[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor transparent proxy leaks?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor transparent proxy leaks?
From: Gregory Disney <gregory.disney@xxxxxxxxx>
Date: Mon, 1 Apr 2013 07:42:03 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 01 Apr 2013 07:42:17 -0400
In-reply-to: <1UMYPp-000PeM-R6@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1UMYPp-000PeM-R6@xxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Lol use a VPN with tor


On Mon, Apr 1, 2013 at 2:40 AM, James Russell <jamesrussell@xxxxxxxxxxx>wrote:

> After setting up my computer (Debian Squeeze 6.0) to transparently proxy
> all my traffic over tor, I decided to verify it by visiting
> check.torproject.org with chromium. It told me that I was using tor, so
> I thought everything was good. After that, just to be sure, I checked my
> connections with lsof, and got the following results:
>
> root@black-wind:/home/magus/# lsof -i -n -P
> COMMAND    PID       USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
> rpcbind   1984       root    6u  IPv4   4993      0t0  UDP *:111
> rpcbind   1984       root    7u  IPv4   4996      0t0  UDP *:887
> rpcbind   1984       root    8u  IPv4   4997      0t0  TCP *:111 (LISTEN)
> rpcbind   1984       root    9u  IPv6   5000      0t0  UDP *:111
> rpcbind   1984       root   10u  IPv6   5003      0t0  UDP *:887
> rpcbind   1984       root   11u  IPv6   5004      0t0  TCP *:111 (LISTEN)
> polipo    2274      proxy    0u  IPv4   6276      0t0  TCP
> 127.0.0.1:8118 (LISTEN)
> polipo    2274      proxy    1u  IPv4 516635      0t0  TCP
> 127.0.0.1:55414->127.0.0.1:9050 (CLOSE_WAIT)
> polipo    2274      proxy    5u  IPv4 202157      0t0  TCP
> 127.0.0.1:53717->127.0.0.1:9050 (CLOSE_WAIT)
> avahi-dae 2580      avahi   13u  IPv4   7394      0t0  UDP *:5353
> avahi-dae 2580      avahi   14u  IPv6   7395      0t0  UDP *:5353
> avahi-dae 2580      avahi   15u  IPv4   7396      0t0  UDP *:47014
> avahi-dae 2580      avahi   16u  IPv6   7397      0t0  UDP *:39872
> dhclient  2675       root    6u  IPv4   7539      0t0  UDP *:68
> dhclient  2675       root   20u  IPv4   7529      0t0  UDP *:24378
> dhclient  2675       root   21u  IPv6   7530      0t0  UDP *:56547
> tor       2686 debian-tor    4u  IPv4   7606      0t0  TCP
> 192.168.1.4:38300->188.138.104.154:443 (ESTABLISHED)
> tor       2686 debian-tor    7u  IPv4   6495      0t0  TCP
> 127.0.0.1:9050 (LISTEN)
> tor       2686 debian-tor    8u  IPv4   6496      0t0  UDP 127.0.0.1:53
> tor       2686 debian-tor    9u  IPv4   6497      0t0  TCP
> 127.0.0.1:9040 (LISTEN)
> tor       2686 debian-tor   10u  IPv4   6498      0t0  TCP
> 127.0.0.1:9051 (LISTEN)
> tor       2686 debian-tor   14u  IPv4 963741      0t0  TCP
> 127.0.0.1:9040->192.168.1.4:51136 (ESTABLISHED)
> tor       2686 debian-tor   15u  IPv4 182884      0t0  TCP
> 127.0.0.1:9050->127.0.0.1:53591 (ESTABLISHED)
> tor       2686 debian-tor   16u  IPv4   6571      0t0  TCP
> 192.168.1.4:37413->144.51.40.66:443 (ESTABLISHED)
> tor       2686 debian-tor   17u  IPv4   6606      0t0  TCP
> 192.168.1.4:44714->93.185.101.76:443 (ESTABLISHED)
> tor       2686 debian-tor   18u  IPv4 964951      0t0  TCP
> 127.0.0.1:9040->192.168.1.4:38331 (ESTABLISHED)
> tor       2686 debian-tor   19u  IPv4 964213      0t0  TCP
> 127.0.0.1:9040->192.168.1.4:47171 (ESTABLISHED)
> tor       2686 debian-tor   28u  IPv4  13205      0t0  TCP
> 127.0.0.1:9050->127.0.0.1:51685 (ESTABLISHED)
> tor       2686 debian-tor   29u  IPv4  10504      0t0  TCP
> 127.0.0.1:9050->127.0.0.1:51662 (ESTABLISHED)
> tor       2686 debian-tor   30u  IPv4 601334      0t0  TCP
> 127.0.0.1:9050->127.0.0.1:56632 (ESTABLISHED)
> tor       2686 debian-tor   31u  IPv4 602532      0t0  TCP
> 127.0.0.1:9050->127.0.0.1:56633 (ESTABLISHED)
> tor       2686 debian-tor   32u  IPv4 601518      0t0  TCP
> 127.0.0.1:9050->127.0.0.1:56634 (ESTABLISHED)
> tor       2686 debian-tor   36u  IPv4  14604      0t0  TCP
> 127.0.0.1:9050->127.0.0.1:51694 (ESTABLISHED)
> pidgin    3189      magus    8u  IPv4  13198      0t0  TCP
> 127.0.0.1:51685->127.0.0.1:9050 (ESTABLISHED)
> pidgin    3189      magus   11u  IPv4  10503      0t0  TCP
> 127.0.0.1:51662->127.0.0.1:9050 (ESTABLISHED)
> pidgin    3189      magus   14u  IPv4  15727      0t0  TCP
> 127.0.0.1:51694->127.0.0.1:9050 (ESTABLISHED)
> ssh       3882      magus    3r  IPv4 182883      0t0  TCP
> 127.0.0.1:53591->127.0.0.1:9050 (ESTABLISHED)
> ssh       4540      magus    3r  IPv4 602416      0t0  TCP
> 127.0.0.1:56632->127.0.0.1:9050 (ESTABLISHED)
> ssh       4541      magus    3r  IPv4 601423      0t0  TCP
> 127.0.0.1:56633->127.0.0.1:9050 (ESTABLISHED)
> ssh       4542      magus    3r  IPv4 602645      0t0  TCP
> 127.0.0.1:56634->127.0.0.1:9050 (ESTABLISHED)
> chromium  5495      magus   63u  IPv4 963465      0t0  TCP
> 192.168.1.4:51136->173.194.71.95:443 (ESTABLISHED)
> chromium  5495      magus   99u  IPv4 964203      0t0  TCP
> 192.168.1.4:38331->74.125.143.99:443 (ESTABLISHED)
> chromium  5495      magus  107u  IPv4 965144      0t0  TCP
> 192.168.1.4:47171->173.194.71.120:443 (ESTABLISHED)
>
> ... Why is chromium telling me that I'm using tor, when it seems pretty
> clear from lsof that I'm not? Am I doing something wrong? (See below)
>
> Since I know someone is going to ask, here are my iptables rules
> (They're the same rules found for setting up transparent proxying for a
> specific user as you find on the transparent proxy wiki page
> (https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy)
> except with the username changed to my regular login):
>
> iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner magus -m
> tcp -j REDIRECT --to-ports 9040
> iptables -t nat -A OUTPUT ! -o lo -p udp -m owner --uid-owner magus -m
> udp --dport 53 -j REDIRECT --to-ports 53
> iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner magus -m tcp
> --dport 9040 -j ACCEPT
> iptables -t filter -A OUTPUT -p udp -m owner --uid-owner magus -m udp
> --dport 53 -j ACCEPT
> iptables -t filter -A OUTPUT ! -o lo -m owner --uid-owner magus -j DROP
> iptables -A OUTPUT -p icmp -j REJECT
>
> I also want to point out that the only way I deviated from the
> instructions was to apply the rules to my regular user account, as
> opposed to creating a special "anonymous" user and sudoing to it any
> time I want to do something over tor.
>
> What gives?
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor transparent proxy leaks?
  - From: adrelanos

References:
- [tor-talk] Tor transparent proxy leaks?
  - From: James Russell

Prev by Author: Re: [tor-talk] Tor's reputation problem with pedo, some easy steps the community could take
Next by Author: Re: [tor-talk] NSA supercomputer
Previous by thread: [tor-talk] Tor transparent proxy leaks?
Next by thread: Re: [tor-talk] Tor transparent proxy leaks?
Index(es):
- Author
- Thread