On Sat, Dec 29, 2007 at 07:54:28PM -0500, Ringo Kamens wrote: > I have a question regarding tsocks. According to > http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#DNSNote, tsocks > leaks DNS requests and it suggests I either use tor-resolve or apply the > patch at http://www.totalinfosecurity.com/patches/tor.php?. Does the tsocks > version in the Ubuntu repositories still have this problem (for instance, > when I do an apt-get install tor it automatically installs torify and > tsocks)? Would you suggest using the patch? I just read through the patch, but I haven't tried it out yet. If I'm understanding it right, it extends tsocks so that in addition to replacing connect() as usual, it also replaces gethostbyname(), getaddrinfo(), and so on with versions that use Tor's resolve facilities. It doesn't support reverse lookups. There are some weird bits to the code: the authors seem to be unaware of AutomapHostsOnResolve -- or maybe they didn't want to rely on having it turned on. In any case, they duplicate its functionality in something they call a "deadpool." They don't say what license their code is distributed under. Honestly, I'd test it out and see whether it works with any given application. For some applications, this approach will work; for some, it won't. You might also want to try recent alpha Tors' DNSPort feature; if you can get an application to use Tor as your resolver, you can be very sure indeed that no data is being leaked. yrs, -- Nick
Attachment:
pgpaKko93O1QE.pgp
Description: PGP signature