[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?
From: Allen <allenpmd@xxxxxxxxx>
Date: Wed, 25 Oct 2017 16:54:08 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 25 Oct 2017 16:54:24 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Suy37upFg/rtMzahtxn2JrcfzCETdwWGuYVtf6a4Opk=; b=qXbqhM+1rAAWStuco2QOVck7RKJa5Rn9QOvEfiJEL9njr8tD4Jvk2DVTz4125Zd1Am B6GHiNOvjuKascs/o3mckGOb3hszDWtptt0Opj7YOM2eIlBtWSpJmPBYojvWZ6CE2L4c hOeJpYpLr6wTnhvzRhxsoz8YRFLMu8DGcdCn7lR0R4Tfd6hNBpLwKH5ZPY68fLfqKsPr UX+qmjUNUzMe3t9PdOoV9wJQczko31SvSfX6zsZkI1CT9YJSEVLIWIE4m1yzLtJiCMsv OxOeqxiqjS1iiyYGEq0H+TdXO+T8wPFTHctk6g2QXBOZUCMU0ILU9kv4dJKmBZztJ0QV CRnQ==
In-reply-to: <CAB7TAMnfzXX6ohAHFuAX7sO8YFKL1MN4qLvoqcP=vgdkL+L7Yg@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1508964126.2622.4.camel@ziggo.nl> <CAB7TAMnfzXX6ohAHFuAX7sO8YFKL1MN4qLvoqcP=vgdkL+L7Yg@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

or maybe better "dig @localhost:torport hostname +tcp"

On Wed, Oct 25, 2017 at 4:50 PM, Allen <allenpmd@xxxxxxxxx> wrote:
> and what happens if you use dig alone to talk directly to tor?
> something like "dig -p torport hostname +tcp" (see man dig)
>
> On Wed, Oct 25, 2017 at 4:42 PM, Rob van der Hoeven
> <robvanderhoeven@xxxxxxxx> wrote:
>> Hi Folks,
>>
>> I'm testing a small single-program transproxy program that I wrote (not
>> released yet). This program forwards DNS requests to the DNSPort of the
>> Tor daemon. During my tests I noticed something that worries me.
>>
>> With my program I can basically redirect network traffic from any
>> program to the DNSPort/TransPort of the Tor daemon. For fun I tried:
>>
>> dig hoevenstein.nl
>>
>> To my surprise I got an answer from one of the nameservers in my own
>> resolv.conf. It looks like the exit node blindly uses the nameserver
>> from the original request. Can anyone confirm this?
>>
>> I checked with wireshark, and no DNS queries are leaving my system,
>> also the query time indicates the request was done using the Tor
>> network.
>>
>> Leaking a users nameserver looks dangerous to me.
>> Can someone shine a light on this?
>>
>> Rob.
>> https://hoevenstein.nl
>>
>> =====================================
>> Here are the result of my experiment:
>> =====================================
>>
>> rob@jessie:~$ aorta -t dig hoevenstein.nl
>>
>> RUNNING dig hoevenstein.nl
>>
>> ; <<>> DiG 9.10.3-P4-Debian <<>> hoevenstein.nl
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61683
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;hoevenstein.nl.                        IN      A
>>
>> ;; ANSWER SECTION:
>> hoevenstein.nl.         3600    IN      A       94.211.74
>> .2
>>
>> ;; Query time: 178 msec
>> ;; SERVER: 89.101.251.228#53(89.101.251.228)
>> ;; WHEN: Wed Oct 25 21:39:03 CEST 2017
>> ;; MSG SIZE  rcvd: 48
>>
>> AORTA CLOSED ...
>>
>> rob@jessie:~$ cat /etc/resolv.conf
>> # Generated by NetworkManager
>> search dynamic.ziggo.nl
>> nameserver 89.101.251.228
>> nameserver 89.101.251.229
>>
>> Without using Tor:
>> ==================
>>
>> rob@jessie:~$ dig hoevenstein.nl
>>
>> ; <<>> DiG 9.10.3-P4-Debian <<>> hoevenstein.nl
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17152
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;hoevenstein.nl.                        IN      A
>>
>> ;; ANSWER SECTION:
>> hoevenstein.nl.         3600    IN      A       94.211.74
>> .2
>>
>> ;; Query time: 16 msec
>> ;; SERVER: 89.101.251.228#53(89.101.251.228)
>> ;; WHEN: Wed Oct 25 21:46:28 CEST 2017
>> ;; MSG SIZE  rcvd: 59
>>
>> --
>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?
  - From: Rob van der Hoeven

References:
- [tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?
  - From: Rob van der Hoeven
- Re: [tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?
  - From: Allen

Prev by Author: Re: [tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?
Next by Author: Re: [tor-talk] Need a stable .onion address hosted by the Tor project.
Previous by thread: Re: [tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?
Next by thread: Re: [tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?
Index(es):
- Author
- Thread