[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] InjectSOCKS: 2nd try

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] InjectSOCKS: 2nd try
From: tor@xxxxxxxxxxxxxxxxx
Date: Tue, 17 Dec 2013 16:05:29 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 Dec 2013 10:06:08 -0500
In-reply-to: <20131212161025.GA7509@thessa>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Priority: normal
References: <52A21085.23133.377C51@xxxxxxxxxxxxxxxxxxxxx>, <52A76B12.14436.724F3A@xxxxxxxxxxxxxxxxxxxxx>, <20131212161025.GA7509@thessa>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hello David,

> Yes, UDP is simply not supported by Tor thus it will be rejected
> when opening the socket. Actually, it's not only UDP that should be
> blocked but *every* other protocol except TCP. For instance, there
> is no way to send icmp request through Tor thus we don't want that
> to leak.
...
> This is dangerous and the reason why it's denied is that the
> application  could easily make a DNS request for instance to a
> local server that will then resolve it on a remote one thus
> leaking.
> 
> You should really reconsider that, going locally can be fine but
> also really dangerous.

Thanks for all the advice. I've uploaded a new version now where the 
default behavior is to block any other sockets than TCP sockets and 
to block 127.x.x.x traffic.
However, there is the optional switch /a to allow this as some 
software just needs it, e.g. Internet Explorer uses local UDP traffic 
to communicate between its processes. So the user can decide per 
process which mode to use.
The new version also has some additional tweaks and fixes.

Concerning the upper "security" feature I think that everybody using 
a software like InjectSOCKS should be aware that there are a lot of 
ways to bypass all this. You shouldn't rely on it. The goal of 
InjectSOCKS is to use software together with Tor (or other SOCKS 
servers) even if it doesn't support this. Creating a sandbox or 
disabling malware is not the goal of InjectSOCKS.
There are other tools for that and it's a good idea to have a 
firewall preventing any "bad" traffic.

Well, at least it's a proof of concept that you can manipulate the 
process behavior using this technique :-)

> I'll take a look at it and if I can find a Windows, test it.

If you just want to test it you could use the official Microsoft 
trial version running for 90 days or something like that.

> From that point on, I'll check how feasible it is to integrate what
> you did in the new torsocks code so we can have *nix and Windows
> support in the same tool, that would be quite awesome.

This sounds very interesting. My guess is that while the tools are 
similar, the internals are quite different. But this is just a guess 
:-)

Thanks for the effort.

Cheers
ghostmaker
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] InjectSOCKS: 2nd try
  - From: tor
- Re: [tor-dev] InjectSOCKS: 2nd try
  - From: tor
- Re: [tor-dev] InjectSOCKS: 2nd try
  - From: David Goulet

Prev by Author: Re: [tor-dev] InjectSOCKS: 2nd try
Next by Author: Re: [tor-dev] Gitian Build Failure (pt branch only?)
Previous by thread: Re: [tor-dev] InjectSOCKS: 2nd try
Next by thread: [tor-dev] Merge of Gitian PT build with 3.0-rc-1; next steps
Index(es):
- Author
- Thread