[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
From: coderman <coderman@xxxxxxxxx>
Date: Sat, 3 Mar 2012 12:12:53 -0800
Authentication-results: mr.google.com; spf=pass (google.com: domain of coderman@xxxxxxxxx designates 10.204.150.75 as permitted sender) smtp.mail=coderman@xxxxxxxxx; dkim=pass header.i=coderman@xxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 03 Mar 2012 15:13:07 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=AKfT8HyvEwvNItVUsDNR7oBIP5s5uALRQ58anS9jsP0=; b=Y0IltCDqjnoarIyjyF/2WizxXHYP2RInnoydG2afuupWTqEHohhPk1nNPnDihpRJbk k1H5SDmUQX7/RhyjFgiva8VfS/sWJIz5h1ehRuW1o4Wiz4zjpDXRCVJcNMYv/lMzakCH o0g3gTVALAO/W9MieseEs3vlSgXfm3WRAIcR6oJ7MirxzZ9FKcb5XCwMe+e8JM8rySyG 8RHF9xXwUTSU/xzFTf+6FkuNgsZaX5aSx2Dm1NqDzKzpjstqgqMkA5YGPffPWN+LdCOn e4JoJdnDYgMZNcFN9PNHXxII3xrkdiwAsYhxrZctnTyV/SeWQoY1sMH3Dc5tkb0c+eGW IVDA==
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Sat, Mar 3, 2012 at 12:33 AM,  <proper@xxxxxxxxxxxxxxx> wrote:
>...
> Application level leaks are problematic. We have a page which describes many of these problems including with workarounds (we recommend Tor Browser etc.).

these are significant if you are mixing tor and non-tor access on the
same system. much of this is covered in the thread, and the particular
risks are very specific to context and nature of use, as discussed.

> Anyway, transparent proxying should be still safer then socksifying.

yes. there are still poor and better ways to configure transparent proxy.

> The transparently proxied operating system does not know it's real external IP, only it's Tor exit IP. And can therefore never leak it's real external IP. ... DNS / UDP leaks are impossible. Real IP may also not leak, the operating system doesn't have a way to find it out.

this is not true; you must also prevent all local subnet access when
in this mode. this may entail removing IPv6 interfaces, changing the
default route to a /31 or /30 path, etc.

otherwise there are attacks which reflect or bounce traffic on the
local network to obtain public IP address or leak endpoint to an
attacker.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
  - From: Hggiu Uizzu

Prev by Author: Re: [tor-talk] Obtain real IP behind Tor transparent proxy; was: Operating system updates / software installation behind Tor Transparent Proxy
Next by Author: Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
Previous by thread: [tor-talk] custom icon for torbrowser?
Next by thread: Re: [tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]
Index(es):
- Author
- Thread