Skip to main content

Detailed and credible looking report of #LawfulInterception #MitM on an #xmpp server hosted at #Hetzner in Germany: https://notes.valdikss.org.ru/jabber.ru-mitm/

Looks like a transparent bridge was deployed in front of the actual server, obtained dedicated certificates from #LetsEncrypt and MitMed all incoming client connections since July. It was discovered because the LE certificate expired 🤦

Encrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging service —

notes.valdikss.org.ru
#xmpp #letsencrypt #hetzner #lawfulinterception #mitm
This entry was edited (6 months ago)
in reply to Ge0rG

mathieui
mathieui
That looks like an incentive for more DANE deployments to me
in reply to mathieui

Ge0rG
Ge0rG
@mathieui all the practical aspects aside, with DANE you are trading "trust in a hundred 'trusted' CAs" for "trust in the owners of the DNS hierarchy above you", which would be the Russian government in the case of xmpp.ru. Of course you could reasonably argue that there is no entity that can legally subvert both the Russian DNS and a German datacenter.
@mathieui
in reply to Ge0rG

Jonas Schäfer
Jonas Schäfer

@mathieui It's not that simple, is it? At least in this scenario.

Here, the MitM was placed on the server side. If I'm not missing something, owning a DNSSEC-protected TLSA record is much more effort than sitting on the path to a single (or in this case, pair of) server(s).

You need to ensure that *all* DANE-validating clients (either s2s or c2s connections) are getting a result which makes them believe your forged TLSA records are authentic (or absent).

For that, you need to either be on the path between the clients and the DNS servers they use or in front (or inside) of all authoritative servers responsible for the domain, *in addition* to being able to forge DS record responses in the parent zone and *in addition* to whatever hoops they had to jump through in this case already.

And this type of attack is much easier to detect, because it'll be hard for the attacker to distinguish between traffic attempting to detect an attack (your monitoring comparing TLSA records against expected values via public recursors and/or for instance infrastructure like RIPE Atlas) and the target client traffic.

Or am I missing a more simple way which is not immediately obvious to anything monitoring your DNS?

@mathieui
This entry was edited (6 months ago)
in reply to Jonas Schäfer

Nicoco
Nicoco
Sometimes I wonder if I should try and turn my friends and family (federated though) prosody instance into a server with open registrations, to help decentralization. But since I only understand some of the words in this post, it's probably more reasonable that my instance stays at the scale it is. ^^
in reply to Nicoco

Ge0rG
Ge0rG
@nicoco
Opening registrations will convert your family server into a spam relay in just a few weeks.
@jssfr @mathieui
@mathieui @Nicoco @Jonas Schäfer
⇧