There is significant concern in the Tor community (torproject.org) that there is a potential weakness in Tor relays that do not randomize IP IDs. FreeBSD by default does not enable randomized IP IDs. Adding this to the pkg-message would provide the simple steps to enable: For those concerned about the potential of traffic analysis with sequential IP ID numbers, you can enable randomized IP IDs on a running system with 'sysctl net.inet.ip.random=1'. To maintain this setting after reboots, add 'net.inet.ip.random=1' to /etc/sysctl.conf.
Auto-assigned to maintainer bf@FreeBSD.org
Rather, it's: net.inet.ip.random_id=1
A commit references this bug: Author: bf Date: Thu Dec 11 13:57:33 UTC 2014 New revision: 374532 URL: https://svnweb.freebsd.org/changeset/ports/374532 Log: Warn about a vulnerability in the default configuration PR: 195828 Changes: head/security/tor/Makefile head/security/tor/files/pkg-message.in head/security/tor-devel/Makefile head/security/tor-devel/files/pkg-message.in
Thanks. I would be clear that AFAIK this is not a documented "vulnerability in the default configuration" as much as it's mitigation for potential traffic analysis. Therefore, I think it might be better to word it more carefully with something like: For those concerned about the potential of traffic analysis with sequential IP ID numbers, you can enable randomized IP IDs on a running FreeBSD system with 'sysctl net.inet.ip.random_id=1'. To maintain this setting after reboots, add 'net.inet.ip.random_id=1' to /etc/sysctl.conf.
I don't think that we need quibble about the commit message -- it is a vulnerability in the sense that successful deanonymization has been demonstrated under realistic conditions. And I don't hesitate to make a positive recommendation to use randomization -- both the upstream developers and other authorities do so as well, and nearly every tor user ought to be concerned about this. I'll reconsider the message, since I think there ought to be a warning about exceeding ipport_randomcps. But I want to keep it short, and I am not sure that the pkg-message of a port is the best place to instruct novices on how to make a persistent sysctl setting.
No issues from me bf@. I hadn't read that it had been shown in practice and I didn't test it myself, although theoretically it makes sense. Regarding where to put some of the additional comments, it's a tough question. Would a specific FreeBSD Tor man page, or a README make sense? I agree that long pkg-messages are ugly.
A commit references this bug: Author: bf Date: Mon Mar 30 11:58:49 UTC 2015 New revision: 382650 URL: https://svnweb.freebsd.org/changeset/ports/382650 Log: update to 0.2.6.6 [1]; add another hint to the pkg-message [2]; use @sample [3]; add CPE information [4]; update the rc-script [5] PR: 198710 [1], 199003 [1], 195828 [2], 198164 [3], 197493 [4], 197998 [5] Changes: head/security/tor/Makefile head/security/tor/distinfo head/security/tor/files/pkg-message.in head/security/tor/files/tor.in head/security/tor/pkg-plist head/security/tor-devel/Makefile head/security/tor-devel/distinfo head/security/tor-devel/files/pkg-message.in