Project

General

Profile

Bug #12037

virt-manager doesn't work anymore with the USB persistence

Added by TITAN over 2 years ago. Updated about 2 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Virtualization
Target version:
-
Start date:
12/16/2016
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

When you apply these options : https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html#index4h1

For using Tails launched in virt-manager with an external USB-stick.
This doesn't work anymore since 2.9.1.

It show only the first boot-menu from the first window => " BOOT TAILS " live/live failsafe". and FREEZE on it after event after the decount.
30 minutes could passed... Nothing change.

(There is a picture in attachment)

TAILS BUG.png View (42.5 KB) TITAN, 12/16/2016 09:21 PM

Screenshot WhireShark network traffic VM Tails-Host Windows.PNG View (115 KB) Diki, 12/18/2016 07:12 PM

Virus-dhcpnameserver-detected.JPG View (90.1 KB) Diki, 12/19/2016 04:17 PM

History

#1 Updated by Diki over 2 years ago

Hello,

If you check trafic between the Host machine and the virtual machine while Tails start, you will see security vulnerabilities.

Normally we should see that TLS traffic for the Tor network, but that is not the case ! I was able to detect network attacks. I think these network security flaws seriuosly impacts the startup of Tails. I have also seen in the Tails logs redundant anomalies causing several times the restart of several processes.

I have already transmited these facts with screeenshots to the Tails Administration. I got an evasive response... In summary, Tails asks me to reproduce the attacks I detected...

In conclusion, I think that the Tor network is compromised.

Best Regards.
Diki

#2 Updated by TITAN over 2 years ago

Hello Diki,

Thank you for these precious information..
So,the use of virtual-machine should be really reconsidered ?

If the Network is compromised too => there is non-sense to use it anymore..

It should be seriously audit!
I'm gonna edit the post in "high Priority"

#3 Updated by Diki over 2 years ago

Hello TITAN,

" So,the use of virtual-machine should be really reconsidered ? ": No

If someone can explain the origin of the TCP intrusions (Network traffic during Tails startup) that I have detected (see attachment), I think we will see more clearly ...

Best Regards,
Diki

#4 Updated by Diki over 2 years ago

Hello TITAN,

I think I have found the cause that is blocking the startup of Tails. As for the origin of this cause, I await an answer from my previous comment because I have a serious track on this subject.

First of all, it is very likely that you were infected, through the use of Tails, by the virus called "DhcpNameServer". I did the test at home, and when I eradicated "DhcpNameServer", the start of Tails is normal again.

To know if you are infected with "DhcpNameServer" (see attachment) runs an analysis with "RogueKiller", then if it is confirmed you will have to delete it by following for example this tutorial here http://blog.removevirusnow.org/dhcpnameserver-removal/

We will then see how this virus was introduced via Tails but for now I expect a precise answer to my previous comment before discussing how this virus could infect a host machine through a virtual machine dedicated to Tails (Network adapter: NAT / DHCP VMWARE)

Waiting for your answer, :)

Best Regards,
Diki

#5 Updated by Diki over 2 years ago

Hello,

I invite you to read the answer (ticket #4) that I posted on your blog
here https://labs.riseup.net/code/issues/12037

Best Regards,
Diki

2016-12-18 17:45 GMT+01:00 <>:

Issue #12037 has been updated by TITAN.

Hello Diki,

Thank you for these precious information..
So,the use of virtual-machine should be really reconsidered ?

If the Network is compromised too => there is non-sense to use it anymore..

It should be seriously audit!
I'm gonna edit the post in "high Priority"

----------------------------------------
Bug #12037: virt-manager doesn't work anymore with the usb persistence
https://labs.riseup.net/code/issues/12037#change-64447

  • Author: TITAN
  • Status: New
  • Priority: Elevated
  • Assignee: TITAN
  • Category: Virtualization
  • Target version: Tails_2.9.1
  • QA Check:
  • Feature Branch:
  • Type of work: Code
  • Blueprint:
  • Easy:
  • Affected tool:
    ----------------------------------------
    When you apply these options : https://tails.boum.org/doc/advanced_topics/
    virtualization/virt-manager/index.en.html#index4h1

For using Tails launched in virt-manager with an external USB-stick.
This doesn't work anymore since 2.9.1.

It show only the first boot-menu from the first window => " BOOT TAILS "
live/live failsafe". and FREEZE on it after event after the decount.
30 minutes could passed... Nothing change.

(There is a picture in attachment)

---Files--------------------------------
TAILS BUG.png (42.5 KB)

--
You have received this notification because you have either subscribed to
it, or are involved in it.
To change your notification preferences, please click here:
https://labs.riseup.net/code/my/account

#6 Updated by intrigeri over 2 years ago

First of all, it is very likely that you were infected, through the use of Tails, by the virus called "DhcpNameServer". I did the test at home, and when I eradicated "DhcpNameServer", the start of Tails is normal again.

This ticket is about a problem on Linux (virt-manager), so I don't think that this virus thing applies.

#7 Updated by intrigeri over 2 years ago

If you check trafic between the Host machine and the virtual machine while Tails start, you will see security vulnerabilities.

This is off-topic on this ticket.

#8 Updated by intrigeri over 2 years ago

  • Subject changed from virt-manager doesn't work anymore with the usb persistence to virt-manager doesn't work anymore with the USB persistence
  • Target version deleted (Tails_2.9.1)

#9 Updated by intrigeri over 2 years ago

  • Priority changed from Elevated to Normal
  • QA Check set to Info Needed

When you apply these options : https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html#index4h1

For using Tails launched in virt-manager with an external USB-stick.
This doesn't work anymore since 2.9.1.

It show only the first boot-menu from the first window => " BOOT TAILS " live/live failsafe". and FREEZE on it after event after the decount.
30 minutes could passed... Nothing change.

What operating system / version are you using?

What's the output of sudo aa-status?

Please try other versions of the (virtual) USB adapter assigned to the VM. In particular, try the USB 3.0 (xhci) one.

#10 Updated by Diki over 2 years ago

" For using Tails launched in virt-manager with an external USB-stick.
This doesn't work anymore since 2.9.1."

I use "VMWARE WORKSTATION 12 PRO" and I have no problem to use one USB Live Tails 2.9.1

What operating system / version are you using?: Host machine: WIndows 8.1 Pro

"What's the output of sudo aa-status?": ? sudo aa-status ?

"Please try other versions of the (virtual) USB adapter assigned to the VM. In particular, try the USB 3.0 (xhci) one.": I use already USB 3.0 for Live Tails 2.9.1. I have no problem.

#11 Updated by intrigeri over 2 years ago

" For using Tails launched in virt-manager with an external USB-stick.
This doesn't work anymore since 2.9.1."

I use "VMWARE WORKSTATION 12 PRO" and I have no problem to use one USB Live Tails 2.9.1

Which is why this is off-topic here: VMWARE has nothing to do with virt-manager :) My questions were for the bug reporter.

#12 Updated by Diki over 2 years ago

VMWARE is not the subject I explain just under which platform of virtualization I was able to highlight the detection of attacks especially Ddos at the start of Tails. Obviously you did not understand the problem I mentioned earlier in this thread.

#13 Updated by intrigeri over 2 years ago

VMWARE is not the subject I explain just under which platform of virtualization I was able to highlight the detection of attacks especially Ddos at the start of Tails. Obviously you did not understand the problem I mentioned earlier in this thread.

Please report that problem as a new, separate problem, since it is off-topic on this ticket.

#14 Updated by intrigeri about 2 years ago

  • Status changed from New to Rejected
  • Assignee deleted (TITAN)

Requested info was never provided, and it works for me => closing.

Also available in: Atom PDF