[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Confused about Tor settings

Hash: RIPEMD160

jon smith wrote:
> Hi,
> I'd installed the vidalia-bundle-
> and set up Firefox (Mac) exactly as shown
> here:
> http://tor.eff.org/docs/tor-doc-web.html.en
> i.e. the first four set to "localhost  Port: 8118",
> and SOCKS Host to "localhost  Port: 9050"
> This seemed to work according to the recommended test
> sites. But then I read somewhere that the "use proxy
> server for all protocols" box should be ticked. Which
> made no sense to me as that sets SOCKS Host to
> Port:8118 anyway. So I installed Torbutton 1.0.4
> thinking it'd do it all for me. But that set both the
> FTP Proxy and Gopher to "<blank> Port: 0". I emailed
> the creator of Torbutton who kindly explained that
> this is correct as otherwise ftp connections (set to
> 8118) would fail. I had thought that was supposed to
> happen (to prevent DNS leaks...or something). I've
> also read that if your browser uses SOCKS 4a you
> should use that (instead of the SOCKS v5 setting).
> This is hopelessly confusing to me. I've tried to
> understand the notes, but can't get my brain around
> any of this stuff. Could anyone please confirm/explain
> to a moron the exact, correct settings? Or is this
> just not for folk like me? 

The exact correct settings are:

http proxy: address: localhost port: 8118
https proxy: address: localhost port: 8118

leave the gopher and ftp blank. i'm not sure if anyone actually even
uses gopher anymore, i remember learning about it back in the mid
nineties but i can't even remember now what it was even used for... as
for the ftp, i'm really not sure what should be used, i don't think the
socks proxy works, and http definitely doesn't... the general thing is
to not set it to anything. i think it has been mentioned somewhere
before but ftp links are one way to nab a tor user's ip address (any
further advice on that would be much appreciated)

socks proxy: address: localhost port: 9050

just to clarify, when you set the ftp proxy to the tor 9050 port, you
get this:

- --8<--snip--8<--

Tor is not an HTTP Proxy

It appears you have configured your web browser to use Tor as an HTTP
proxy. This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.
Please configure your client accordingly.

See http://tor.eff.org/documentation.html for more information.

- --8<--snip--8<--

and when you set it to address: <nothing> port: 0 it sorta just sits
there trying to find it and nothing happens. which is preferable to
accidentally going to an ftp server with one's real ip address when this
was not intended.

The sock 4a protocol (as opposed to socks 4 and socks 5, which are the
two socks protocols supported by most of the current browsers) passes on
DNS requests to the other end of the proxy chain. With tor that means
the address is resolved by the exit node in your tor proxy chain. if the
application supports it, that's what happens. Sadly most applications
don't support socks 4a.

I think this is because many internet connections which require proxies
provide a directly linked DNS server address on the ISP's intranet,
which is the same netmask (network domain) as your ppp link (ppp, aka
point to point protocol), even in these days of digital internet lines,
is still the main protocol used between isp customers and isp's
networks, and the ppp link gets an address and a dns, but, well not so
commonly now, but it still happens, one cannot actually get out to the
internet because one is not given a gateway (a gateway is an ip address
which any address not within an intranet is sent to as the 'gateway' to
the internet where the address may be found)

I personally don't understand why socks 5 doesn't do DNS requests at the
endpoint of the proxy chain either. But that's how it is. These things
seem to have been developed for the convenience of specific inflexible
ways of running internet connections in the olden days of dialup
connections and back in the days before instant messaging, file sharing,
streaming media and so forth, only web browsers and ftp clients (and,
obviously, gopher clients) were allowed through these proxied internet

oh yes, and part of the story was also that dialup clients weren't given
ip addresses in the ISP's network domain either.

it's quite astounding that they were that stingy with ip addresses in
those days when ip addresses were so amply over-supplied and now
everyone gets one even though they are in short supply...

it's really not that odd when you think about how many obfuscated access
systems you encounter every day with banks and government departments
and large corporations, the current trend with DRM is a classic example.
 it seems to me that when an organisation gets beyond a certain size
they are more interested in keeping clients out than servicing them.

anyway, enough of that rant, i hope that clears things up for you.
examining the history of this nonsense shows you how it's ended up so
bureaucratically stupid.

which brings something to mind...

when is tor going to run a local dns proxy so this dns leak garbage is
done away with.

also, what about the idea of lobbying, at least the mozilla development
team, to support socks 4a? or maybe someone has an idea for an extension
to support socks 4a?

and a solution to proxying ftp? obviously tor is not popular enough yet
for this to be a major dns leak point but considering tor doubled in the
last 12 months in its bandwidth capacity and usage, it's just a matter
of time before unscrupulous people intentionally use it to nab tor users
ip addresses without their knowledge.

my 2 cents
Version: GnuPG v1.4.5 (GNU/Linux)