OpenBSD Journal

Anonym.OS: an OpenBSD Live CD for Anonymity?

Contributed by mbalmer on from the hidden-openbsd dept.

Saad Kadhi writes:

Wired recently published Anonymity on Disk, an article about using an OpenBSD-based Live CD called Anonym.OS and which was unveiled during Shmoo Con.

According to the Wired article, Anonym.OS will modify the "network fingerprint" of stock OpenBSD to make it look like Windows XP SP1 (duh!). Moreover, it uses Tor which may result into slow performance.

See http://theory.kaos.to/projects.html for more information.

(Comments are closed)


Comments
  1. By Ray (199.67.138.42) on

    According to the Wired article, Anonym.OS will modify the "network fingerprint" of stock OpenBSD to make it look like Windows XP SP1 (duh!).

    This was an attempt to blend in with whatever environment they were in. Moreover they told me they have only succeeded in changing it to “unknown”.

    Comments
    1. By Kevin Miller (66.106.198.108) digunix@kaos.to on http://theory.kaos.to

      The user agent tag when using Firefox comes across as a WinXP box using Firefox 1.5. When trying p0f, you will see the OS come across as unknown.

  2. By thomasw.xhrl (142.22.16.55) on

    regardless of what it did, this is yet another reason to get an official OpenBSD cd or to download OpenBSD from an official ftp. besides the cd art and stickers are worth the cost of the cd in themselves!!! I think OpenBSD would do well if the stickers were sold as a seperate option:)

    Comments
    1. By Anonymous Coward (64.37.210.10) on

      Look at it this way. The stickers ARE sold separately. You buy the stickers and you get 3 free CDs with OpenBSD on them. Where else does the purchase of mere stickers get you 3 CDs with a functional and secure OS for six different architectures, including source code and pre-compiled packages, PLUS a soundtrack. ;-) It's a bargain! So break down and buy some stickers.

    2. By Anonymous Coward (63.255.174.162) on

      > besides the cd art and stickers are worth the cost of the cd in themselves!!! I think OpenBSD would do well if the stickers were sold as a seperate option:)

      I agree to your last sentence. I trash the stickers and CD cover art. Why does the smallest of the 3 BSD's that centers on professional security excellence instead of glitz and fritz and useless cruft want to add kiddie stickers and comical blowfish?

      Comments
      1. By Anonymous Coward (70.179.123.124) on

        Because they have a sense of whimsy, dammit!

      2. By Nate (65.95.242.122) on

        Uh, I'm pretty sure there are more people using OpenBSD than NetBSD, and there is also a DragonFly BSD around... So of the four BSDs I think it number two for usage. Or do you mean smallest by the number of lines of code?

        Comments
        1. By Anonymous Coward (63.255.174.162) on

          Yes (codebase/size/ports). And I'm looking forward to the newer BSD with LWKT and ZFS.

          Comments
          1. By Anonymous Coward (63.255.174.162) on

            I answered Nate's question, so I'm curious why the negative score? Am I wrong...is NetBSD userland (not users) smaller than OpenBSD on the x86 platform? Or you don't like my mention of DragonFly BSD's support of light weight kernel threading or Sun's ZFS file system?

            Comments
            1. By tedu (69.12.168.114) on

              is NetBSD userland (not users) smaller than OpenBSD on the x86 platform?

              yes

              Or you don't like my mention of DragonFly BSD's support of light weight kernel threading or Sun's ZFS file system?

              it's certainly offtopic, unless you're planning on porting it to openbsd.

              Comments
              1. By Anonymous Coward (63.255.174.162) on

                I haven't used NetBSD. Has its userland always been smaller? A couple of the articles I read years ago stated Theo branched from NetBSD, did extensive code review and modifications after a sucessful hack into one of his boxes, and the userland was weeded out of unnecessary, bloated or redundant/inferior programs, especially if they also had licensing issues. BTW, my DragonFly BSD comment was in reply to Nate's mentioning it as now making at least 4 main BSD projects.

      3. By Matthias Kilian (84.134.45.68) on

        Because vendors of mainstream PCs and laptops ship their products with childish Windoze and Intel stickers preinstalled?

    3. By Anonymous Coward (195.6.59.36) on

      For me, a DVD box for the OpenBSD release will be good (with all stickers and a big cover art as well).

  3. By ubiquitin (68.99.1.133) on http://www.phpconsulting.com

    As expected, AnonymOS works well with the Atheros chipset but is not able to drive the IPW2200 from Intel. With the Atheros, it not only found the card, but acquired and maintains a DHCP lease. Bootup took me about five minutes on a 1.8Ghz Pantium-M wiht a fast CDR-DVD drive, so this isn't exactly a good drive-by anonymizer. Still, it's good to see an OpenBSD LiveCD.

    Their pf.conf seems a little overkill, but I guess that's the whole point...


    <a href="http://theory.kaos.to/projects/strong_egress_ruleset_pf.conf.txt">theory.kaos.to/projects/strong_egress_ruleset_pf.conf.txt</a>

    Comments
    1. Comments
      1. By elmore (71.56.112.13) on http://theory.kaos.to

        That pf.conf at the link pointed out above is essentially a cbq example ruleset for a corporate firewall. The ruleset included on the Anonym.OS live cd is fairly simple, just block all traffic in and out unless it is tor traffic.

        Comments
        1. By Anonymous Coward (70.81.198.156) on

          It is disconcerting to see such an amateur PF ruleset posted as being fit for production/corporate use by a security research group. For those in denial, let the original author post that ruleset in its original glory to misc@ for public digestion.

          Comments
          1. By pf.conf (68.99.1.133) on

            ##################################################################################################################################
            # Macros: define common values, so they can be referenced and changed easily.
            ext_if="em0"
            int_if="em1"
            ...

            edited dhartmei: please put it on http://pastebin.com/ or such, and post the link instead. thank you.

            Comments
            1. By pf parser (64.254.225.66) on

              I think the file got truncated. Post it (or its link) to misc?

          2. By Joakim (82.155.148.28) on

            could you please point which rules are wrong in the ruleset presented? thanks

    2. By ciph3r (213.9.211.12) on

      Maybe they cannot redistribute the intel firmware needed to run the ipw/iwi card.

  4. By Anonymous Coward (216.160.171.31) on

    I think it is a great thing to have a Live CD based on OpenBSD, but I don't need as much anonymity. How does one stop using tor and the proxy, and resume regular operation? Killing the tor process on the Anonym.OS works, but then trying to ssh somewhere local gives a "no route to host" message. Netstat is gone, route -n show gives a default route statement, so what's up? Simple pointers accepted, flames if necessary.

    Comments
    1. By pf parser (64.254.225.66) on

      Examine your PF rules. Be certain that any block statements are logged in PF.
      $ sudo pfctl -sr
      Then start tcpdump on the pflog0 interface in another terminal and try your connection again:
      $ sudo tcpdump -netttoi pflog0 host some_host and port ssh
      $ ssh some_host
      Or, if pflogd is running, usually dumping to /var/log/pflog:
      $ pgrep -l pflogd
      $ tcpdump -netttor /var/log/pflog

      Comments
      1. By Anonymous Coward (216.160.171.31) on

        You are so right! As a simple test, I tried this:

        pgrep tor
        pkill tor
        pgrep priv
        pkill <number>
        pfctl -d
        edit /etc/resolv.conf to have a local dns
        nameserver 127.0.0.1
        to
        nameserver n.n.n.n

        start up browser, under Edit, Preferences, General, Connection Settings, Select - Direct Connection to the Intenet
        and viola!

        tcpdump works, ssh works, browsing as normal.

        Thanks for the pointer.

        As a general observation, startup time for various applications is very slow, since /bin, /sbin, /usr/bin, /usr/sbin are all accessed from the cd.
        It might be interesting to copy those to a mfs partition as well.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]