Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Transparent (TCP / UDP) Proxy
Proxy traffic from a client to remote proxy server.
TODO Research using tun interface to setup a forward pinhole
A) Traffic Types to proxy
Exclusions: Do not proxy TCP established connections and ICMP inbound (TTL traceroute replys)
1. All protocols
2. Mission configurable protocols and TCP or UDP ports
Proxy all ports or a finite number of ports
B) Proxy transport
Assumption: There is no need to encrypt the traffic, it will only raise a red flag.
1. Application Layer/User Space Tunnel
Pros: unencrypted ppp tunnel over TCP 80 shouldn't raise too many flags, and avoid FW issues
between the FT and the proxy server/router.
Note: unencrypted ppp can run over a telnet tty, see
Cons: why not just use something like a app layer PPP proxy?
http://www.tldp.org/HOWTO/ppp-ssh/forwarding.html
http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.1
Q: General Problem: How should DNS requests be handled?
A: We may have to map or translate all outbound DNS request dest IPs to the proxy server's
nameserver.
Q: What about DHCP requests from the client?
A: We should try to prevent them from being sent through the VPN. From the openvpn howto:
“Many OpenVPN client machines connecting to the internet will periodically interact with a
DHCP server to renew their IP address leases. The redirect-gateway option might prevent the
client from reaching the local DHCP server (because DHCP messages would be routed over the
VPN), causing it to lose its IP address lease.”
On FT/ProxyServer (note: socat generally has support for TCP4, SSL, or UDP channels...)
telnet and pppd / telnetd and pppd
http://www.imonk.com/jason/hacks/
socat and pppd / socat and pppd
socat and pppd / socat and slirp
http://www.unix-tutorials.com/go.php?id=466
ssh and pppd / sshd and pppd
socat (requires kernel support for TUN socket/network interface, deps: openssl)
openvpn (deps: lzo openssl)

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh