[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Lynx leaks DNS

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Lynx leaks DNS
From: Jim McClanahan <jimmymac@xxxxxxxxxx>
Date: Sat, 27 Jun 2009 01:48:42 -0600
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 27 Jun 2009 04:33:42 -0400
References: <134454.24859.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Phil wrote:
> 
> I realize this needs a fix not a workaround, but if a workaround is enough for now you could try running lynx via proxychains --> tor
> 
> Proxychains might grab all the DNS requests.

Thanks for your response.  Now that I know lynx doesn't leak DNS when
the protocol (e.g. http://) in included, using full URLs is enough of a
"workaround" for me.  (And a relief that I haven't been leaking all of
this time.)  For everybody's information, I think I learned more about
the leaks while I was playing with proxychains.  It *appears* that lynx
is using DNS to try variations on the supplied name to find one that
works.  (Maybe there is an option to stop this?)  So while I have a
solution for myself, I think people using lynx with tor ought to be
warned about this.

> You could also probably leave privoxy in the proxy chain or test it with and without.
> 
> I haven't tried this with lynx, but proxychains does work with tor.

I have tried using proxychains to chain to privoxy.  Trying to chain
directly to Tor would require more fiddling and I haven't tried that.
Lynx couldn't get to the website *and* it DNS leaked.  Maybe I didn't
have it configured correctly?  (privoxy is listening on
192.168.1.27:8119)

The non-comment, non-blank lines of the configuration file were:

    strict_chain
    tcp_read_time_out 15000
    tcp_connect_time_out 10000  
    [ProxyList]
    http    192.168.1.27 8119

I used the command:  proxychains lynx http://torcheck.xenobite.eu

With tcpdump I saw a DNS query, a TCP handshake with Privoxy, and then
proxychains terminated the connection.  The page request was not logged
in Privoxy's logfile.   proxychains reported:
"strict chain:....192.168.1.27:8119..broken", and backgrounded and
stopped lynx.

# tcpdump -nni eth0 not tcp port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
23:20:08.950239 IP 192.168.2.102.42865 > 65.247.xx.xx.53: 28346+ A?
torcheck.xenobite.eu. (38)
23:20:08.952037 IP 65.247.xx.xx.53 > 192.168.2.102.42865: 28346 1/2/2 A
217.160.111.190 (137)
23:20:08.952807 IP 192.168.2.102.51357 > 192.168.1.27.8119: S
3021896822:3021896822(0) win 5840 <mss 1460,sackOK,timestamp 709785
0,nop,wscale 5>
23:20:08.954018 IP 192.168.1.27.8119 > 192.168.2.102.51357: S
3677520579:3677520579(0) ack 3021896823 win 5792 <mss
1460,sackOK,timestamp 4633540 709785,nop,wscale 2>
23:20:08.954052 IP 192.168.2.102.51357 > 192.168.1.27.8119: . ack 1 win
183 <nop,nop,timestamp 709785 4633540>
23:20:08.954245 IP 192.168.2.102.51357 > 192.168.1.27.8119: F 1:1(0) ack
1 win 183 <nop,nop,timestamp 709785 4633540>
23:20:08.955321 IP 192.168.1.27.8119 > 192.168.2.102.51357: P 1:54(53)
ack 2 win 1448 <nop,nop,timestamp 4633540 709785>
23:20:08.955353 IP 192.168.2.102.51357 > 192.168.1.27.8119: R
3021896824:3021896824(0) win 0
23:20:08.955686 IP 192.168.1.27.8119 > 192.168.2.102.51357: F 54:54(0)
ack 2 win 1448 <nop,nop,timestamp 4633540 709785>
23:20:08.955702 IP 192.168.2.102.51357 > 192.168.1.27.8119: R
3021896824:3021896824(0) win 0

References:
- Re: Lynx leaks DNS
  - From: Phil

Prev by Author: Re: Lynx leaks DNS
Next by Author: Question About Security Threat from Tor
Previous by thread: Re: Lynx leaks DNS
Next by thread: A Few Random Thoughts...
Index(es):
- Author
- Thread