SSH and PyPi hangs on SneakyMailer and maybe other machines

Hey,
I’ve been working on SneakyMailer lately, and found out that ssh, pypi and other ways to access the machine freeze the connection.
After some debugging, I found that setting the MTU 1200 on the interface makes it work.
To do this you can issue this command:
ifconfig tun0 mtu 1200
@TazWake @sulcud Do you maybe know the underlying issue here?

Uname : 5.8.0-kali2-amd64 #1 SMP Debian 5.8.10-1kali1 (2020-09-22) x86_64 GNU/Linux

OpenVPN 2.5.0, with open ssl 1.1.1

Thanks

@JayThree said:

Hey,
I’ve been working on SneakyMailer lately, and found out that ssh, pypi and other wais to access the machine freeze the connection.

Possibly - HTB blocks SSH outbound on port 22. Not sure about the others, certainly I’ve never tried using pypi to access a machine.

If this is an issue on a specific machine, it is better to ask in the thread for that machine. It may have already been discussed.

However, if you find the problem is on multiple machines, then it is possible that the issue is in how you have set up your environment.

After some debugging, I found that setting the MTU 1200 on the interface makes it work.

That is an interesting finding. It implies something is adding overhead to your packets. This may be a result of how OpenVPN is encapsulating the traffic.

As a rule of thumb, if you are reducing the MTU, it’s likely that there is some packet loss taking place. A large MTU means traffic is “faster” but loss causes greater delays because it takes longer to notice. Reducing the MTU generally means that the packets get resent more often. Packets larger than the MTU should just be fragmented rather than lost.

There are some networking things you can use to dig into this if you want to try and find out - for example, ping -M do -s 1492 IPADDRESS and then gradually reduce it to find the correct MTU for the network.

(with the packet size, remember 1500 is the ethernet default and ICMP has 8 bytes of overhead so a 1492 byte ping packet is 1500 bytes on the wire)

Thank you very much!