[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

(forw) [Re: Squid Proxy Causes Unavoidable DNS Leaks]



Forwarding because there was confusion with my email address.

----- Forwarded message from Marcel <u-281@xxxxxxx> -----

Date: Mon, 12 Sep 2005 15:18:46 -0400
To: or-talk@xxxxxxx
User-Agent: Mutt/1.5.10i
From: Marcel <u-281@xxxxxxx>
Subject: Re: Squid Proxy Causes Unavoidable DNS Leaks

* ADB (firefox-gen@xxxxxxx) wrote:
> Good research there, friend. Can you test this out and let us all know 
> what the procedure is, assuming it works?
> ~Andrew

Unfortunately I cannot, I'm not as good in C language as I would be.  I
tried for 6h yesterday just to figure out how to pass arguments to spawnv
and had problems with localhost:9050.  Seriously 6h!  Someone more fluent
in C should do this within a few minutes.  More to come, actually I'm
experimenting with a local dns server: dnsmasq which forwards all dns
requests to outside nameservers.  Intervention at that level could solve
all dns leaks forever since it intercepts them all.

Marcel
Gingkobiloba tor server.


> 
> u-281@xxxxxxx wrote:
> 
> >Hi
> >
> >Very interesting!!!
> >
> >Squid can be compiled with the option --disable-internal-dns, and 
> >configured to
> >use an external dns server (dnsserver).  I think replacing the line
> >gethostbyname in dnsserver.c by something like 
> >spawnv("/usr/bin/tor-resolve",
> >buf, localhost:9050, NULL); could do it to use tor network for dns 
> >requests. Then one could grab the result from tor-resolve and send it back 
> >to dnsserver. I'm not that fluent in C to accomplish this, but it seems to 
> >be a viable
> >solution.
> >
> >It could be tested easily:
> >echo tor.eff.org | dnsserver
> >
> >Another solution could be to modify tor-resolve to accept requests in that 
> >form
> >too: echo tor.eff.org | tor-resolve.
> >
> >Thus maybe squiq could use tor-resolve directly as its dns_program.
> >
> >Just some thoughts I had yesterday.
> >
> >Take care!
> >
> >
> >
> >
> > 
> >

----- End forwarded message -----