Check out the metasploit site for the bypass "exploit" test.
http://metasploit.com/research/misc/decloak/
We don't have this problem with JanusVM.
I use Java, Javascript, and Flash all the time, and don't have this issue.
I tested it with ( JanusVM + IE 7.0 ) and ( JanusVM + Firefox).
NO PROBLEMS.
"Moore's description of the countermeasures:
1. Run a patched TOR server. The patches embed a Ruby interpreter into the TOR connection engine and allow arbitrary Ruby scripts to process data before sending it back to the client."
2. When child porn-related keywords are seen (either the Web request, or the response), inject a little extra HTML code into the response going back to the Web browser. This HTML code would connect to my decloaking engine.
3. The decloak engine is based on the following techniques:
a) A unique identifier is created to track this user.
b) The browser is asked to resolve a unique host name, containing the identifier, that is part of a special domain hosted on my server. I run a modified DNS server that updates a database with the address from which the DNS request is received. The goal of this step is to determine the ISP of the user."
** JanusVM redirects all DNS request through Tor IF (and ONLY IF) the DNS server is not in the same LAN / netmask. I created TORSEC.exe with the last release of JanusVM and this checks for this "DNS leak" issue and corrects it. Then when the VPN disconnects (in Windows) it restores the DNS back to what it was before the VPN to the VM is established. DNS Problem solved. **
"c) The browser is asked to load a Java applet. This applet uses two different techniques to obtain information about the user.
d) The first method uses the Java API to determine the local IP address of the user. This value is then passed back to the JavaScript code in the Web HTML snippet hosting the applet. The goal of this step is to get the real *internal* IP address of the user."
** This will come back as either 10.10.10.X, not the TRUE internal IP of the LAN or the ISP. Instead, it picks up the default IP of the VPN interface to the VM. **
"e) The second method involves the applet sending a raw DNS packet, directly to my server. Since this is UDP, it does not pass through TOR, and since it is sent by the Java code, it does not go through the ISP [DNS server]. This packet contains the unique identifier and if received, gives away the real *external* IP of the user. The goal of this step is to get the address of the user's NAT gateway."
** Again, DNS request are redirected through Tor (dns-proxy-tor) when setup correctly. This is funny! Because his DNS request is going to HIS server, and not the internal DNS server of the interface (probably assigned by DHCP to 192.168.1.1 or something with the ISP), it is going to hit the iptables rule and get routed through Tor when using JanusVM. Thank you! His applet just did EXACTLY what needs to be done to ensure the DNS request are not being leaked with JanusVM, even if the user forgot to set an external DNS IP themselves or didn't run TORSEC.exe. His applet just broke itself behind JanusVM, and I don't think this was result he intended... **
"f) At this point, my server is able to determine the internal address of the user, the external address from which they access the internet, and the ISP they use to provide DNS resolution, as well as the IP address they come from through the TOR network. This information, along with the unique tracking ID, allows me to identify a specific workstation within an organization or residence."
** Not when I tested it.
Again, JanusVM drops all ICMP, UDP, etc. and only allows TCP connections and DNS request through Tor.
This is a really cool trick this guy is doing, but if anything, it helps proof the point that when you don't implement and use a tool correctly, you can't expect the best results.
(Sorry Moore
Don't get me wrong, I'm all about catching pedophiles, but you're not going to be able to do it this way. Personally, I like the way MSNBC does it with "To Catch a Predator". The idea of catching pedophiles is great, but not practical when wanting a true anonymous system.
So, Tor works great when IMPLEMENTED correctly.
Use JanusVM. End of Story.
Kyle Williams
JanusVM Lead Developer
janusvm.peertech.org
