[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Reducing java leakage in windows
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Reducing java leakage in windows
- From: coderman <coderman@xxxxxxxxx>
- Date: Sun, 2 Dec 2007 12:10:43 -0800
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 02 Dec 2007 15:10:54 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=4fVbG81wtWr4Il/5icdoclYXrwmMyAt5cyQ2B5eqT00=; b=tVcTEjEaFPAjuIwABHmxPBdVGPCNRH+B5QiX93SpSs++tGPMNEuW2ibX1ai4na1mIMBNsNDZklMaHCN1VzIsnlkP7ZqEnIkXfjMp76S0DLTr0DZeityLXBIdDazQau4CTiEoSCgRYtnHZHhgvKqccMKGWLpg5FMT6hpkeyO+3Qc=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=S6cHkpmkeP+65bMDkm6JBqgdFzsnusCzRIonVJaD7TlV8HWG5itWkDbxVYWkMNBpGjeh8IIybBrfnbCOaCpnKjwE0R8p8TElwUQyO3ZQWh0ed1GiPphVTlyAXjlrSE1ME2/5noSH5N8Od/tn171K0cgh6TWfUcRZ24Ka/w7feM4=
- In-reply-to: <4753014C.7000408@xxxxxxxxx>
- References: <4753014C.7000408@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Dec 2, 2007 11:02 AM, Arrakis <arrakistor@xxxxxxxxx> wrote:
> It appears that Java attacks for causing external IP data to be leaked
> can be mitigated to some good degree. The upshot is that you can now run
> Java applets that even when attempting to phone home directly (revealing
> your IP), they are routed through the socks port
> ... [ discussion of deployment.properties for socks setup ]
the last time i looked into this (over a year ago) the socks proxy
settings, either 4 or 5, still did name lookup external to the proxy
(not 4a nor 5 with names). this means the same DNS resolution tricks
to leak your IP will work, even if the simpler "open a TCP sock to
eve" does not.
i think HD Moore's revealer used this as one of the tricks, so it
might be worth checking against that with an updated
deployment.properties to confirm.
if you really want to use java you should use it behind a transparent Tor proxy.
best regards,