firewall, but also about having a way for users to allow access to the
local network is also needed. This is not hard, but makes it less
trivial.
--
Ague