[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Confused about Tor settings



-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

i'm pretty sure someone has written some dns proxy that queries through
tor, i have a vague memory that it was only implemented in windows
however. i'm going to look into this because i think it'd be rather cool
to actually resolve all dns queries through tor, although sometimes that
may wind up with different ip addresses depending on the exit node doing
the query.

Claude LaFrenière wrote:
> Hi  *jon smith*   :
> 
> 
>> Bear with me; you guys are explaining electronics to a
>> dog here..but aren't some people e.g. Claude, saying
>> that SOCKS can still leak DNS?  
> 
> The DNS leaking comes from the application itself, 
> not socks...
> 
> If I don't block the internet access to the port 53 in UDP, 
> Firefox send a DNS request and the socks setup is no taking in account...
> 
> It's seems that socks are not completly supported by Firefox.
> (on Windows XP only ???? )
> 
> This can be checked on W xp with a (good) firewall log 
> or with a packet sniffer such as Ethereal or Packtyzer.
> 
>> I don't know how to
>> set Mac Tiger's firewall to block 'Claude's' UDP port
>> 53. I can see the option to block all UDP. But I think
>> Tiger's firewall is blocking everything on its list
>> anyway including ftp (although the "use passive ftp
>> mode" is ticked). Would it be safer re DNS leaks, if
>> not needing ftp, to use the original configuration and
>> point ftp and Gopher at Port 8118 and let them fail?
>> Would that solve the problem of DNS leaks? Or am I
>> still barking up the wrong tree? :)
> 
> I guess there is no relation between Ftp (active or passive mode) 
> and DNS leaks.
> 
> I checked with Google to find a sample ruleset for ipfw
> but it's seems that only the packets are filtered not a specific
> application. So how to do this? I have no idea ...  :-(
> 
> In this example I found no way to block a port/protocol to a specific application...
> http://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=0&manpath=FreeBSD+6.0-RELEASE&format=html
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFI1NnGkOzwaes7JsRA4ooAKCM15hTas2KdDBY371MDmkR7O0bpACgsj0R
9FX9mVYCi/LA8Csu92t4/j4=
=f8bJ
-----END PGP SIGNATURE-----