|
Home > Archive > Anonymous Servers > October 2006 > Tor, Vidalia, and Usenet anonymity questions
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Tor, Vidalia, and Usenet anonymity questions
|
|
| Freeman 2006-10-02, 7:22 pm |
| If I run Vidalia/Tor and my newsreader socksifyed through Freecap,
what is my exposure to having my IP traced? Could my news service
trace my IP back or could someone do it by intercepting my
transmissions upon leaving the Tor exit node? I read about the DNS
leak issue, and wonder if it applies to news servers.
Speaking of the DNS leak, when running Tor/Firefox (with Foxyproxy)
would using the actual IP address of the destination web page (instead
of http://whatever.com) circumvent the DNS lookup issue?
thx
| |
| George Orwell 2006-10-03, 1:16 am |
| Freeman wrote:
> If I run Vidalia/Tor and my newsreader socksifyed through Freecap,
> what is my exposure to having my IP traced? Could my news service
> trace my IP back or could someone do it by intercepting my
> transmissions upon leaving the Tor exit node?
No. Assuming everything is set up and working properly the traffic
leaving the Tor exit node can't be traced back to you.
> I read about the DNS
> leak issue, and wonder if it applies to news servers.
Absolutely. In fact may be more relevant to news clients than web
browsers because few news clients have native SOCKS (Tor) support, and
whether or not their DNS requests are in line with how utilities like
SocksCap/FreeCap operate is always a matter for concern.
Your best bet is to install some sort of packet sniffer and examine
what's being sent out first hand. It's easy enough to distinguish
between encrypted and unencrypted traffic, and/or see which IP address
a traffic is being sent to (your DNS server, a Tor node, etc.).
> Speaking of the DNS leak, when running Tor/Firefox (with Foxyproxy)
> would using the actual IP address of the destination web page (instead
> of http://whatever.com) circumvent the DNS lookup issue?
It should, but again it needs to be checked because there's nothing in
this world that says a piece of software can't do a lookup on an IP,
and do it any way it pleases. Through Tor or otherwise. For web
browsers this is a pretty easy problem to solve though, because Privoxy
has proper SOCKS support, and Firefox can be configured to always use
Tor for DNS lookups.
Your questions really boil down to whether or not your client software
is doing things properly or not. They're all different of course. For
specific software you might get a more specific answer, like recent
Firefox being fine if configured properly with
network.proxy.socks_remote_dns and network.proxy.socks_version, but a
general news client question only gets a general answer. Like "check it
and see". 
| |
| Anonymous 2006-10-03, 7:14 am |
| In article < cc002b37f289c3976328701529b745bc@mixmast
er.it>
George Orwell <nobody@mixmaster.it> wrote:
>
> Freeman wrote:
>
>
> Absolutely. In fact may be more relevant to news clients than web
> browsers because few news clients have native SOCKS (Tor) support,
Please explain native SOCKS (Tor) support in relation to UDP vis a vis
IP?
Doesn't SOCKS 5 resolve all names remotely?
Aren't you just a fudge packing Foley supporter?
| |
| Anonymous 2006-10-03, 7:14 am |
| Anonymous wrote:
> In article < cc002b37f289c3976328701529b745bc@mixmast
er.it>
> George Orwell <nobody@mixmaster.it> wrote:
>
> Please explain native SOCKS (Tor) support in relation to UDP vis a vis
> IP?
>
> Doesn't SOCKS 5 resolve all names remotely?
Obviously not. SOCKS 5 doesn't resolve anything remotely. Neither does
4a. Applications that support those SOCKS versions may or may not
resolve remotely depending on individual coders' preferences and how
well they coded them. In fact if you'd have been paying any attention
at all you might have saved yourself this considerable embarrassment by
my having already schooled you regarding the fact that at least in some
scenarios, it's a configurable client software option.
> Aren't you just a fudge packing Foley supporter?
No, but you're undeniably sub-clueless about SOCKS, DNS, software
setup/operation, tying your shoes, etc....
| |
| Nomen Nescio 2006-10-03, 1:13 pm |
| > well they coded them. In fact if you'd have been paying any attention
> at all you might have saved yourself this considerable embarrassment by
> my having already schooled you regarding the fact that at least in some
> scenarios, it's a configurable client software option.
Pompous XXXXXXX
| |
| George Orwell 2006-10-03, 7:15 pm |
| Nomen Nescio wrote:
>
> Pompous XXXXXXX
You misspelled "100% correct pompous XXXXXXX", junior.
| |
| Freeman 2006-10-04, 1:16 am |
| On Tue, 3 Oct 2006 07:40:07 +0200 (CEST), George Orwell
<nobody@mixmaster.it> wrote:
>Freeman wrote:
>
>
>No. Assuming everything is set up and working properly the traffic
>leaving the Tor exit node can't be traced back to you.
>
>browsers because few news clients have native SOCKS (Tor) support, and
>whether or not their DNS requests are in line with how utilities like
>SocksCap/FreeCap operate is always a matter for concern.
>Your best bet is to install some sort of packet sniffer and examine
>what's being sent out first hand. It's easy enough to distinguish
>between encrypted and unencrypted traffic, and/or see which IP address
>a traffic is being sent to (your DNS server, a Tor node, etc.).
I'm using Agent. via Freecap. When I run CurrPorts, it tells me
Agent's Local Address and Remote Address are 127.0.0.1. How does a
packet sniffing program tell me if my DNS requests are being handled
the way I want, and is there a specific program you would recommend?
Is the DNS lookup only done once at the start of a session, or at each
reconnect/login, or for every download?
I've been trying hard to learn all this stuff on my own but it is a
bit daunting!
>Firefox being fine if configured properly with
>network.proxy.socks_remote_dns and network.proxy.socks_version,
FoxyProxy set up my Firefox browser for "Manual Proxy Configuration",
HTTP Proxy 127.0.0.1, port 8118, for "all protocols" using SOCKS v5,
and "Use SOCKS proxy for DNS lookups" is checked. I am also running
Privoxy, but I think FoxyProxy said that's unnecessary. Are these
settings where I want them to be? Thanx so much, again!!!!
| |
| Fred C Dobbs 2006-10-04, 1:16 am |
| In article <gth5i25a2iln1jitf9eqis3t5lpf4ucm5f@4ax.com>
Freeman <Freeman@here.net> wrote:
>
> On Tue, 3 Oct 2006 07:40:07 +0200 (CEST), George Orwell
> <nobody@mixmaster.it> wrote:
>
>
> I'm using Agent. via Freecap. When I run CurrPorts, it tells me
> Agent's Local Address and Remote Address are 127.0.0.1. How does a
> packet sniffing program tell me if my DNS requests are being handled
> the way I want, and is there a specific program you would recommend?
> Is the DNS lookup only done once at the start of a session, or at each
> reconnect/login, or for every download?
>
> I've been trying hard to learn all this stuff on my own but it is a
> bit daunting!
>
>
> FoxyProxy set up my Firefox browser for "Manual Proxy Configuration",
> HTTP Proxy 127.0.0.1, port 8118, for "all protocols" using SOCKS v5,
> and "Use SOCKS proxy for DNS lookups" is checked. I am also running
> Privoxy, but I think FoxyProxy said that's unnecessary. Are these
> settings where I want them to be? Thanx so much, again!!!!
First, don't listen to this XXXXXXX.
Programs don't do DNS lookups on their own, they use system calls
through the OS.
Sockscap allows you to resolve all names remotely.
Don't know if freecap does this, I don't use it.
Second, get ethereal http://www.ethereal.com/ and sniff your packets.
Have fun
| |
| Fred C Dobbs 2006-10-04, 1:16 am |
| In article <2f837e6849e0121304add28bca6336ad@dizum.com>
Nomen Nescio <nobody@dizum.com> wrote:
>
>
> Pompous XXXXXXX
Dangerous XXXXXXX, spreading misinformation to the uninformed.
| |
| Fred C Dobbs 2006-10-04, 1:16 am |
| In article <gth5i25a2iln1jitf9eqis3t5lpf4ucm5f@4ax.com>
Freeman <Freeman@here.net> wrote:
>
> On Tue, 3 Oct 2006 07:40:07 +0200 (CEST), George Orwell
> <nobody@mixmaster.it> wrote:
>
>
> I'm using Agent. via Freecap. When I run CurrPorts, it tells me
> Agent's Local Address and Remote Address are 127.0.0.1. How does a
> packet sniffing program tell me if my DNS requests are being handled
> the way I want, and is there a specific program you would recommend?
> Is the DNS lookup only done once at the start of a session, or at each
> reconnect/login, or for every download?
>
> I've been trying hard to learn all this stuff on my own but it is a
> bit daunting!
>
>
> FoxyProxy set up my Firefox browser for "Manual Proxy Configuration",
> HTTP Proxy 127.0.0.1, port 8118, for "all protocols" using SOCKS v5,
> and "Use SOCKS proxy for DNS lookups" is checked. I am also running
> Privoxy, but I think FoxyProxy said that's unnecessary. Are these
> settings where I want them to be? Thanx so much, again!!!!
Did a little research on the Tor site.
Do you see this message in your log?
Your application (using socks5 on port %d) is giving Tor only an IP
address.
Applications that do DNS resolves themselves may leak information.
Consider
using Socks4A (e.g. via privoxy or socat) instead.
If you do, you have a problem, but how much of a problem can be debated.
| |
| George Orwell 2006-10-04, 7:14 am |
| Fred C Dobbs wrote:
> First, don't listen to this XXXXXXX.
That "XXXXXXX" apparently knows a whole lot more about networking than
you do.
>
> Programs don't do DNS lookups on their own, they use system calls
> through the OS.
Indeed. All networking is done by way of "system calls" and yet... some
programs resolve remotely and some don't. Which makes your profound
revelation mildly amusing, but useless as far as answering anything
the poster wants to know.
> Sockscap allows you to resolve all names remotely.
Allows, doesn't force.
First of all, Sockscap is a utility that does little more than
intercept connect() calls. Since there's a number of other ways to
initialize a network connection it may or may not reroute a given
connection.
Second of all, Tor only speaks TCP. If you had any sort of clue at all
you'd know that "normal" name server lookups aren't even done via TCP
connections, and realize that getting Tor to handle them in the first
place is a kludge. You'd also realize that by design, almost every
network aware application on the face of the planet will fall back to
standard DNS calls if any "modified" calls fail.
So *if* a given program makes standard connect() calls, and *if* your
soxifying agent fully supports SOCKS4a/5, and *if* your program
has proper support for any proxy you've configured, you'll get remote
name resolutions.
That's a lotta if's, and we know for a fact that DNS leakage is a real
problem because of them.
> Second, get ethereal http://www.ethereal.com/ and sniff your packets.
Good grief you even screwed this up. Ethereal has been superseded. It's
obsolete.
http://www.wireshark.org/
Oh and by the way, why would you bother suggesting that someone sniff
network traffic in the first place, if you're you're so sure Sockscap
is infallible? Hmmmm?
*laugh*
| |
| Anonyma 2006-10-04, 7:14 am |
| Freeman wrote:
> I'm using Agent. via Freecap. When I run CurrPorts, it tells me
You need something that watches connections in real time, or you need
to get lucky with CurrPorts because DNS resolution happens pretty quick.
> Agent's Local Address and Remote Address are 127.0.0.1. How does a
> packet sniffing program tell me if my DNS requests are being handled
> the way I want, and is there a specific program you would recommend?
http://www.wireshark.org/
A packet sniffer allows you to capture network traffic in real time
and examine it at your leisure. If you're resolving domain names
locally you'll see both the connection to whatever name server you have
configured in your "standard" networking setup, as well as the plainly
readable text of the requested site itself. It will look quite different
from what you'll see for a remotely resolved Tor connection, which will
look like nothing but garbage or a connection to "localhost". So even if
you don't understand networking you should be able to spot DNS leaks.
> Is the DNS lookup only done once at the start of a session, or at each
> reconnect/login, or for every download?
The simple answer is that it's done whenever it needs to be done.
It depends on how you define "session". You idea of what constitutes a
session might be completely different than what your software sees as a
session. Does Agent "disconnect" from a news server between automatic
retrievals at whatever interval you configure, or does it use a
persistent connection and "keep alive" messages so that it only
disconnects when you close the program? I'm not sure, maybe someone
else knows. But for our purposes a "session" is defined as any single
connection. Not as how long you have Agent running, reading news from a
single news server.
> I've been trying hard to learn all this stuff on my own but it is a
> bit daunting!
>
>
> FoxyProxy set up my Firefox browser for "Manual Proxy Configuration",
> HTTP Proxy 127.0.0.1, port 8118, for "all protocols" using SOCKS v5,
> and "Use SOCKS proxy for DNS lookups" is checked. I am also running
> Privoxy, but I think FoxyProxy said that's unnecessary. Are these
> settings where I want them to be? Thanx so much, again!!!!
Firefox needs to be "tweaked" to make sure it does remote DNS if
you're using Tor alone, but you are apparently running through Privoxy
anyway so you should be fine. The 8118 thing is the port Privioxy
listens on. If Foxy had configured you for Tor only, it would have been
9050. Privoxy can be removed from the equation if you make sure Firefox
is configured for remote DNS through SOCKS proxy, and install a couple
plugins that deal with scripts and such. I think there's
| |
| Non scrivetemi 2006-10-04, 1:13 pm |
| X-Abuse-Contact: abuse@bananasplit.info
Xref: number1.nntp.dca.giganews.com alt.privacy.anon-server:440959
Fred C Dobbs wrote:
> Do you see this message in your log?
>
> Your application (using socks5 on port %d) is giving Tor only an IP
> address.
> Applications that do DNS resolves themselves may leak information.
> Consider
> using Socks4A (e.g. via privoxy or socat) instead.
>
> If you do, you have a problem, but how much of a problem can be debated.
Bullshit. The message means exactly what it says. Your application is
asking for a connection to an IP address not a FQDN. There's a couple
of things that can cause this, and only ONE of them is a problem.
| |
| Borked Pseudo Mailed 2006-10-04, 7:17 pm |
| Freeman,
there's not only the risk with DNS requests. You also have to be
aware, that all simultaneous internet tasks are handled by the same
Tor exit node. So all data you reveal by accidentally surfing the
Internet through the same Tor server chain you use(d) with your
newsserver can be assigned to your news account. Therefore all your
work has to be done one after another with sending "newnym" signals to
Tor (or "reload" / HUP or even restarting the Tor process) in between
to create new circuits.
That's why I myself prefer two separate Tor instances running at the
same time, one for web surfing with Firefox, controlled by Vidalia,
and a second one dedicated to Agent, controlled by OmniMix, which also
works as an anon proxy for all mail/news tasks.
As the Agent version you use doesn't support multiple newsservers, you
only have to copy the access data from the "User and System Profile"
of Agent to the "News" tab of OmniMix and set Agent to
News Server: localhost
Username: omnimix
Password: omnimix
Select Tor SOCKS / control ports (at "MixTor") that don't interfere
with the Vidalia installation (9150/9151), possibly 9152 and 9153, and
start Tor from within OmniMix. With "DNS check" being activated by
default, you see in the Tor log list, whether the DNS lookup is
correctly done through Tor. All those items are explained in the
manual.
Hope this helps.
Bye
|
|
|
|
|