[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: FTP with Tor

> 1) "the fact that an application speaks socks 4a doesn't mean the dns
> leakage problem is not present." Oh. Can you perhaps explain the
> significance of socks4a for me? Why is it so important to Tor if it is not
> related to this DNS issue? Isn't the importance of Privoxy something to do
> with it enabling Tor to be used as a Socks4a proxy as opposed to a Socks4
> or Socks5 proxy?

Socks4a takes an unresolved address (e.g. 'foo.foo.com') and passes that on,
so only the final link in the chain is responsible for resolving that into
an IP address.  My understanding is that the other Socks protocols have the
client do the address resolution.  If you are using your ISP's DNS, this
means that your ISP *could* identify the addresses you are resolving.  How
much of a risk you see this as depends on your level of paranoia - I run
without Privoxy and don't lose sleep over it.  That said, I also run my own
DNS server which I would assume would reduce the risk of this attack (can
anyone comment on this?).

There are other reasons to run Privoxy (i.e. stripping info from your HTTP
headers), but I have tried it several times and found it cumbersome and
slow.  One day I will try to hunt down an alternative!

> 2) Is this valid?:  if I input an IP address to the FTP client, instead of
> domain name, then there will be no DNS issue cause it will of course not
> have to look up the corresponding IP address to the domain name - it
already > has the IP address!

Yes, this is quite right - and that's the point of tor-resolve.  It gets tor
to do the address resolution for you so you can use the IP address safely in
future without risking leaking DNS-lookup info.

> 3) With FTP - is it best to use Tor as a 1) Socks4a proxy 2) Socks4 proxy
> or  3) Socks 5 proxy?

If it's a static address, I'd say you're safest just using the IP address,
then it doesn't matter what Socks proxy settings you use.


-- A.