This is my fourth time trying to post this with Google. It's not
showing up for some reason.

I've been successful in Torifying mIRC from within SocksCap. It's
working for me. I use ZoneAlarm and only allow mIRC to have access to
127.0.0.1:9050. I don't allow it to have any other access or to act as
a server.

When I sniff my traffic with SmartSniff, I occasionally see my real IP
address being transmitted. Here's a sample>

GET /tor/server/d/..........................
HTTP/1.0
Host: 192.108.114.19:9030


HTTP/1.0 200 OK
Date: Thu, 17 May 2007 04:07:30 GMT
Content-Type: application/octet_stream
X-Your-Address-Is: xx.xxx.xxx.xxx
Content-Encoding: deflate
Pragma: no-cache


This is followed by the usual Tor encrypted gobbledy-gook. The
xx.xxx.xxx.xxx is my real IP. Am I correct in assuming that this
breaks anonymity, and this is something that Privoxy usually takes
care when you use Tor with a web browser.

If so, is there any way to take care of this?

B.O

[ Post a follow-up to this message ]

In article <1179385672.983613.288180@h2g2000hsg.googlegroups.com>
bodyodorismything@yahoo.com wrote:
>
> This is my fourth time trying to post this with Google. It's not
> showing up for some reason.

All 4 of your posts showed up.

> I've been successful in Torifying mIRC from within SocksCap. It's
> working for me. I use ZoneAlarm and only allow mIRC to have access to
> 127.0.0.1:9050. I don't allow it to have any other access or to act as
> a server.
>
> When I sniff my traffic with SmartSniff, I occasionally see my real IP
> address being transmitted. Here's a sample>
>
> GET /tor/server/d/..........................
> HTTP/1.0
> Host: 192.108.114.19:9030
>
>
> HTTP/1.0 200 OK
> Date: Thu, 17 May 2007 04:07:30 GMT
> Content-Type: application/octet_stream
> X-Your-Address-Is: xx.xxx.xxx.xxx
> Content-Encoding: deflate
> Pragma: no-cache

That is Tor connecting to a directory server and getting up to date
information about the tor network. Tor has to know what nodes are up,
where they are located, what their keys are...

That part doesn't need to be anonymous. The fact that you use Tor
isn't anonymous, what you use it for *is*. That also has nothing to do
with mIRC.

As a side note, you should be aware that mIRC looks up your own IP
address and passes it to the server in the USER string it sends when
it connects.

[ Post a follow-up to this message ]

Anonymous wrote:

>
> As a side note, you should be aware that mIRC looks up your own IP
> address and passes it to the server in the USER string it sends when
> it connects.


Sorry for the multiple posts. My posts didn't show up for several
hours after I posted them. Are you referring to the "Local Info" area
where mIRC attempts to fill in your local host and IP address? It
doesn't appear to be able to do that when I run it from within
SocksCap. Initially when I tried Torifying mIRC without SocksCap, by
just filling in the proxy info (like everyone told me to try it), it
would always find my real IP and fill it in there. When I run it from
SocksCap, it always has 127.0.0.1 (0.0.0.1) filled in.

And when I start up mIRC, it always says "Local Host: 127.0.0.1
(0.0.0.1)" instead of my real IP. That's why I started running it from
SocksCap to begin with. So, does that take care of the problem you
were referring to, or am I wrong about that too? Is there any way for
me to actually test what it's sending from within SocksCap? I can't
really tell because everything is encrypted by Tor. If it is still
sending my IP address despite my best efforts, is there another client
that won't do this?

Thanks

B.O

[ Post a follow-up to this message ]

bodyodorismyth...@yahoo.com wrote:
> Anonymous wrote:
> 
>
>
> Sorry for the multiple posts. My posts didn't show up for several
> hours after I posted them. Are you referring to the "Local Info" area
> where mIRC attempts to fill in your local host and IP address? It
> doesn't appear to be able to do that when I run it from within
> SocksCap. Initially when I tried Torifying mIRC without SocksCap, by
> just filling in the proxy info (like everyone told me to try it), it
> would always find my real IP and fill it in there. When I run it from
> SocksCap, it always has 127.0.0.1 (0.0.0.1) filled in.
>
> And when I start up mIRC, it always says "Local Host: 127.0.0.1
> (0.0.0.1)" instead of my real IP. That's why I started running it from
> SocksCap to begin with. So, does that take care of the problem you
> were referring to, or am I wrong about that too? Is there any way for
> me to actually test what it's sending from within SocksCap? I can't
> really tell because everything is encrypted by Tor. If it is still
> sending my IP address despite my best efforts, is there another client
> that won't do this?
>
> Thanks
>
> B.O

I just wanted to say thanks for the help. I tried sniffing my traffic
while web browsing with Tor, and I found that my IP was transmitted as
well. I'm surprised I never noticed that before. I've been using Tor
while web browsing and sniffing my traffic for years now. I guess I
must have forgotten or never noticed it. mIRC is a new program for me,
and it now seems that it's working correctly with Tor.

As far as mIRC being able to transmit my IP. I'm confident that it
can't transmit my IP address because it doesn't seem to even be able
to find my IP address when used with SocksCap (just 0.0.0.1). I don't
think mIRC transmits IP addresses anyway. I tried using mIRC without
any proxy, and I didn't notice it transmitting my IP. Obviously, the
remote server will still know my IP address if I'm not using a proxy,
but not due to anything mIRC is transmitting. I'll just continue using
SocksCap anyway, but I don't think it's necessary.

So, my only remaining concern is that occasionally (actually rarely),
Tor reports that there may be DNS request leaks. Again, my guess would
be that it's not really a leak but Tor is interpreting it that way due
to the way mIRC operates. Am I correct about that?

Thanks again.

B.O

[ Post a follow-up to this message ]

Here's a sample USER string when I connect with no proxy:

USER Anonymous "host" "irc.abjects.net" :xxxxx

It has my local host ("host") and my name (xxxxx) but no IP address. I
searched everything transmitted but found no IP address. mIRC did
correctly find my IP (when I'm not using SocksCap) but didn't transmit
it. The server I'm using to contact irc.abjects.net is correctly
listed. When I use no proxy then it's my local server. When I use a
proxy then it's the Tor node I'm using.

I'm currently using mIRC ver. 6.21. Perhaps this occurred in previous
versions or I'm just not searching correctly or interpreting the data
correctly.

B.O

Anonymous wrote:

>
> As a side note, you should be aware that mIRC looks up your own IP
> address and passes it to the server in the USER string it sends when
> it connects.

[ Post a follow-up to this message ]

bodyodorismything@yahoo.com wrote:

> I just wanted to say thanks for the help. I tried sniffing my traffic
> while web browsing with Tor, and I found that my IP was transmitted as
> well. I'm surprised I never noticed that before. I've been using Tor

No, it wasn't, at least not the way you think it was because it's not
possible for you to see it that way. If you IP was "transmitted" it was
either sent by some other program, or wen somewhere you really don't
have to worry about.

[ Post a follow-up to this message ]

bodyodorismything@yahoo.com wrote:
> This is my fourth time trying to post this with Google. It's not
> showing up for some reason.

Consider webmail2news http://eelbash.yi.org:8080


> When I sniff my traffic with SmartSniff, I occasionally see my real IP
> address being transmitted.


My theory is that the first Tor node still needs to know your IP and
that is why it is being transmitted, so:

YourIP>>TorIP1>>TorIP2>>TorIP3>>irc.server.com

Accept my theory at your own risk.


--

Customized News: http://news.spotback.com

[ Post a follow-up to this message ]

In article <464d6d05$0$36704$892e0abb@auth.newsreader.octanews.com>
macarro <email@is.invalid> wrote:
>
> bodyodorismything@yahoo.com wrote: 
>
> Consider webmail2news http://eelbash.yi.org:8080

Seeing as the guy is obviously interested in anonymity and privacy,
why would you suggest he use a web page that is run by a person who
has proven he hates both and admits logging, filtering, and censoring?

[ Post a follow-up to this message ]

macarro <email@is.invalid> wrote:

> bodyodorismything@yahoo.com wrote: 
>
> Consider webmail2news http://eelbash.yi.org:8080

Yes. Consider the fact that the person who owns that site can see every
single thing you do, and that person is known to monitor, log, censor,
harass, and even reveal the identities of his users to the general
public if he only mistakenly believes they're doing something this
person doesn't like.

Consider not using the services of a person that's so loony even
remailer operators themselves have excommunicated him completely. The
group of people most attuned to the ideals of free speech, refuse to
allow him to participate because he's such a nut.
 
>
>
> My theory is that the first Tor node still needs to know your IP and
> that is why it is being transmitted, so:

No. The entry node doesn't need to know your IP, it *does* know your IP
because without that knowledge nothing would work at all.  But the
poster is *not* seeing what he believes he's seeing because that
information is encrypted before it ever reaches your network card, the
point at which all packet sniffers do their job. The poster is either
seing the connection itself, or something else entirely. Not his IP
being "transmitted" to the entry node over a Torified connection.

[ Post a follow-up to this message ]

Anonymous wrote:
> In article <464d6d05$0$36704$892e0abb@auth.newsreader.octanews.com>
> macarro <email@is.invalid> wrote: 
>
> Seeing as the guy is obviously interested in anonymity and privacy,
> why would you suggest he use a web page that is run by a person who
> has proven he hates both and admits logging, filtering, and censoring?
>
My theory being that it is sure that Great Britain has infiltrated the
remailer network with a rogue logging remailer. Great Britain and the
USA in less measure have a long proven record of not allowing anyone to
keep their privacy and spying on their own citizens.

Much better having your emails read by someone who can't manage a
remailer with skill than a 1st class remailer managed from by big brother.

--

Customized News: http://news.spotback.com

[ Post a follow-up to this message ]