Split I2P router from I2P services

Proposals for I2P
echelon
Posts: 264
Joined: 10 Feb 2018 13:36

Re: Split I2P router from I2P services

Post by echelon »

Hi!

Ok, so lets see:
1. even if you have a issue in one app on your system departed from the I2P router, the user is deanonymized. No security gain from seperating at all.
No need to do work for no benefit.
Also all services do run on localhost, a user will get only localhost, on all services.

2. If a port is used by I2P router console web app, no other app can use this. So there is not more than one app running on a single port.
Here is the list of the ports used by I2P: https://geti2p.net/en/docs/ports
E.g. Jetty uses 7658 by default.

3. whonix will not safe a user if the app tells the attacker the IP or the system is flawed. Same with I2P. But thats not the target of i2p.

echelon
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

Re: Split I2P router from I2P services

Post by anonymousmaybe »

echelon wrote: 15 Oct 2018 16:05 Ok, so lets see:
1. even if you have a issue in one app on your system departed from the I2P router, the user is deanonymized. No security gain from seperating at all.
No need to do work for no benefit.
Also all services do run on localhost, a user will get only localhost, on all services.
i didnt get that part, now an application lets say I2P-Bote has a vulnerability and been hacked inside whonix-ws-i2p , how the user going to be de-anonymized? (assuming I2P router in whonix-gw-i2p)

no body is minding to use 127.0.0.1 , but its a problem to use the same port of the router.
echelon wrote: 15 Oct 2018 16:05 2. If a port is used by I2P router console web app, no other app can use this. So there is not more than one app running on a single port.
Here is the list of the ports used by I2P: https://geti2p.net/en/docs/ports
E.g. Jetty uses 7658 by default.


well how about:

- Susimail using http://127.0.0.1:7657/susimail/
- i2p-Bote using http://127.0.0.1:7657/i2pbote/index.jsp
- I2pSnark using http://127.0.0.1:7657/i2psnark/

If we can fix those services from listening into the same port of the router then first step of the problem solved.

also add a rule for any third-party service to not listen on the same router port. plus it can be prohibited as well through the code to avoid any service from listening to it as a harden step. (but modifying applications and re-porting them is easier to get)
echelon wrote: 15 Oct 2018 16:05 3. whonix will not safe a user if the app tells the attacker the IP or the system is flawed. Same with I2P. But thats not the target of i2p.
echelon
actually thats what whonix trying to prevent , even if there is a flaws within an application , user cant be de-anonymized because the traffic simply in other OS/location.
echelon
Posts: 264
Joined: 10 Feb 2018 13:36

Re: Split I2P router from I2P services

Post by echelon »

Hi!

Ok, you seem to not understand those are just plugins into the java virtual machine, running in the same context of I2P router.
If you want to run them seperate, you can already do (run i2p-snark standalone), which does not run in the same java context and does not use java API to I2P router.
Same with bote.
Susimail is just a simple applet to read mail, you can use thunderbird, outlook, or whatever, no need to convert this into a small standalone app. The Mail client does not need any I2P adoption at all, just set the I2P router IP:ports as server and done.
Also none of the apps is running on the same IP:port as the router. As the router runs on the outside IP:port, choosen by random on first I2P install.
The builtin apps run mostly as a applet in the builtin Jetty Server, which runs the console as a seperate applet, to. Not to be mixed with the jetty for the eepsite, which runs on a seperate setup.

And yes, if a app in Whonix is compromised and tells the outside IP of the system, the whole system is compromised. Not specific to I2P apps.

Echelon
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

Re: Split I2P router from I2P services

Post by anonymousmaybe »

echelon wrote: 16 Oct 2018 08:17 Ok, you seem to not understand those are just plugins into the java virtual machine, running in the same context of I2P router.
If you want to run them seperate, you can already do (run i2p-snark standalone), which does not run in the same java context and does not use java API to I2P router.
Same with bote.
Susimail is just a simple applet to read mail, you can use thunderbird, outlook, or whatever, no need to convert this into a small standalone app. The Mail client does not need any I2P adoption at all, just set the I2P router IP:ports as server and done.
Also none of the apps is running on the same IP:port as the router. As the router runs on the outside IP:port, choosen by random on first I2P install.
The builtin apps run mostly as a applet in the builtin Jetty Server, which runs the console as a seperate applet, to. Not to be mixed with the jetty for the eepsite, which runs on a seperate setup.
you are allowing wide attack of surface here. insecurity by design.
echelon wrote: 16 Oct 2018 08:17 And yes, if a app in Whonix is compromised and tells the outside IP of the system, the whole system is compromised. Not specific to I2P apps.
Please prove that if an app compromised in Whonix-WS it will reveal the real IP of the user. Whonix is secure by design, so this wont happen. (unless you can prove against)

You are missing one major point, now for e.g:-

- Tails as a live operating system why would it have a jetty server inside their distro while they want just to surf the internet securely wit I2P?

- If im running a website and i want to mirror it with I2P , why would i have I2Psnark installed by default while i want just the router?

- if i want to surf the net securely why i am having torrent client + server stuff installed by default ?

...etc , no body going to be really convinced if you push 500 packages while the main object is about 10 or so packages.

and like i said before , if someone wanted to buy a door and thats all he needs to protect his home (if his door broken) , then you are offering for him an entire building to take with him while he needs just the door.

so I2Pconsole should consist only tunnels like the main one for surfing 127.0.0.1:4444 , 127.0.0.1:4445. if you want to add a preconfigured tunnels like for irc2p or snark.... then only the tunnels to be there and disabled by default (to not add load and take traffic on the user). if someone want to enable X tunnel for X service then he can enable the tunnel when he install the service for his needs or create new one..... and so on. (similarly to Tor, if you want to install it then it will be installed alone but not Tor + TorBrowser + arm/nyx + shadow + OONI prob +...etc = very horrible if thats the case)
echelon
Posts: 264
Joined: 10 Feb 2018 13:36

Re: Split I2P router from I2P services

Post by echelon »

Hi

Sure, the moe apps, the more software, the wider a attack possibility is.
But if you want to use I2P, you need to install a basic set of software and need to run it.
And as long as the java virtual machine is secure, there is no real bigger issues with running more apps in Java virtual machine, as long as those are no threat. So far the I2P apps run for >10 years with any known security issue (except foreign domain issue a few years ago on router console, not on the other apps).
So you want to try to reduce the threats with runnign additional software/virtual machine, adding more complexity to the system overall just to get rid of the central java context and jetty server providing a good functionality to lots of apps and saving ressources and complexity?
Not a good idea so far.

I cannot prove a app providing the real IP, but it is possible in theory,. So far you cannot prove it is impossible. So just to be safe and assume it is possible and happens. But thats not a target of I2P to secure users against a broken machine/system.
Also I2PSnark is used to automatic update the I2P router, thats why it is needed by default installation. Users can disable it, if they want. If Whonix/Tails does not want it, they can remove it from the package and provide another update mechanism.
Jetty server is needed to provide the router console and to provide a fast and easy way to setup a user eepsite. Same as I2PSnark applies.
So, if you want a router console and running I2P router with auto update, you need these apps.

echelon
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

Re: Split I2P router from I2P services

Post by anonymousmaybe »

I cant argue anymore , as it will be just repetition of my words.

I leave the rest to reader to decide.

Thank You btw for your time :)
Post Reply