{"id":39216,"date":"2023-04-28T14:05:46","date_gmt":"2023-04-28T18:05:46","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=39216"},"modified":"2024-11-13T15:53:19","modified_gmt":"2024-11-13T20:53:19","slug":"bypassing-little-snitch-with-empty-tcp-packets","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2023\/04\/28\/bypassing-little-snitch-with-empty-tcp-packets\/","title":{"rendered":"Bypassing Little Snitch With Empty TCP Packets"},"content":{"rendered":"

Jeff Johnson<\/a>:<\/p>\n

When you look at the implementation of Little Snitch, the interpretation of the word “data” becomes crucial. Technically, unless you allow the connection, Little Snitch does indeed prevent HTTP data from getting sent. Nonetheless, Little Snitch does not<\/em> prevent TCP (Transmission Control Protocol)<\/a> data from getting sent. This TCP data includes your IP address, which can often be used to personally identify you. The server knows that you, i.e., your IP address, tried to connect to the server, even when Little Snitch “denies” the connection.<\/p>

[…]<\/p>

Objective Development told me that Little Snitch uses deep packet inspection<\/a> to try to get a name for the connection.<\/p>

[…]<\/p>

An HTTP connection over TCP has to initiate a 3-step “handshake”<\/a> before any actual data—such as HTTP headers—can be sent over the connection. Every TCP packet, including any packet involved in the handshake, contains the IP addresses of the sender and the receiver.<\/p><\/blockquote>\n\n

Ryan Gerstenkorn<\/a>:<\/p>\n

\n

If you set up a TCP connection and close it before sending any data, an alert will not be triggered by Little Snitch.<\/p>\n

[…]<\/p>\n

This behavior is enough to enable two-way communications between a server and a client running behind Little Snitch without being detected by using the destination port to encode data.<\/p>\n

[…]<\/p>\n

To demonstrate exfiltrating data we will be encoding it across eight ports where each port maps to a bit in memory. All bits default to zero, when a connection is established to port X, the associated bit X is set to one. Once we have made all the connections needed, and the bits are set correctly in memory, we can then send a connection to a ninth port, indicating to the server that the current cycle is complete. The current byte is read, flushed to stdout, and the server state is then reset.<\/p>\n<\/blockquote>\n\n

Jeff Johnson<\/a>:<\/p>\n

The addendum of the blog post notes that I had briefly tested LuLu<\/a> and saw some of the same behavior. After I published my blog post, I sent a link to Patrick Wardle<\/a>, the developer of LuLu, who has been very responsive and helpful. Moreover, LuLu is open source, so I was able to examine how it works exactly. On further testing with LuLu, I came to believe that there’s actually a bug in the macOS network filter extension implementation. I’ve now filed FB12088655 with Apple: Privacy: Network filter extension TCP connection and IP address leak<\/a>.<\/p><\/blockquote>\n\n

Update (2023-06-09): Christian Starkjohann<\/a>:<\/p>\n

\n

Since we are no longer allowed to ship a kernel extension, we are required to code against this new programming interface. So the question transforms into: “Why does the Network Extension framework allow these data packets?”<\/p>\n

[…]<\/p>\n

The clever move is to run two tasks in parallel: While the three-way handshake is in progress, Apple simultaneously asks all Network Extensions whether to allow or deny the connection. The Network Extensions have at least 20 milliseconds time to respond without degrading performance. That just enough to run complex filters and send responses back to the kernel. The downside is, of course, that the server receives the SYN packet. If it turns out that the packet should be denied, a RST (Reset) packet is sent instead of the SYN\/ACK to abort the connection.<\/p>\n

[…]<\/p>\n

We tried to report a successful connect to the app, although the handshake packets were held back. This resulted in an inconsistency in the TCP\/IP implementation of the kernel and triggered either a kernel panic or various other errors. […] We therefore assume that it’s hard, even for Apple, to inspect the first data packet without allowing at least the initial handshake.<\/p>\n

[…]<\/p>\n

Considering the different types of attackers, it is unlikely that exploiting the TCP SYN packet will be widely used for large-scale attacks targeting multiple computers. […] However, this method could be of interest to user tracking and analytics, allowing them to gather rough information about installations and some aspects of user behavior. […] It would be naive to think that Little Snitch alone can protect you from [targeted attacks].<\/p>\n<\/blockquote>\n\n

Update (2023-06-13): Jeff Johnson<\/a> (Mastodon<\/a>):<\/p>\n

I’m not persuaded that performance over privacy is a good tradeoff for network extension users. And we don’t even get the choice<\/em>. Apple is imposing its decision on everyone, with no options. And speaking of performance, do you know what else can degrade it? iCloud Private Relay! […] Additional latency may be the price of protecting your privacy, and that’s a price I’m willing to pay.<\/p>

[…]<\/p>

Safari is never waiting on the content blocking extension to provide a verdict on individual URL loads.<\/p>

It seems to me that Apple could do network content filter extensions the same way. Why couldn’t Little Snitch provide its rules to the kernel in advance and let the kernel itself do all of the filtering, without having to switch contexts?<\/p>

[…]<\/p>

One of the questions I raised in my blog posts was not answered by Objective Development: why does Little Snitch leak your IP address on every<\/em> TCP connection attempt, when LuLu<\/a> and my own sample network filter extension do not?<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"

Jeff Johnson: When you look at the implementation of Little Snitch, the interpretation of the word “data” becomes crucial. Technically, unless you allow the connection, Little Snitch does indeed prevent HTTP data from getting sent. Nonetheless, Little Snitch does not prevent TCP (Transmission Control Protocol) data from getting sent. This TCP data includes your IP […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2023-04-28T18:05:48Z","apple_news_api_id":"fab93ebf-c7aa-4e78-ac61-77e3a9e376d7","apple_news_api_modified_at":"2024-10-09T11:38:34Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAw==","apple_news_api_share_url":"https:\/\/apple.news\/A-rk-v8eqTnisYXfjqeN21w","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,139,2008,30,32,2223,2688,751,355,508],"class_list":["post-39216","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-littlesnitch","tag-lulu","tag-mac","tag-macapp","tag-macos-13-ventura","tag-network-extensions","tag-network-neutrality","tag-privacy","tag-tcp"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/39216","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=39216"}],"version-history":[{"count":5,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/39216\/revisions"}],"predecessor-version":[{"id":45297,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/39216\/revisions\/45297"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=39216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=39216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=39216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}