/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Qubes Listening Ports Leakage #3280

Closed
TNTBOMBOM opened this Issue Nov 4, 2017 · 2 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.2 updates
4 participants
@TNTBOMBOM @unman @adrelanos @andrewdavidwong
@TNTBOMBOM

TNTBOMBOM commented Nov 4, 2017
edited by andrewdavidwong
Edited 1 time
  • @andrewdavidwong andrewdavidwong edited Nov 4, 2017 (most recent)

Qubes OS version:

R3.2

Affected TemplateVMs:

Debian
Whonix

Steps to reproduce the behavior:

open terminal
type:-

ss -l , ss -anslp (or netstat)

Expected behavior:

no unusual listening ports , specially from Qubes environment through whonix/debian

Actual behavior:

a lot of listening open ports from qubes through whonix/debian

General notes:

results from whonix-workstation

``sudo netstat -l`

u will find this result:-

user@host:~$ sudo netstat -l 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost:ipp           *:*                     LISTEN     
tcp        0      0 localhost:9050          *:*                     LISTEN     
tcp        0      0 localhost:9051          *:*                     LISTEN     
tcp        0      0 localhost:9150          *:*                     LISTEN     
tcp        0      0 localhost:9151          *:*                     LISTEN     
tcp        0      0 localhost:9152          *:*                     LISTEN     
tcp        0      0 localhost:9153          *:*                     LISTEN     
tcp        0      0 localhost:11109         *:*                     LISTEN     
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN     
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     16411    /tmp/ksocket-user/klauncherMT1662.slave-socket
unix  2      [ ACC ]     STREAM     LISTENING     14256    @/tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     14885    /run/user/1000/keyring/gpg
unix  2      [ ACC ]     STREAM     LISTENING     11307    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     11310    /run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     14900    /run/user/1000/pulse/native
unix  2      [ ACC ]     STREAM     LISTENING     13877    /var/run/tor/control
unix  2      [ ACC ]     STREAM     LISTENING     10813    /var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     14151    /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9152.sock
unix  2      [ ACC ]     STREAM     LISTENING     14157    /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9050.sock
unix  2      [ ACC ]     STREAM     LISTENING     14162    /var/run/tor/socks
unix  2      [ ACC ]     STREAM     LISTENING     15958    /var/run/qubes/qrexec-server.user.sock
unix  2      [ ACC ]     STREAM     LISTENING     14682    /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9051.sock
unix  2      [ ACC ]     STREAM     LISTENING     14686    /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9151.sock
unix  2      [ ACC ]     STREAM     LISTENING     14178    /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9153.sock
unix  2      [ ACC ]     STREAM     LISTENING     14953    /run/user/1000/keyring/ssh
unix  2      [ ACC ]     STREAM     LISTENING     14189    /var/run/anon-ws-disable-stacked-tor/127.0.0.1_11109.sock
unix  2      [ ACC ]     STREAM     LISTENING     15436    @/tmp/dbus-AK5m72CsOG
unix  2      [ ACC ]     STREAM     LISTENING     14205    /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9150.sock
unix  2      [ ACC ]     STREAM     LISTENING     12158    /var/run/xf86-qubes-socket
unix  2      [ ACC ]     STREAM     LISTENING     8840     /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     15501    /run/user/1000/keyring/control
unix  2      [ ACC ]     STREAM     LISTENING     13468    /var/run/qubes/qrexec-agent
unix  2      [ ACC ]     SEQPACKET  LISTENING     8863     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     8867     /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     15526    /run/user/1000/keyring/pkcs11
unix  2      [ ACC ]     STREAM     LISTENING     16296    /tmp/ksocket-user/kdeinit4__0
unix  2      [ ACC ]     STREAM     LISTENING     1709     /var/run/qubes/qubesdb.sock
unix  2      [ ACC ]     STREAM     LISTENING     14257    /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     12260    /run/user/1000/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     14826    /tmp/ssh-eMdGjyHN9obC/agent.979
unix  2      [ ACC ]     STREAM     LISTENING     14830    /tmp/gpg-CKFS3p/S.gpg-agent
user@host:~$

`

Results from whonix-gateway

user@host:~$ netstat -l
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0      0 localhost:bacula-sd     *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9167         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:bacula-sd    *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9040         *:*                     LISTEN     
    tcp        0      0 localhost:9104          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9168         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9104         *:*                     LISTEN     
    tcp        0      0 localhost:9041          *:*                     LISTEN     
    tcp        0      0 localhost:9105          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9169         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9105         *:*                     LISTEN     
    tcp        0      0 localhost:9106          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9170         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9106         *:*                     LISTEN     
    tcp        0      0 *:8082                  *:*                     LISTEN     
    tcp        0      0 localhost:9107          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9171         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9107         *:*                     LISTEN     
    tcp        0      0 localhost:9108          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9172         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9108         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 localhost:9109          *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9173         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9109         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 localhost:9110          *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9174         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9110         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 localhost:9111          *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9175         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9111         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 localhost:9112          *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9176         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9112         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 localhost:9113          *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9177         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9113         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 localhost:9114          *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9178         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9114         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9050         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 localhost:9050          *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 localhost:9051          *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 localhost:9115          *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9179         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9115         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 localhost:9116          *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9180         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9116         *:*                     LISTEN                                                                                                                                                                                                      
    tcp        0      0 10.137.6.1:9052         *:*                     LISTEN     
    tcp        0      0 localhost:9117          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9181         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9117         *:*                     LISTEN     
    tcp        0      0 localhost:9150          *:*                     LISTEN     
    tcp        0      0 localhost:9118          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9182         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9150         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9118         *:*                     LISTEN     
    tcp        0      0 localhost:9119          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9183         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9119         *:*                     LISTEN     
    tcp        0      0 localhost:9120          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9184         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9152         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9120         *:*                     LISTEN     
    tcp        0      0 localhost:9121          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9185         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9153         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9121         *:*                     LISTEN     
    tcp        0      0 localhost:9122          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9186         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9154         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9122         *:*                     LISTEN     
    tcp        0      0 localhost:9123          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9187         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9155         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9123         *:*                     LISTEN     
    tcp        0      0 localhost:9124          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9188         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9156         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9124         *:*                     LISTEN     
    tcp        0      0 localhost:9125          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9189         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9157         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9125         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9158         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9159         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9160         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9161         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9162         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9163         *:*                     LISTEN     
    tcp        0      0 localhost:9100          *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9164         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9100         *:*                     LISTEN     
    tcp        0      0 localhost:bacula-dir    *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9165         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:bacula-dir   *:*                     LISTEN     
    tcp        0      0 localhost:bacula-fd     *:*                     LISTEN     
    tcp        0      0 10.137.6.1:9166         *:*                     LISTEN     
    tcp        0      0 10.137.6.1:bacula-fd    *:*                     LISTEN     
    udp        0      0 localhost:5400          *:*                                
    udp        0      0 10.137.6.1:5300         *:*                                
    Active UNIX domain sockets (only servers)
    Proto RefCnt Flags       Type       State         I-Node   Path
    unix  2      [ ACC ]     STREAM     LISTENING     9232     /var/run/qubes/qubesdb.sock
    unix  2      [ ACC ]     STREAM     LISTENING     15646    /var/run/tor/socks
    unix  2      [ ACC ]     STREAM     LISTENING     15648    /var/run/tor/control
    unix  2      [ ACC ]     STREAM     LISTENING     14512    @/tmp/.X11-unix/X0
    unix  2      [ ACC ]     STREAM     LISTENING     13861    /run/user/1000/systemd/private
    unix  2      [ ACC ]     STREAM     LISTENING     7994     /run/systemd/private
    unix  2      [ ACC ]     STREAM     LISTENING     14911    /run/user/1000/pulse/native
    unix  2      [ ACC ]     SEQPACKET  LISTENING     8017     /run/udev/control
    unix  2      [ ACC ]     STREAM     LISTENING     12885    /var/run/qubes/qrexec-agent
    unix  2      [ ACC ]     STREAM     LISTENING     8021     /run/systemd/journal/stdout
    unix  2      [ ACC ]     STREAM     LISTENING     10842    /var/run/dbus/system_bus_socket
    unix  2      [ ACC ]     STREAM     LISTENING     10845    /run/acpid.socket
    unix  2      [ ACC ]     STREAM     LISTENING     13154    /var/run/xf86-qubes-socket
    unix  2      [ ACC ]     STREAM     LISTENING     15228    /var/run/qubes/qrexec-server.user.sock
    unix  2      [ ACC ]     STREAM     LISTENING     14513    /tmp/.X11-unix/X0
    unix  2      [ ACC ]     STREAM     LISTENING     14786    @/tmp/dbus-6UkHlz2CtT
    user@host:~$

@andrewdavidwong andrewdavidwong added bug C: Debian C: Whonix labels Nov 4, 2017

@andrewdavidwong andrewdavidwong added this to the Release 3.2 updates milestone Nov 4, 2017

@unman

This comment has been minimized.

Show comment
Hide comment
@unman

unman Nov 14, 2017

Member

@TNTBOMBOM Can you explain what you think the issue is here, and why it might be a problem? I'm obviously missing something.
Are you more concerned about the ws or gw results?
Member

unman commented Nov 14, 2017

@TNTBOMBOM Can you explain what you think the issue is here, and why it might be a problem? I'm obviously missing something.
Are you more concerned about the ws or gw results?
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Apr 2, 2018

Member

Many SocksPorts are for stream isolation. See:

https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/usr/share/tor/tor-service-defaults-torrc.anondist

Listening on non-localhost so these are reachable from Whonix-Workstations.

You need to report singular open ports, come up with a theory why they are created and/or an explanation why these are bad.

A general criticism "too many open ports, I don't understand what they are for" must be refused. It's not possible to document these other since these could change from release to release. Most if not all of them are explained away by greping Whonix source code and or searching the internet. Therefore I don't believe anyone is helped by documenting these either.

Please close. @andrewdavidwong
Member

adrelanos commented Apr 2, 2018
edited
Edited 2 times
  • @adrelanos adrelanos edited Apr 2, 2018 (most recent)
  • @adrelanos adrelanos edited Apr 2, 2018

Many SocksPorts are for stream isolation. See:

https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/usr/share/tor/tor-service-defaults-torrc.anondist

Listening on non-localhost so these are reachable from Whonix-Workstations.

You need to report singular open ports, come up with a theory why they are created and/or an explanation why these are bad.

A general criticism "too many open ports, I don't understand what they are for" must be refused. It's not possible to document these other since these could change from release to release. Most if not all of them are explained away by greping Whonix source code and or searching the internet. Therefore I don't believe anyone is helped by documenting these either.

Please close. @andrewdavidwong

@andrewdavidwong andrewdavidwong closed this Apr 2, 2018

@andrewdavidwong andrewdavidwong added notanissue and removed bug labels Apr 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment