How to hide my server's IP?

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

How to hide my server's IP?

Arthur Wayside
Hello.

Say I run a websapp inside a chroot and someone manages to hack it and gain shell access. Can I then somehow hide my server's IP from the likes of ifconfig?

Thanks!

Artur.

Sent with [ProtonMail](https://protonmail.com) Secure Email.
Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Aaron Mason
Why would ifconfig be in your chroot?

On Mon, Feb 3, 2020 at 8:28 AM Arthur Wayside
<[hidden email]> wrote:

>
> Hello.
>
> Say I run a websapp inside a chroot and someone manages to hack it and gain shell access. Can I then somehow hide my server's IP from the likes of ifconfig?
>
> Thanks!
>
> Artur.
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.



--
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Edgar Pettijohn III-2
In reply to this post by Arthur Wayside

On Feb 2, 2020 3:24 PM, Arthur Wayside <[hidden email]> wrote:

>
> Hello.
>
> Say I run a websapp inside a chroot and someone manages to hack it and gain shell access. Can I then somehow hide my server's IP from the likes of ifconfig?
>
> Thanks!
>
> Artur.
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.

Seems like they would already know this. However, you could:

# chmod go-x /sbin/ifconfig

Assuming they don't have root that should do it.

Edgar

Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Edgar Pettijohn III-2
In reply to this post by Arthur Wayside

On Feb 2, 2020 3:24 PM, Arthur Wayside <[hidden email]> wrote:
>
> Hello.
>
> Say I run a websapp inside a chroot and someone manages to hack it and gain shell access.

Or just don't put it in the chroot.

Can I then somehow hide my server's IP from the likes of ifconfig?
>
> Thanks!
>
> Artur.
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.

Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Frank Beuth
In reply to this post by Arthur Wayside
On Sun, Feb 02, 2020 at 09:24:20PM +0000, Arthur Wayside wrote:
>Hello.
>
>Say I run a websapp inside a chroot and someone manages to hack it and gain shell access. Can I then somehow hide my server's IP from the likes of ifconfig?

If you want to hide your public IP from a particular application for
security reasons, the only way I know of to reliably do this is to run
that application on a physically separate server or inside a virtual
machine, and then bridge/port forward traffic to the VM. This way the
application (and any system components it has access to) can only ever
know the internal IP address of the server or virtual machine.

Otherwise it would be possible for an attacker to, for example, hack
your webapp to have it phone home to some external server controlled by
the attacker. The attacker would thereby be able to find your IP
address.

A less-secure approach would be a local firewall that only permits
outgoing network access to processes run by a specific user (which is
NOT the user account of your webapp) and then have the forwarding
handled by an application running under that user account. (this is the
approach taken by the TAILS Linux+Tor live USB)

Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Janne Johansson-3
Den mån 3 feb. 2020 kl 07:18 skrev Frank Beuth <[hidden email]>:

> Otherwise it would be possible for an attacker to, for example, hack
> your webapp to have it phone home to some external server controlled by
> the attacker.


..and in the request logs see where the request comes from so this
information is available here,
combined with the ip used for the actual hack. But the existence of
"ifconfig" means nothing to this
scenario, you can blindly send a icmp, udp or tcp packet to
packet-collectors-R-us.com and see the
ip there. There is exactly zero need to first figure out the local ip and
only then send out blind packets
to your collector.


> The attacker would thereby be able to find your IP
> address.
>

By the time your opponent is running code on your server, this piece of
information is probably the least interesting part of the whole puzzle.

--
May the most significant bit of your life be positive.
Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

ratatatah
In reply to this post by Arthur Wayside
I've been told IP hiding inside FreeBSD jails is much easier, and that potential intruders would only be able to see local IPs. Is there any truth to that, and if so, why is this so hard to achieve on OpenBSD?

Thanks,
Ratah Tatah

Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Peter J. Philipp-3
On Mon, Feb 03, 2020 at 10:08:52AM +0000, ratatatah wrote:
> I've been told IP hiding inside FreeBSD jails is much easier, and that potential intruders would only be able to see local IPs. Is there any truth to that, and if so, why is this so hard to achieve on OpenBSD?
>
> Thanks,
> Ratah Tatah

A jail (which isn't implemented in OpenBSD) is a mechanism where resources
are compartmentalized within it.  One such resource is IP addresses.

You can look at this as a model of hierarchy vs. flatness where jails are
a hierarchy and OpenBSD's resources are flat.

In OpenBSD all aliases and interfaces are accessible to be read by everyone
who can open a socket.  Please see the getifaddrs(3) manpage to see why

Regards,
-peter

Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

ratatatah
Hello Peter!

Not sure I understand the whole hierarchy and flatness analogy, I'm very new to all of this, but what do I tell those who claim that this leaking of the IP poses a security risk and that they therefore should go with FreeBSD jails instead?

Thanks.


Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, February 3, 2020 10:27 AM, Peter J. Philipp <[hidden email]> wrote:

> On Mon, Feb 03, 2020 at 10:08:52AM +0000, ratatatah wrote:
>
> > I've been told IP hiding inside FreeBSD jails is much easier, and that potential intruders would only be able to see local IPs. Is there any truth to that, and if so, why is this so hard to achieve on OpenBSD?
> > Thanks,
> > Ratah Tatah
>
> A jail (which isn't implemented in OpenBSD) is a mechanism where resources
> are compartmentalized within it. One such resource is IP addresses.
>
> You can look at this as a model of hierarchy vs. flatness where jails are
> a hierarchy and OpenBSD's resources are flat.
>
> In OpenBSD all aliases and interfaces are accessible to be read by everyone
> who can open a socket. Please see the getifaddrs(3) manpage to see why
>
> Regards,
> -peter


Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Jan Stary
In reply to this post by Frank Beuth
> On Sun, Feb 02, 2020 at 09:24:20PM +0000, Arthur Wayside wrote:
> > Say I run a websapp inside a chroot and someone manages to hack it and gain shell access. Can I then somehow hide my server's IP from the likes of ifconfig?

If I let the window open at night,
and someone sneaks in with a knife,
how do I hide my street address?

Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Janne Johansson-3
In reply to this post by ratatatah
>
> Not sure I understand the whole hierarchy and flatness analogy, I'm very
> new to all of this, but what do I tell those who claim that this leaking of
> the IP poses a security risk and that they therefore should go with FreeBSD
> jails instead?
>

Use a VM if you need to win over "checkboxing security"

And refine the risk strategies, since the above conversation seem to be
centered around the concept of a hacker that

1. Someone successfully attacks your site over the internet, using your
outward facing IP A.A.A.A
2. Manages to run code on your webserver
3. May or may not divinate your internal IP B.B.B.B from that code.
4. The communicates information back to a server of their choice, perhaps
using a third (external) ip C.C.C.C or not

If you think #3 is the only important part, in a scenario where point 1,2
and 4 allows for full communication using the cirtcuit created using
A.A.A.A and C.C.C.C and full code execution inside your environment,
then you are not doing a very good job at risk assessment.

--
May the most significant bit of your life be positive.
Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Peter J. Philipp-3
In reply to this post by ratatatah
On Mon, Feb 03, 2020 at 11:13:54AM +0000, ratatatah wrote:
> Hello Peter!
>
> Not sure I understand the whole hierarchy and flatness analogy, I'm very new to all of this, but what do I tell those who claim that this leaking of the IP poses a security risk and that they therefore should go with FreeBSD jails instead?
>
> Thanks.

Hi!

You know there is a few things wrong about this in what I interpret from your
wants.  An IP should not be kept secret, in my opinion.  It should be made
harmless by firewall policies.

So even if knowledge escapes that there is an internal IP perhaps to a bastion
host to an internal network that is super sensitive to hackers who break into
a webserver there should be some defense against that.

It seems to me that priorities are all mixed up.  It seems to me that the IP
that is so sensitive that even its knowledge must be hidden, must be protected.
Perhaps you need to rethink the network.  You don't get more security by just
putting bastion hosts in the heart of fort knox and not protect it somehow.

If you want OpenBSD and your counterparts want FreeBSD because they can cover
up knowledge of a sensitive IP address, then compromise on this.  Get FreeBSD
and put an OpenBSD firewall in front of the sensitive network.  You can
even NAT the IP so that the super sensitive IP knowledge is out of the picture.

Then again it's useless throwing equipment such as firewalls on a sore spot
without considering the entire network.  How was it designed, why was this
spot left so sensitive, how can it be repaired?  Can it be patched or does an
entire new redesign have to evolve.  These are costs issues which I'm
admittedly not good at, also I'm not an architect (yet), I never built my own
network outside of home.  But I see there is need for some queries to the
architect here.

If it is a matter of battling over one host whether it's KindA OS or KindB OS
but it leaves a gaping hole despite either, then it's really not worth it and
the seriousness of this sensitive IP should be questioned.

Excuse my ongoing rant,
With regards,
-peter

Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Frank Beuth
In reply to this post by Janne Johansson-3
On Mon, Feb 03, 2020 at 10:46:03AM +0100, Janne Johansson wrote:
>> The attacker would thereby be able to find your IP
>> address.
>>
>
>By the time your opponent is running code on your server, this piece of
>information is probably the least interesting part of the whole puzzle.

Not at all. For people running hidden/onion/i2p services (as I assume
the OP is doing) being able to hide the IP from an attacker can be very
important. If you run a server for the Hong Kong protests, you
probably don't want the authorities to be able to find out which
apartment block to raid, even if they find an exploit in the software.

Reply | Threaded
Open this post in threaded view
|

Re: How to hide my server's IP?

Rudolf Leitgeb
In reply to this post by Janne Johansson-3
On Mon, 2020-02-03 at 13:23 +0100, Janne Johansson wrote:
> And refine the risk strategies, since the above conversation seem to be
> centered around the concept of a hacker that
>
> 1. Someone successfully attacks your site over the internet, using your
> outward facing IP A.A.A.A
> 2. Manages to run code on your webserver

That outward facing address A.A.A.A seems to be hidden behind a tor web,
which means the attacker can access a server without knowing its real IP
address. Knowledge of this real IP address may be the ultimate aim of the hack.

> 3. May or may not divinate your internal IP B.B.B.B from that code.

If that address B.B.B.B is an internal IP address, the hacker may not be able
to succeed in the original quest. Note, that the hacker may also find the MAC
address of the device, and all connected devices, which may give away the owner
of the device.

> 4. The communicates information back to a server of their choice, perhaps
> using a third (external) ip C.C.C.C or not

This appears to be the crucial part. If the hacker can initiate connections from
the hacked device, the public facing IP address is prone to discovery.

Therefore I propose the following solution:

1. Put the potentially vulnerable device behind a firewall. The firewall forwards
    requests to the device and back, but allows no outgoing connections from the
    protected device to the firewall or beyond.

2. Lock down the vulnerable device. If the device does not allow changing its MAC
    address, patch the kernel to report something else. Also make sure, that your
    vulnerable device creates no logs. Make sure, that the user account running
    the potentially vulnerable application can not write to any directory, from
    which executables can be started or dynamic libraries can be linked against.

3. Barriers are only effective, if they are properly defended. Your firewall must
    monitor and reliably unusual network activity from the vulnerable host, and shut
    down all network connections, if suspicious stuff happens. Consider a configuration,
    in which all disk access goes to a RAM disk, such that a simple reboot restores
    normal operation.

4. Obviously, no other device must be in the same network, especially not devices,
    which could provide hints about your identity.