[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Firefox IPv6 Anonymity bypass NOT A BUG
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Firefox IPv6 Anonymity bypass NOT A BUG
- From: "Ringo Kamens" <2600denver@xxxxxxxxx>
- Date: Sat, 27 Oct 2007 12:58:30 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sat, 27 Oct 2007 12:58:40 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=tPHWSUyFGLyPAGfWzjoBRjfatOrn2ksR7KylsJlBh3U=; b=iZ5SKIADGWCGW8AHtxQRsJHq3v+n41Vo+FqnNQJVOzBUjxkwQXF5ddX67195WzaKrSUmgA93hyxkQk20b93CbVYkDFnwxnghS5U0bgmH0FYr4q552cPSH+fuCkyZAjjKO16nyxuj9UvrHsUSxS0P2uCU64OPgIvsTyLLgKzlQkM=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VsY/8jd/Srt9aWSXNtGlBiSda1l99kMsP4C9KJgU3vt+LipmaiPB63/3cIR/bWxi1jvOBD2vLHj5xDlxBB4rIhz7nED5OGAWY3fUkzOIEyvbWTiLJH3ruuopYlDFD0feU9buDrtjVXzB0kbWv8TrfAEgT8xB3QpJbVWopnpkIcs=
- In-reply-to: <472283C3.6050202@xxxxxxxxx>
- References: <47210CCC.8010506@xxxxxxxxx> <472283C3.6050202@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Thanks for the clarification. It's much easier to understand now.
Comrade Ringo Kamens
On 10/26/07, Nick 'Zaf' Clifford <zaf@xxxxxxxxx> wrote:
> Nick 'Zaf' Clifford wrote:
> > Hey ya,
> > Just noticed one small problem with Tor + Firefox + IPv6.
> > I'm aware that Tor doesn't yet support IPv6, but I found an interesting
> > development with respect to a system that has IPv6 configured and working.
> Embarrassing confession time:
> When I first noticed this "bug", I didn't realize I'd set a proxy bypass
> for .nrc.co.nz (my local domain) a long time ago when doing other proxy
> testing. This meant when I went to a .nrc.co.nz address, it did so
> directly, bypassing any proxy.
> When I eventually started playing with Tor, I had forgotten about that
> setting (and use TorButton so never even looked at the proxy settings of
> The end result was that I went to a local system, it bypassed Tor (as
> I'd asked it to do).
> All of my systems here have IPv6 (and some of them don't have IPv4), so
> when I saw that I was able to connect to my internal network systems,
> supposedly via tor (having forgotten that I'd set that proxy bypass ages
> ago), I became suspicious, and looked at the system logs, saw my own
> IPv6 address, and went "Ah ha!". That lead to the above bug report.
> The questions you have all raised in response to my report (with
> reference to it being network.dns.IPv6, and asking if it still disabled
> numerical addresses), prompted me to do further testing, where I found
> conflicting results, that lead me to notice the .nrc.co.nz proxy bypass.
> So, after doing more testing, the results are:
> If you set up Firefox to use Privoxy and Tor, All requests go to Privoxy
> (this is obvious if you think about it, because otherwise Firefox would
> have to do DNS lookups on hostnames to notice they are IPv6, which would
> be a big huge leak).
> Privoxy takes the hostname, and does an IPv4 lookup (eg it doesn't
> support v6), so feeds the request through Tor as expected and desired.
> To round out the testing, and provide answers to all:
> If you give privoxy an IPv6 numerical address, eg:
> http://[2002:xxxxx:1]/, privoxy fails to recognise the address at all as
> being an IPv6 address, and therefore fails gracefully:
> Your request for http://[2002:xxxx:1]/ could not be fulfilled, because
> the domain name *[2002* could not be resolved.
> This is fine, and therefore I respectfully withdraw by bug report, and
> apologize to the Firefox developers, as I commented that it was probably
> a bug in Firefox.
> I'd also like to thank all of you on the mailing list who immediately
> recognized what this may have been (had it been accurate) and
> acknowledged my find and started fixing your own systems.
> So to everyone, stand down, not a bug, the problem was a PEBKAC (Problem
> Exists Between Keyboard And Chair)
> Nick Clifford