[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Usb and whonix

By default whonix ask to change the mac address of the internet interfaces . But what happens when you connect to the internet with a usb key? When i try to do ifconfig i get all internet interfaces so, eth1, wlan1 and also the pp0 interface (when the usb is plugged). And eth1 is not connected, the onlyinternet interface connected is pp0. What is this pp0? Whonix does not change its mac address cause i suppose it is the imei. So the usb would be the modem right? And why eth1 is not connected to the modem (usb internet key)?
So basically is it safe to connect trough whonix and then tor with a usb internet key? And what is the pp0 (point to point protocol) shown when try to type ifconfig? I suppose that changing the eth1 mac address will be unuseless cause the internet connecion would came from the usb key.

By default, Whonix does (not yet) provide support for changing mac address:
https://www.whonix.org/wiki/Pre_Install_Advice#MAC_Address

To my knowledge, there are no tools available for imei spoofing.

So is it whonix unuseless with key internet usb? Kay internet usb have the imei and a sim card, so could this information go beyond the network layer and go on the internet layer? Could an adversary know your imei if you are surfing with an usb internet key and whonix?

Not useless.
MAC addresses / IMEI are not sent over the internet to destination servers.

If you really don’t want to have the USB modem in Whonix, you could always create another VM as a router and mount the USB modem there. Then edit /etc/network/interfaces in Whonix Gateway from DHCP to static that uses the router VM’s IP address as the gateway or default route.

Note, that this would not hide the IMEI from the network either.

I think that Patrick would tell the IMEI won’t be sent to the server/webserver you want to reach, but your ISP know your IMEI .
I know this .
You can spoof your MAC ( useless for mobile network i think ) and then use your current IMEI unless problem .
In other way you can buy network card, mobile or not, with cash or some anonymouse method .

the usb would be like a normal modem wired connected to the eth1 i think, so the imei should be comparable to a normal mac address of a normal wired modem, or of a wifi router…it is the same. The isp knows the imei, but the isp also knows the mac address of a normal modem . The imei would be tracebable using the cellular net (calls phone), but using the inernet protocol how could some attaker knows the imei of a usb device?

And why this should be a problem?

Whit ifconfig i can not see the imei of my device.
I cn only see the mac addresses of eth1 and wlan1 and lo
With network i suppose you mean a the local network. But if i am the only one who use the usb there is no local network

In this way all the traffic goes first from whonix gateway and then to the virtual machine?
It is unuseless to hide mac address, but i dont’ understand this configuration. How could a virtual machine act as a router and route all traffic to another?

Correct.

[quote=“carajo, post:10, topic:1423”][quote author=Patrick link=topic=1709.msg10364#msg10364 date=1442940812]
Note, that this would not hide the IMEI from the network either.
[/quote]
Whit ifconfig i can not see the imei of my device.
I cn only see the mac addresses of eth1 and wlan1 and lo
With network i suppose you mean a the local network. But if i am the only one who use the usb there is no local network[/quote]
No matter what acrobatics. If you use mobile internet, at some point the IMEI will most likely be read by the ISP. But this is to be expected. And doesn’t hinder Tor. Even if you add an arbitrary number of routers and switches in between. Finally the mobile modem goes online and leaks the IMEI.

On the contrary, if there were IMEI changers (probably illegal?), it could raise more red flags. Same happens when doing MAC spoofing in wrong threat situations. Just read the Whonix MAC address documentation and perhaps Tails MAC changer documentation. And the Tails blueprint and design documentation on the topic as well. The theoretic knowledge applies. Practical steps not. (Not implemented in Whonix.)

[quote=“carajo, post:10, topic:1423”][quote author=who me? link=topic=1709.msg10363#msg10363 date=1442940707]
If you really don’t want to have the USB modem in Whonix, you could always create another VM as a router and mount the USB modem there. Then edit /etc/network/interfaces in Whonix Gateway from DHCP to static that uses the router VM’s IP address as the gateway or default route.
[/quote]

In this way all the traffic goes first from whonix gateway and then to the virtual machine?
It is unuseless to hide mac address, but i dont’ understand this configuration. How could a virtual machine act as a router and route all traffic to another?[/quote]
Host MAC:
I don’t think any number of VMs / routers will prevent you from leaking the MAC to lan/[open]wifi router. Or leaking the MAC of a cable modem to the ISP. Or leaking the IMEI to a mobile internet ISP.

Whonix-Workstation MAC:
There is space for confusion, though. Whonix-Workstation VM also has a MAC. It is usually not leaked anywhere. And if it was [in case of VM compromise], it would only be specific to the virtualizer.

[quote=“Patrick, post:11, topic:1423”][quote author=Hiberts link=topic=1709.msg10376#msg10376 date=1442965589]
I think that Patrick would tell the IMEI won’t be sent to the server/webserver you want to reach, but your ISP know your IMEI .
[/quote]
Correct.[/quote]
the IMEI is not sent trought the web site, but an attacker can intercept it in a local network? But if i don’t have a local network and the mask is 255.255.255.255 there is no network, no LAN, just you and your modem

I know that the isp knwos the imei, but it knows also the mac address of your router for example…so what is the difference? The difference is in the fact that using the mobile network instead of internet network could be more dangerous cause the imei leaks over the internet or somewhere else?
When you call someone with your phone for example the imei leaks, it also happen trough internet?

It leaks the IMEI over the internet, beyond the network layer protocol?

[quote=“carajo, post:12, topic:1423”][quote author=Patrick link=topic=1709.msg10398#msg10398 date=1443013210]

Correct.
[/quote]
the IMEI is not sent trought the web site, but an attacker can intercept it in a local network? But if i don’t have a local network and the mask is 255.255.255.255 there is no network, no LAN, just you and your modem[/quote]
The IMEI is most likely sent to the ISP by the mobile modem. That’s just the normal operation on how these devices work. Has nothing to do with the local network.

[quote=“carajo, post:12, topic:1423”][quote author=Patrick link=topic=1709.msg10364#msg10364 date=1442940812]
No matter what acrobatics. If you use mobile internet, at some point the IMEI will most likely be read by the ISP. But this is to be expected. And doesn’t hinder Tor. Even if you add an arbitrary number of routers and switches in between. [/quote]

I know that the isp knwos the imei, but it knows also the mac address of your router for example…so what is the difference?[/quote]
A (cable) router that naturally leaks its MAC to the ISP is usually a device at a fixed location. The IMEI [and phone number] can be tracked as the device moves. The ISP can create a log on where the IMEI was physically located (proximity). But still not break Tor just because of that. Now if we could somehow magically change the IMEI, that would hinder such logging. It would still require switching mobile numbers (sim cards) though. Since we don’t have the tools to do this…

The difference is in the fact that using the mobile network instead of internet network could be more dangerous cause the imei leaks over the internet or somewhere else?
No.

[quote=“carajo, post:12, topic:1423”][quote author=Patrick link=topic=1709.msg10364#msg10364 date=1442940812]
Finally the mobile modem goes online and leaks the IMEI.[/quote]
It leaks the IMEI over the internet, beyond the network layer protocol?[/quote]
To the ISP only.

I advise you to do so :

  1. Buy mobile modem unless problems if you want to surf anonymouse on internet .
  2. Buy SIM with your name
  3. Buy VPN accout with your name
  4. Use VPN-Firewall on the host and then Whonix of course .
    The ISP won’t know your connection, only your IMEI, it’s normal so far that you do illegal activity . The ISP may know that you are connected to a VPN, at MAX . However, someone should alarm police etc …

It’s not clear if VPNs are reliable to hide Tor. For circumvention they’re fine to try, but for “strong” hiding, I reasonably expect they won’t work. Documented here:

Yes Patrick, you’re right .
Anyone should buy a VPN outside his country for example, however with Whonix you also use tor, even if ISP sees outside the VPN you’re using tor like another “node”, you are protected .
The story change if you live in a contry where tor is proibited .

[quote=“Hiberts, post:14, topic:1423”]I advise you to do so :

  1. Buy mobile modem unless problems if you want to surf anonymouse on internet .
  2. Buy SIM with your name
  3. Buy VPN accout with your name
  4. Use VPN-Firewall on the host and then Whonix of course .
    The ISP won’t know your connection, only your IMEI, it’s normal so far that you do illegal activity . The ISP may know that you are connected to a VPN, at MAX . However, someone should alarm police etc …[/quote]

sorry what do you mean about VPN firewall?
I know that there are kernel firewalls, but what are vpn-firewalls?
Are they vpn that you purchase with a build-in firewall integrated?
I don’t know about this

Yes, you’re right .
The VPN are a risk in a country such as Cina .
In other states i don’t belive it’s possible to track vpn and tor users ad the same time .
The government shoul have all VPN agency and a tor backdoor .

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]