[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor transparent proxy leaks?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Tor transparent proxy leaks?
From: James Russell <jamesrussell@xxxxxxxxxxx>
Date: Mon, 01 Apr 2013 06:40:50 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 01 Apr 2013 03:57:33 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tormail.org; s=tm; h=Message-Id:X-TorMail-User:Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date; bh=iePhKIH71gmE03kwDiH6uDxk6lsC8QRHvNWfifaS2iw=; b=SpxNQlO9MxwAN6LDKqiI5ebzT4kOB158kN4eT2VvfKNg36thTTEfK5coLLOda0dHLdEan157Y2cEF/zXc1L6lw8QVIcNk4wbpmf5f3IJ0Jx/XE++ra7Mqq/WCvXlTlVrg+vxhk0S4hvlANwy+/oA6AUkGuh+I7oL3NTVZhAs7Ns=;
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

After setting up my computer (Debian Squeeze 6.0) to transparently proxy
all my traffic over tor, I decided to verify it by visiting
check.torproject.org with chromium. It told me that I was using tor, so
I thought everything was good. After that, just to be sure, I checked my
connections with lsof, and got the following results:

root@black-wind:/home/magus/# lsof -i -n -P
COMMAND    PID       USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpcbind   1984       root    6u  IPv4   4993      0t0  UDP *:111
rpcbind   1984       root    7u  IPv4   4996      0t0  UDP *:887
rpcbind   1984       root    8u  IPv4   4997      0t0  TCP *:111 (LISTEN)
rpcbind   1984       root    9u  IPv6   5000      0t0  UDP *:111
rpcbind   1984       root   10u  IPv6   5003      0t0  UDP *:887
rpcbind   1984       root   11u  IPv6   5004      0t0  TCP *:111 (LISTEN)
polipo    2274      proxy    0u  IPv4   6276      0t0  TCP
127.0.0.1:8118 (LISTEN)
polipo    2274      proxy    1u  IPv4 516635      0t0  TCP
127.0.0.1:55414->127.0.0.1:9050 (CLOSE_WAIT)
polipo    2274      proxy    5u  IPv4 202157      0t0  TCP
127.0.0.1:53717->127.0.0.1:9050 (CLOSE_WAIT)
avahi-dae 2580      avahi   13u  IPv4   7394      0t0  UDP *:5353
avahi-dae 2580      avahi   14u  IPv6   7395      0t0  UDP *:5353
avahi-dae 2580      avahi   15u  IPv4   7396      0t0  UDP *:47014
avahi-dae 2580      avahi   16u  IPv6   7397      0t0  UDP *:39872
dhclient  2675       root    6u  IPv4   7539      0t0  UDP *:68
dhclient  2675       root   20u  IPv4   7529      0t0  UDP *:24378
dhclient  2675       root   21u  IPv6   7530      0t0  UDP *:56547
tor       2686 debian-tor    4u  IPv4   7606      0t0  TCP
192.168.1.4:38300->188.138.104.154:443 (ESTABLISHED)
tor       2686 debian-tor    7u  IPv4   6495      0t0  TCP
127.0.0.1:9050 (LISTEN)
tor       2686 debian-tor    8u  IPv4   6496      0t0  UDP 127.0.0.1:53
tor       2686 debian-tor    9u  IPv4   6497      0t0  TCP
127.0.0.1:9040 (LISTEN)
tor       2686 debian-tor   10u  IPv4   6498      0t0  TCP
127.0.0.1:9051 (LISTEN)
tor       2686 debian-tor   14u  IPv4 963741      0t0  TCP
127.0.0.1:9040->192.168.1.4:51136 (ESTABLISHED)
tor       2686 debian-tor   15u  IPv4 182884      0t0  TCP
127.0.0.1:9050->127.0.0.1:53591 (ESTABLISHED)
tor       2686 debian-tor   16u  IPv4   6571      0t0  TCP
192.168.1.4:37413->144.51.40.66:443 (ESTABLISHED)
tor       2686 debian-tor   17u  IPv4   6606      0t0  TCP
192.168.1.4:44714->93.185.101.76:443 (ESTABLISHED)
tor       2686 debian-tor   18u  IPv4 964951      0t0  TCP
127.0.0.1:9040->192.168.1.4:38331 (ESTABLISHED)
tor       2686 debian-tor   19u  IPv4 964213      0t0  TCP
127.0.0.1:9040->192.168.1.4:47171 (ESTABLISHED)
tor       2686 debian-tor   28u  IPv4  13205      0t0  TCP
127.0.0.1:9050->127.0.0.1:51685 (ESTABLISHED)
tor       2686 debian-tor   29u  IPv4  10504      0t0  TCP
127.0.0.1:9050->127.0.0.1:51662 (ESTABLISHED)
tor       2686 debian-tor   30u  IPv4 601334      0t0  TCP
127.0.0.1:9050->127.0.0.1:56632 (ESTABLISHED)
tor       2686 debian-tor   31u  IPv4 602532      0t0  TCP
127.0.0.1:9050->127.0.0.1:56633 (ESTABLISHED)
tor       2686 debian-tor   32u  IPv4 601518      0t0  TCP
127.0.0.1:9050->127.0.0.1:56634 (ESTABLISHED)
tor       2686 debian-tor   36u  IPv4  14604      0t0  TCP
127.0.0.1:9050->127.0.0.1:51694 (ESTABLISHED)
pidgin    3189      magus    8u  IPv4  13198      0t0  TCP
127.0.0.1:51685->127.0.0.1:9050 (ESTABLISHED)
pidgin    3189      magus   11u  IPv4  10503      0t0  TCP
127.0.0.1:51662->127.0.0.1:9050 (ESTABLISHED)
pidgin    3189      magus   14u  IPv4  15727      0t0  TCP
127.0.0.1:51694->127.0.0.1:9050 (ESTABLISHED)
ssh       3882      magus    3r  IPv4 182883      0t0  TCP
127.0.0.1:53591->127.0.0.1:9050 (ESTABLISHED)
ssh       4540      magus    3r  IPv4 602416      0t0  TCP
127.0.0.1:56632->127.0.0.1:9050 (ESTABLISHED)
ssh       4541      magus    3r  IPv4 601423      0t0  TCP
127.0.0.1:56633->127.0.0.1:9050 (ESTABLISHED)
ssh       4542      magus    3r  IPv4 602645      0t0  TCP
127.0.0.1:56634->127.0.0.1:9050 (ESTABLISHED)
chromium  5495      magus   63u  IPv4 963465      0t0  TCP
192.168.1.4:51136->173.194.71.95:443 (ESTABLISHED)
chromium  5495      magus   99u  IPv4 964203      0t0  TCP
192.168.1.4:38331->74.125.143.99:443 (ESTABLISHED)
chromium  5495      magus  107u  IPv4 965144      0t0  TCP
192.168.1.4:47171->173.194.71.120:443 (ESTABLISHED)

... Why is chromium telling me that I'm using tor, when it seems pretty
clear from lsof that I'm not? Am I doing something wrong? (See below)

Since I know someone is going to ask, here are my iptables rules
(They're the same rules found for setting up transparent proxying for a
specific user as you find on the transparent proxy wiki page
(https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy)
except with the username changed to my regular login):

iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner magus -m
tcp -j REDIRECT --to-ports 9040
iptables -t nat -A OUTPUT ! -o lo -p udp -m owner --uid-owner magus -m
udp --dport 53 -j REDIRECT --to-ports 53
iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner magus -m tcp
--dport 9040 -j ACCEPT
iptables -t filter -A OUTPUT -p udp -m owner --uid-owner magus -m udp
--dport 53 -j ACCEPT
iptables -t filter -A OUTPUT ! -o lo -m owner --uid-owner magus -j DROP
iptables -A OUTPUT -p icmp -j REJECT

I also want to point out that the only way I deviated from the
instructions was to apply the rules to my regular user account, as
opposed to creating a special "anonymous" user and sudoing to it any
time I want to do something over tor.

What gives?
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor transparent proxy leaks?
  - From: adrelanos
- Re: [tor-talk] Tor transparent proxy leaks?
  - From: Andrew Lewman
- Re: [tor-talk] Tor transparent proxy leaks?
  - From: Gregory Disney

Prev by Author: [tor-talk] Bridges from Tor-net?
Next by Author: Re: [tor-talk] Tor's reputation problem with pedo, some easy, steps the community could take
Next by thread: Re: [tor-talk] Tor transparent proxy leaks?
Index(es):
- Author
- Thread