[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: proxychains DNS leaks stopped

To: or-talk@xxxxxxxxxxxxx
Subject: Re: proxychains DNS leaks stopped
From: "Kyle Williams" <kyle.kwilliams@xxxxxxxxx>
Date: Mon, 5 Jan 2009 23:34:56 -0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 06 Jan 2009 02:35:02 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=KikppEmtaICR88EElLetu86gYDIKvx67CdeIuXYGdW0=; b=V7Hp+SEoevRLP70lxIK9vXxqMSl6PbM+ZWjbGelHnM1NFrZmwqlsTPZd54wf+B58E9 JAaPYfm8j64zUjWpKCmvgoL9wYq+hGh3iIPZSgYhtwHf4JQle+TGFvwEpitVMsL+k21s 6fawz5NTk4by+LZJAAuxK2VYv3ZWHhPBFMFp4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=dCZk9rBCPt8g74dknyQkFNzafeDq1ZHejRmCt4MNcRhrCVN+eZpoHhGL8f2VWfIF7O kr05cIY8Yds1KjIrjc2jqRuA9Mvl11r+Vn114BF4WCJZS0rLbf2rfsIicNsCF3Pg+PXW tJQZrw4pe/tMvkdf2r16znx5tonOdZXXXCsUE=
In-reply-to: <20090106072536.GD19155@xxxxxxxxxxxxxx>
References: <200901060657.n066v1xf011500@xxxxxxxxxxxxx> <21f144250901052311j66815440vac815bb3c21eab74@xxxxxxxxxxxxxx> <20090106072536.GD19155@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Interesting...
I just did a test. As root I watched udp traffic using "tcpdump -i eth0 -net -s 65535 udp and host 192.168.XX.XX"
and didn't see any DNS request when I used "proxychains firefox http://check.torproject.org"

I did see this in the terminal that I launched proxychains from.
"
build@Janus-Dev-VM:~$ proxychains firefox http://check.torproject.org
ProxyChains-3.1 (http://proxychains.sf.net)
|DNS-request| check.torproject.org
|S-chain|-<>-127.0.0.1:9050-<><>-4.2.2.2:53-<><>-OK
|DNS-response| check.torproject.org is 209.237.247.84
|S-chain|-<>-127.0.0.1:9050-<><>-209.237.247.84:80-<><>-OK
"

Also worth mentioning, at the end of the default proxychains.conf file is:
"
# defaults set to "tor"
socks5 127.0.0.1 9050
"

Perhaps the author did have Tor in mind?
When I ran firefox without proxychains, I then say DNS request with tcpdump, as expected.

Hrm....I think it's working. If I'm wrong, could someone point out the flaw in my testing method?

Thanks!

- Kyle

On Mon, Jan 5, 2009 at 11:25 PM, Roger Dingledine <arma@xxxxxxx> wrote:

On Mon, Jan 05, 2009 at 11:11:13PM -0800, Kyle Williams wrote:
> Are you saying that the "proxy_dns" option in the proxychains.conf is in
> fact leaking DNS request?from the proxychains.conf file:
> "
> # Proxy DNS requests - no leak for DNS data
> proxy_dns
> "
>
> I thought it would resolve against the specified SOCKS 4/5 proxy. Is this
> not happening?

Socks doesn't have a notion of resolving. It only has a notion of
connecting (well, and binding, but we don't use that).

We hacked on our own notion of a 'resolve' socks request:
https://svn.torproject.org/svn/tor/trunk/doc/spec/socks-extensions.txt
and I'd be surprised if any other projects use our extension.

--Roger

References:
- proxychains DNS leaks stopped
  - From: Scott Bennett
- Re: proxychains DNS leaks stopped
  - From: Kyle Williams
- Re: proxychains DNS leaks stopped
  - From: Roger Dingledine

Prev by Author: Re: proxychains DNS leaks stopped
Next by Author: Re: TBB on XP again
Previous by thread: Re: proxychains DNS leaks stopped
Next by thread: Re: proxychains DNS leaks stopped
Index(es):
- Author
- Thread