Hi,
Diki Hacker:
> Following my mail June 18, 2016 citing a bug in the distribution Tails 2.4,
> I finally managed to find the source of the bug. I inform you that the
> distribution Tails 2.4 generates a serious security flaw at the SSDP and
> UPnP services.
Why is it a serious security flaw?
(This is a real question: I'm not familiar with the security risks
associated with announcing services over SSDP, in a context when no
connection to local services is allowed by the firewall.)
> I discovered on the network analysis (via WHIRESHARK)
> between my host and my virtual machine where Tails than 2.4 calls on the
> UDP multicast stream (IGMPv2 protocol) were performed Tails 2.4 to my host
> machine (Windows )!
Sorry it took us so long to reply!
I did not manage to reproduce this with Tails 2.7.1 running in
libvirt/QEMU. He're what I did:
1. start Tails 2.7.1, and immediately:
2. run tcpdump (vnet0 is the virtual network interface assigned to the
VM): tcpdump -i vnet0 -w dump --immediate-mode
3. wait for Tails to have started and OnionCircuits to say Tor is
ready, and open the file manager (in case it's the one triggering
the problem)
4. shut down the VM
5. kill tcpdump
6. wireshark dump
7. sort lines by protocol, look for NBNS, SSDP and UDP ⇒ nothing
8. sort lines by time, look at what happens after the DHCP
transaction ⇒ only TLS traffic (presumably Tor)
Can you please provide us with some more guidance to reproduce this?
Just a random guess: maybe you have one additional software package
in your persistent volume configuration, that triggers the behaviour
you've seen?
Cheers,
--
intrigeri
