Delivery-Date: Thu, 03 Jul 2014 15:12:11 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id D5AD31E0CF3
	for <archiver@seul.org>; Thu,  3 Jul 2014 15:12:09 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D76282EB36;
	Thu,  3 Jul 2014 19:12:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 52A7A2BEA9
 for <tor-talk@lists.torproject.org>; Thu,  3 Jul 2014 19:07:25 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Tf5MyA_LwHYP for <tor-talk@lists.torproject.org>;
 Thu,  3 Jul 2014 19:07:25 +0000 (UTC)
Received: from nm46.bullet.mail.ne1.yahoo.com (nm46.bullet.mail.ne1.yahoo.com
 [98.138.120.53])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 2F2FE2C681
 for <tor-talk@lists.torproject.org>; Thu,  3 Jul 2014 19:07:25 +0000 (UTC)
Received: from [127.0.0.1] by nm46.bullet.mail.ne1.yahoo.com with NNFMP;
 03 Jul 2014 19:07:22 -0000
Received: from [98.138.100.118] by nm46.bullet.mail.ne1.yahoo.com with NNFMP;
 03 Jul 2014 19:04:22 -0000
Received: from [98.138.101.174] by tm109.bullet.mail.ne1.yahoo.com with NNFMP;
 03 Jul 2014 19:04:18 -0000
Received: from [127.0.0.1] by omp1085.mail.ne1.yahoo.com with NNFMP;
 03 Jul 2014 19:04:18 -0000
X-Yahoo-Newman-Property: ymail-4
X-Yahoo-Newman-Id: 868113.68932.bm@omp1085.mail.ne1.yahoo.com
Received: (qmail 48108 invoked by uid 60001); 3 Jul 2014 19:04:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
 t=1404414258; bh=TS1CezYFohpiL3tGjQ2aygY2Fhn1QCMUX/1tMV0lcxs=;
 h=Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
 b=hen3RjPhWTtzbkfi0WmQl0jKsbVSEQIv90svCTe6jM9PBdgI01SRz45fCTk2Al03Lwr5PPoRtl6jjUbGxhZJAa/vWphq3mimzr6LWMyXO5ihgsdSfX0H9UqPiyp+Vp00Bv9NinKiT72Oz5TQaTb/tvi89uY48vjb5+rN71G/VC8=
X-YMail-OSG: H20ynIcVM1kIx4s7YudVd0fHliLS42kpBtW9m5bYOh2JwSk
 7_CXL3Toe2CP_SJ1Onjz.UfWOWs2.8WZu.Y9jx1Y3NKhLqGXxdQRJfSFaDRI
 fJ2mOuS6v6ojAQ1v1YIh4nEjAqmO4zUE9BiP.9Zb4jgfOiO3puahRTQGkeE.
 hn3HKJ8Kx1gXrEIbCQO2zuMOELzGZBpnOhcJpE7.5nkGfR3gM5P2t3OuutDO
 SThlqNHO_BjZ5Fo9FK_miW53PMr52enbZP_NcNGskLjkWZyrsPz090kABfSX
 B7816M4H2nwvuxe7sNmEDM2ASjsBd35Kh6vumL8CcI5Zknu.dhQ0taAwMT1z
 9hTz7OqGZ34irnjcePl_kxxZgmXGoFnj3Pm0XqFO7nFdEPMPJ1nEX2c2tePO
 Xcoro2IOEDgL5JHRDiwPVIRiyaUUl.Nu60AcmdTIy_Y50v_C6Vfi2Un88u5G
 DUaWui1lYB9z__ZZhdFkOQMvef4U6r2Dwa19GL_qD.fji5EQtRtObKidmZ_D
 dHpWwi13w06eR
Received: from [46.246.42.229] by web122406.mail.ne1.yahoo.com via HTTP;
 Thu, 03 Jul 2014 12:04:18 PDT
X-Rocket-MIMEInfo: 002.001,
 DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KT24gVGh1LCA3LzMvMTQsIFRlbXBlc3QgPHRlbXBlc3RAYml0bWVzc2FnZS5jaD4gd3JvdGU6DQoNCiBTdWJqZWN0OiBSZTogW3Rvci10YWxrXSBCZW5lZml0cyBvZiBSdW5uaW5nIFRCQiBpbiBhIFZNPw0KIFRvOiB0b3ItdGFsa0BsaXN0cy50b3Jwcm9qZWN0Lm9yZw0KIERhdGU6IFRodXJzZGF5LCBKdWx5IDMsIDIwMTQsIDU6NDggQU0NCiANCiBCb2JieSBCcmV3c3RlcjoNCiA.DQogV2hhdCBhcmUgdGhlIGJlbmVmaXRzIG8BMAEBAQE-
X-Mailer: YahooMailClassic/654 YahooMailWebService/0.8.191.1
Message-ID: <1404414258.29695.YahooMailBasic@web122406.mail.ne1.yahoo.com>
Date: Thu, 3 Jul 2014 12:04:18 -0700
From: Bobby Brewster <bobbybrewster203@yahoo.com>
To: tor-talk@lists.torproject.org
In-Reply-To: <53B55107.5070004@bitmessage.ch>
MIME-Version: 1.0
Subject: Re: [tor-talk] Benefits of Running TBB in a VM?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--------------------------------------------
On Thu, 7/3/14, Tempest <tempest@bitmessage.ch> wrote:

 Subject: Re: [tor-talk] Benefits of Running TBB in a VM?
 To: tor-talk@lists.torproject.org
 Date: Thursday, July 3, 2014, 5:48 AM
 =

 Bobby Brewster:
 >
 What are the benefits of running TBB in a VM? =

 > =

 > AIUI, there are two
 advantages.
 > =

 >
 1.=A0=A0=A0 If malware infects the VM, then just the VM is
 compromised. If your Windows/Mac/Linux system is infected,
 then your entire system is affected (yes, I realise that it
 should be only the user account for Linux unless you are
 root).
 > =

 > 2.=A0=A0=A0
 If your system is comprimised, your real IP cannot be
 discerned.=A0 For example, in my non-VM Ubuntu machine, my
 wlan0 IP is listed as 192.168.1.50. However, on my NAT'd
 VirtualBox Ubuntu, there is no wlan0, only eth1. This gives
 an IP of 10.0.2.15 which is obviously not the IP assigned by
 my ISP. =

 > =

 > Does
 this make sense?=A0 Are there other benefits?=A0 Any
 disadvantages?=A0 Thanks. =

 =

 point 1 makes sense. it's not bullet proof.
 but, unless you are dealing
 with malware
 that is designed to break out of the restrictions imposed
 by a vm, you have spared yourself a headache.
 you can further mitigate
 against such common
 malware risks by using a system of snapshots. while
 not as ideal as a "live"
 configuration, after you set up your virtual
 machine for use, you can make a snapshot of it
 and, after each completed
 session, restore
 your vm from the snapshot. unless you received malware
 designed to exploit a vm, this will result in
 the malware being gone the
 next time you use
 the vm as well.
 =

 point 2
 does not work.=A0 any malware that phones home will show your
 ip
 address in that configuration.=A0 however,
 if you use something like
 whonix, where you
 have a gateway vm that pushes all of your workstation
 vm traffic through tor, you have another layer
 of protection against
 malware with phone
 home capabilities.
 =

--------------

Currently, my Tor use model is as follows:

Me (TBB in Ubuntu) ---> VPN ---> Tor (entry node) ---> Tor network

I could, instead, do:

Me (TBB Ubuntu VM) ---> VPN (configured in VM) ---> Tor (entry node) ---> T=
or network

However, from what I've read, there isn't really any advantages to using a =
VM unless the non-VM system has been compromised (e.g. trojan / rootkit / w=
hatever).

Also, one thing I'm unclear about is, if one is using a VM, whether a bridg=
ed or NAT'd connection is superior.

The only difference I can see is that the bridge provides a 192.168.x.x add=
ress while the NAT provides a 10.0.2.x address. Both appear as the interfac=
e eth1.

Any opinions?

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

