[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: privoxy problem on OpenBSD



On Thu, Jan 27, 2005 at 05:21:09AM -0000, slrner@xxxxxxxxxxxxxxxxxxxxx wrote:
> >If I enable privoxy as well as TOR, the first one or 2 selected links
> >will download, and thereafter it will hang forever.  The fact that
> >it works for a few links suggests to me that the configuration is
> >correct.

Does just using Privoxy (without Tor) work?

Do the privoxy logs indicate anything different or unusual when you add
Tor into the loop?

> So I used tor-resolve on a website to get the IP address. This took
> quite a while, so it probably was using TOR.  Then I cut-and-pasted
> the IP address into Firefox and hit return.  The TOR error log came
> back with the usual message that my DNS was being leaked. 
> 
> Jan 26 15:08:19.763 [warn] fetch_from_buf_socks(): Your application
> (using socks4 on port 80) is giving Tor only an IP address.
> Applications that do DNS resolves themselves may leak information.
> Consider using Socks4A (e.g. via privoxy or socat) instead. 
> 
> My questions are:
> 
> 1. Is the DNS still leaked if a numerical IP addess is given to the browser?

"Maybe."

It depends how the browser resolves the address. I can imagine some
browsers that don't bother to see if it looks like an IP address first,
and just hand the string "18.244.0.188" to their dns server. If this
dns server lives on a remote machine, then you could have troubles.

Can anybody here speak to how common this is in practice?

> 2. If not, and the error message is spurious, then is there any way to get
> tor-resolve and tor to talk directly, without a cut-and-paste between windows?

Not easily.

When your application speaks socks4 or socks5 (the variant that hands
only an IP to Tor) rather than socks4a, there's no way for Tor to
determine whether the application got that IP safely or not. I'd like
to come up with a better way to do that warning, but I'm not sure how
that should work.

Thanks,
--Roger