Adrelanos is a NOOB that will screw you all

NAT vs BRIDGE? rofl.

  1. Bridge runs on layer 2. Nat packets get altered by windows.
    You get fingerprinted.
  2. Virtualbox NAT is known to have several security issues
  3. Even in PFSENSE and other firewalls that you run through a VM, pay attention, FIREWALL TO HOST MACHINE, even a firewall is not secure in NAT if you use windows.
    Just go through the forums…
  4. PAE??? YOU WANT TO GIVE THE VM ACESS TO YOUR HOST PHYSICAL ADDRESS EXTENSION TO THE VIRTUAL MACHINES??? ARE YOU REALLY INSANE???
  5. There are several people that understand network that advised adrelanos, but he replyes like a blind man, noone can be so stupid, he is not a noob in network, so WHY he insists on being BLIND? IT´s SIMPLE! He just made a HONEYPOT and you all are falling for it… bzzzzzzzzz…
  6. i can bet my penis he is receiving a fat paycheck from usa government, noone can be so stupid.

They will delete my post. Idc. Those fast enough to read, beware!!!

Any references?

First mistake: Windows. :wink:

They will delete my post.
No. I believe in freedom of expression. And this is within limits of criticism I ought to tolerate.

It is sad, that you have such a bad expectation. That you think to know us and even go as far as deleting the first harsh criticism in this forum.

Right. Windows is an error. BUT PEOPLE USE WHONIX WITH IT.
I am talking about a honeypot here.
You are very dedicated person, patrick, and i doubt you are on it.
But every host makes some alterations in packages when on nat. Linux can make them too, i know the ones windows does.

There is NO EXPLANATION for not wanting BRIDGE. He hangs on the “oh, they can see the router on bridge”. zzzzzzzzzzzzzzzzzzz
You just can google anything, like PFSENSE NAT VS BRIDGE and you see the most talented people explaining why you must never use NAT, specially VIRTUALBOX NAT that has several security issues. Even for NAT, people ask to use external nat software to avoid the issues with virtualbox. And even without those bugs, is easy to fingerprint host.

Dude, PAE??? That is insanity!!! The infected workstation can see all the HOST information!!! HOW can you tell me a vm using PAE is not a honeypot???

lol, they can even scan the host ports from it.
host firewall interferes with the vm too rofl. they can fingerprint you so easily…

it is SO MUCH EASIER to use bridge and make a recommended default routrer mac spoof for all whonix users…

Whonix Forum lol, he can´t know why all his host ports are open rofl.
answer: vbox NAT.

is my first time here in forum, and i am amazed noone talked about those insecure whonix settings.
They are SO insecure, and SO MUCH, that it seems a trap to me.

Sorry if i thought you would delete the posts, but i saw NO ONE talking about those issues.
I was sure people would be deleting the posts like truecrypt people did on their honeypot.

Well, I let you post here. I’ll move it to the off-topic forum in the next days, since it’s not really a support question or development discussion.

If you manage to fix your manners and constructively discuss points one by one, I might even take time to get into these points. Until then, I think it is best if I don’t put any more effort into this burst negativity.

Its hard to take the OPs discussion seriously when its written with the intent to provoke. But for the the sake of rationality I’ll overlook the obvious slander in your post and discuss what you bring up.

  1. By using Windows you really give up your right to security an privacy, that’s no one’s fault but your own. You have a top notch Free Software OS (hint: GNU/Linux) at your disposal that could work on any hardware but chose not to use it.

  2. The fact that you are using Windows means that the closest thing to an open hypervisor you get is VirtualBox. The fact that it has security issues like you bring up is problem that you should discuss with their developers, not us. Keep in mind that Oracle has an opaque policy in bug disclosure.

  3. Bridged mode cannot work with most laptop wifi cards out there and so NAT is the logical option to ship with so the forum isn’t flooded with user complaints asking why the internet is not working.

Conclusion: Don’t blame us for your choices. I don’t think there is any more to say here.

OP, regarding your post, what’s the benefit for a regular Whonix user here?

Do you agree that it doesn’t really look like constructive criticism and doesn’t offer much technical feedback, but rather looks like plain ad hominem?

“Adrelanos is a NOOB that will screw you all” - No he is not! That hat you are saying here adrenoob is only your private blah blah blah. Please shut up with your Honeypot-Theory, like all your Kiddi doing.

Best Regards!

townsend

Even though OPs tone was blatantly off - I’d like to see more discussions concerning his core arguments.

I’m no expert, but the way I read this topic is:
There might be some extreme security flaws when using the Windows setup.

The official answer to that issue seems to be "Don’t use Windows then."
I don’t feel like this answer pays sufficient tribute to that matter. If he has a point and there are some major security issues with the Windows setup - and I have no reason to believe that he’s lying - then this should be discussed in detail.

If this matter cannot be resolved I’d say that a possible flaw in the setup under windows should be prominently pointed out wherever it is said that windows may be used. People are idiots. Period. If there is a service that claims to be secure and sounds solid, but doesn’t point out that using Windows is a terrible idea - then it is not the users fault that they are not secure. The service is faulty.

Dear jacksez.

Your Point of VIEW?! Really? I can´t believe this. Listen, Windows is really not secure. You know this, i know this. Do you believe, and thats a real Question to you and your FanZ, that for example Ubuntu is Secure? Should i send you some Links, what Canonical have done and do now at present Time with the Users? Do you believe Debian is without any Bugs. Are you fully sure, that OpenSSL is secure NOW? Nothing is secure! The Tor-Network was hacked long time before. It give several Books how to hack the .onion-Network. So here comes the Big Question. Do you trust?

In .onion we trust…

Please note, it gives over 4000 Vulnerabilities, the NSA use every Day.

[quote=“jacksez, post:9, topic:477”]Even though OPs tone was blatantly off - I’d like to see more discussions concerning his core arguments.

I’m no expert, but the way I read this topic is:
There might be some extreme security flaws when using the Windows setup.

The official answer to that issue seems to be "Don’t use Windows then."
I don’t feel like this answer pays sufficient tribute to that matter. If he has a point and there are some major security issues with the Windows setup - and I have no reason to believe that he’s lying - then this should be discussed in detail.

If this matter cannot be resolved I’d say that a possible flaw in the setup under windows should be prominently pointed out wherever it is said that windows may be used. People are idiots. Period. If there is a service that claims to be secure and sounds solid, but doesn’t point out that using Windows is a terrible idea - then it is not the users fault that they are not secure. The service is faulty.[/quote]

Best Regards

townsend

Ideally,

  1. make a new thread
  2. discuss issue by issue, best don’t mix up
  3. make up a good argument
  4. show good references if possible

As long no one is making up a good argument, they cannot be discussed.

Extraordinary claims deserve extraordinary evidence.

For example, with pae “the infected workstation can see all the host information”. It would be useful to something like “run this test with tool x and you see y”, but if you were to disable z (pae), then y will be no longer visible. A good external resource making that point may of course substitute this. If points are made clear as this, and the change is so simple, I am open for change. In other cases we may need some code changes, then a patch would help or wait until someone finds time to implement it. By the way, since I used it as example, it’s PAE/NX, and NX is actually a security feature “No-eXecute”: NX bit - Wikipedia.

If this matter cannot be resolved I'd say that a possible flaw in the setup under windows should be prominently pointed out wherever it is said that windows may be used. People are idiots. Period. If there is a service that claims to be secure and sounds solid, but doesn't point out that using Windows is a terrible idea - then it is not the users fault that they are not secure. The service is faulty.
There is quite a big list of stuff you should know. On the download page there is a chapter "Before installing", which says "Read and apply the Security Advice.", which links to Pre Install Advice, that has a big chapter that advices against Windows in general: https://www.whonix.org/wiki/Pre_Install_Advice#Windows_Hosts As part of the Whonix project we are working on reducing that list and making it self explanatory / self documenting, but still.

Nevertheless, I do not believe in fatalism. It does it not completely make running Whonix on top of WIndows useless in all cases. It depends on your threat model. Only with a very narrow I-am-the-center-of-the-world-everything-must-be-about-perfect-security-so-there-should-be-no-windows-support-at-all-NO-NO-NO type of person, you see a conspiracy, while for example users who just want to hide from a stalker are probably safe enough.

Thanks, that was the answer I was hoping for.
I felt like you were ignoring the points as an act of defiance - which is not what I expected from a security favoring person. Now that you have made your point in a serious tone I can sleep in peace again.

@townsend: You are right of course, despite your thick German grammar. My point was that everyone should be as aware of the possible risks as possible.

lol that´s NOT the answer i was looking for.
First, i DO NOT use WINDOWS. And i DO NOT use whonix. I just TESTED IT with 2 friends. and defined UNSAFE.
if you can not manage to research for yourselves the SIMPLEST THINGS, even with the directions stated clearly, why waste time on you?

rofl point YOUR MOUSE over the PAE option on virtualbox. it will STATE CLEARLY : PHYSICAL ADDRESS OF HOST MACHINE WILL BE EXPOSED TO VM.
Even a NOOB can see what it means.
I DO NOT CARE if you have a “HOW TO DISABLE”, if default is THE MOST UNSAFE AND CLEARLY MADE ON PURPOSE… DO YOU THINK I WILL EXAMINE ALL YOUR SYSTEM? You install and RECOMMEND PAE!!! YOU RECOMMEND THAT!!!

About VIRTUALBOX NAT, like i said, just GOOGLE, there are tons of proofs…

i said VIRTUALBOX NAT. Not WINDOWS or LINUX NAT. But that is FIRST. if you want to make a security software and even with me pointing that thing, you can not discover by yourselves… Why am i wasting time here? To warn people.

Even IF VIRTUALBOX NAT WAS PERFECT, the NAT by itself is not. if you can not research why… There is no need to wait for you people to do something after we point you… . people argued with adrelanos openly, but he refuses to listen. i read the discussions. There is enough there.

And FINALLY… We tryed to connect SKYPE ON A WINDOWS WORKSTATION THAT WAS FORMATED AND INSTALLED INSIDE WHONIX NETWORK. AND WITH BOTH WINDOWS AND SABAYON HOST, WE FOUND REAL IP EXPOSED. YOU NEED DIRECTIONS TO SEE? OPEN ETHERAPE AND WATCH. IS THERE ENOUGH FOR YOU? OR I NEED TO EXPLAIN HOW TO INSTALL ETHERAPE TOO?

We know TOR only uses TCP and not UDP. But skype uses UDP… gateway fail those times? because of itself or because of NAT? idk… Idc… Won´t use it again.

By the way, my friend told me that he downloaded a skype deb and installed, and noted that it was’nt connecting through tor network. watch the skype LOGON… That should use only TCP. (udp is for voice).

Again, in etherape, we tested the workstation browser, did not leak nothing… But the native ice browser LEAKED some tcp and ip…

You can even SCAN THE HOST INSIDE NAT BYPASSING THE HOST FIREWALL DUDE. With ALL PORTS OPEN. You need PRINTSCREENS OF IT? Can not use google?

To finish, after we turned off whonix, and opened torrent app, we discovered that upnp-multicast crashed, had reseted and went to default configs… weeeird…

Sorry for my bad english. We 3 friends are old school, we do not use tor too much, just in rare ocasions, but after what we saw, one thing is sure, Whonix is a NO OPTION.

Adrelanos must be from USA. In that country, with those “patriot acts” like things, we all know what is a NDA. Non Disclosure Agreement. The government emits an order, you must obey, or go to jail. if they order you to put a backdoor in your product, you must obey.

When they come to you, you have 3 options: run from usa, close your product, or obey.

by the kind of exploits we found, is is typical from an USA government order. That adrelanos choose to obey.
It is not possible you did not test all those things. Not on this earth.

andrenoob:

[quote=“andrenoob, post:13, topic:477”]rofl point YOUR MOUSE over the PAE option on virtualbox. it will STATE CLEARLY : PHYSICAL ADDRESS OF HOST MACHINE WILL BE EXPOSED TO VM.
Even a NOOB can see what it means.[/quote]

What does it mean? Do you think it is the computer’s IP address or something? Mailing address? rofl!

What it actually states in VirtualBox is…

“When checked, the Physical Address Extension (PAE) feature of the host CPU will be exposed to the virtual machine.”

So what is PAE?

Wikipedia: Physical Address Extension - Wikipedia

“In computing, Physical Address Extension (PAE) is a feature to allow 32-bit IA-32 central processing units (CPUs) to access a physical address space (including random access memory and memory mapped devices) larger than 4 gigabytes.”

Lots of systems and even open source vm platforms use PAE. Why EXACTLY is it bad? What can be done with it? Especially with the NX bit (non-executable) that Patrick/adrelanos mentioned.

Please. This is such a weak basis for a claim like this. I take this as more subjective evidence that your claims about Whonix security leaks are not likely to be authentic.

The problem is not your bad english here. It is that you talk in a maniac teenager tone that makes you come across as not very genuine or believable.

Old school? How about High school? lol

Look, you did come back and verbally claim several specifics, even if some of them were vague. So your warnings of specific leaks likely should maybe be tested out and reported by the technical minds of the Whonix community.

But don’t you see that ANYBODY could come here and ANONYMOUSLY say a bunch of false crap like this in a combative ranting teenager tone of voice, just to watch people in our community emotionally squirm and react and waste OUR TIME on a false claim.

If you want to be taken seriously, and have real impact with your warning, then why don’t you show some more professionalism and offer something beyond just mere verbal claims of what you experienced in Whonix. If what you’re saying is true, then you could have already achieved this impact in about the same amount of time as your multiple teenage rants. Why would you waste your time emotionally ranting like a kid, if all of this is true and you wanted to warn people in a believable way?

Do what Patrick suggested you do…

Open up a new thread for each individual security vulnerability you are claiming.

Say when you do X input, Y security leak occurs, and Z information is exposed.

Do something like this and be taken more seriously.

Hell, since I depend upon Whonix, I’ll SERIOUSLY even send 1,000 Euros in Bitcoin, to you personally, or a charity of your personal choosing, if you prove your claims and expose Whonix as being a honeypot.

Show us that you’re for real. Prove it.

@townsend: You are right of course, despite your thick German grammar. My point was that everyone should be as aware of the possible risks as possible.

Of Course dears… threesome (mirimir inclusive) Not long search to find you. Why don’t you go back to your Chan-Software where you comin from. Well, whonixproof tell`s you the right Words, i can’ t give better. Adrelanos is a Hero who makes his best to develop for all of us. So nothing to discuss. Go to your Teeny Places and discuss there.

*Hey hey not Germany… Danmark (Or Sweden near Öresund) and search for… MUAHHH!

Best Regards!

townsend

I am afraid. I did the test the guy told about, and i got another ip in whonix gateway.

Instaled windows as workstation and followed the config for it in whonix website.

Instaled etherape in whonix gateway.

i got this after a while…

http://postimg.org/image/mpgrxuwy7/

What is this? maybe tor changed ip and appeared 2?
Both connections were with considerable traffic at the same time.

If that ip is not from tor, we are in a bad situation…

  1. Whonix-Gateway does have the ability to find out your real external IP address (because once compromised, you can circumvent the firewall and directly connect to check.torproject.org and see your own IP or you can use Tor ControlPort getinfo address) - no news here.

  2. More importantly, if you manage to find out your real external IP inside Whonix-Workstation, then we really would have found a grave bug. As of now, no one was able to demonstrate that yet.

Instaled windows as workstation and followed the config for it in whonix website.

Instaled etherape in whonix gateway.

i got this after a while…

http://postimg.org/image/mpgrxuwy7/

What is this? maybe tor changed ip and appeared 2?
Both connections were with considerable traffic at the same time.


Tor builds 3 hop circuits.

If that ip is not from tor, we are in a bad situation...
It is from Tor or VirtualBox.... - ExoneraTor: a website that tells you whether a given IP address was a Tor relay: https://metrics.torproject.org/exonerator.html - 10.0.2.15 -> VirtualBox - 209.51.191.190 -> https://exonerator.torproject.org/?targetaddr=&targetPort=&ip=209.51.191.190&timestamp=2014-09-14+12%3A00#relay -> Tor - 94.242.243.162 -> https://exonerator.torproject.org/?targetaddr=&targetPort=&ip=94.242.243.162&timestamp=2014-09-14+12%3A00#relay -> Tor ...and even if it was not, see 1) and 2).

thanks patrick!
But one thing is still worrying me, can you explain what can it be or if it is normal?

The tor entry relay change from time to time???

Because here, hours later, i still am getting the 209.51.191.190.
I am online until now, i check from time to time, same entry node.

whonix gateway to internet remains with that ip as my tor entry node.

is that all right or should it change from time to time?

Entry guards seldom change. This is normal by Tor default and on purpose, called entry guards, see also: