Re: ff 1.5.0.7 2.0 (remote) dns leaks when using tor
(Just got back in town, am starting to plow through my mail) On Fri, Nov 17, 2006 at 03:38:12PM -0800, lester psigal wrote: Well, just so you don't feel that everyone is ignoring you, I'll voice most of our reactions: *shock*, *eyes popping*. Woops, time to turn privoxy back on (use HTTP proxy port 8118 and don't list anything in the SOCKS line). Actually, as far as I know, you should list at least http, https, and socks. The reason is that some plugins look at one proxy setting, and some look at others. And alas, some plugins don't look at any, which might be what you're experiencing. what i've forgot to mention that my installation of firefox uses torbutton 1.0.4 which is a firefox add-on preconfiguring the proxy settings for the vidalia bundle, that is http/s: localhost:8118 and socksv5 localhost:9050. that's alright so far. It shouldn't be Torbutton's fault. That's not to say it isn't, but if I were looking for a problem, Torbutton would be pretty far down on my list. It just changes Firefox's configuration, after all. i was wondering if i got a special problem with my installation or if that is a problem of a more general type, but according to the feedback and other (non-existent) postings it must be a special one, or perhaps a lot of people are thinking they surf anonymously but still leak their dns requests... Might well be. We need to test-and-document all configuration combinations, with all the weird extra software that people use. I would bet there are a wide variety of seemingly ok combinations that are actually bad. Plus, there are many seemingly bad combinations that people don't realize might be bad. :) anyway, i've tried to solve the problem more systematically: i've cleared the cache, tried some web addresses and checked the ethereal logs and it turns out that with the settings mentioned above on each url a local udp dns request occurs, while the tor log reads: - Nov 16 14:07:08:052 [Notice] fetch_from_buf_socks(): Your application (using socks4a on port 80) gave Tor a hostname, which means Tor will do the DNS resolve for you. This is good. - one log entry for each request privoxy makes. Looks good. These are coming from privoxy, which uses socks4a. this must be wrong because i'm using mozilla thunderbird with the torbutton add-on too (same settings). over here no local dns lookup occurs and the tor log entry reads: - Nov 16 14:26:24:434 [Notice] fetch_from_buf_socks(): Your application (using socks5 on port 995) gave Tor a hostname, which means Tor will do the DNS resolve for you. This is good. - which means thunderbird connects directly to the tor client and speaks socks v5 (and not socks 4a !). the dns query is resolved via the circuit as intended... Yep. Your thunderbird is talking pop3s, which is not http, so it can't use the http proxy setting. This is an example of one of the applications I mentioned above. So if you leave your socks proxy line blank, Thunderbird will go out directly, even if your http/https proxies are set. so i was expecting that firefox does the same: first resolve the dns name via the socks 5 tor client and then retrieve the http/s content via privoxy/tor... No, I believe your Thunderbird never does any http/https content, at least not in the examples you've pasted. also, i've recognized that the local dns queries are occuring when there is an direct user interaction with the browser like entering an url, selecting a bookmark, clicking a link etc. while requests from websites (when loading a page) seem to be resolved remotely (they do not show up in the ethereal logs but are requested in privoxy and log'ged by tor). unfortunately, i don't know if ff resolves dns by an own internal resolver thread or by delegating to the system which makes the whole thing worse. My first guess is that you have some other firefox plugin installed that does a dns lookup for everything you type. What other plugins/extensions do you have? --Roger
Re: ff 1.5.0.7 2.0 (remote) dns leaks when using tor
Thus spake lester psigal ([EMAIL PROTECTED]): then, i've tried different settings: setting ff's 'network.proxy.failover_timeout' to '-1' or '0' - no change (if a timeout occurs privoxy shows up with one of its error pages) leaving socks proxy line blank in ff's connection setting - no change setting all proxy protocols to privoxy port - no change disabling dns client service on win xp - no change disabling 'forward socks4a requests' directive in privoxy configuration - no change also, i've recognized that the local dns queries are occuring when there is an direct user interaction with the browser like entering an url, selecting a bookmark, clicking a link etc. while requests from websites (when loading a page) seem to be resolved remotely (they do not show up in the ethereal logs but are requested in privoxy and log'ged by tor). unfortunately, i don't know if ff resolves dns by an own internal resolver thread or by delegating to the system which makes the whole thing worse. so, usually i'm not easily frustated but over here i'm really missing a thing and i would not wonder if its a little configuration tweak i forgot about... Yeah, like others have said it is most likely some extension you are running. Maybe google toolbar, yahoo toolbar, something of this nature that interacts with each page? I tried watching Torbutton and socks-only and got no DNS leaks w/ ff 1.5, no matter what my timeout settings were. I did get a few Try Again timeout messages from firefox, but no leaks. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Re: ff 1.5.0.7 2.0 (remote) dns leaks when using tor
lester psigal [EMAIL PROTECTED] wrote: Thus spake lester psigal ([EMAIL PROTECTED]): i've got a setup for anonymous browsing using firefoxf 1.5.0.7 and lately ff 2 with privoxy and tor (vidalia bundle 0.0.7) on windows xp sp2. the ff configuration option 'network.proxy.socks_remote_dns ' is set to true, the setting 'network.proxy.failover_timeout' is set to 5 and the 'network.proxy.socks_version' is set to 5 but the ethereal logs show that firefox is still leaking dns requests, i.e. ff still does the lookups itself and does not delegate them to the proxy (which is not quite true: the dns requests are always delegated to the proxy and _sometimes_ to the local dns client too). to make it worse the leaks are occuring randomly (sometimes the remote dns works and sometimes not), so i'm guessing that it is a timeout issue. does ff fallback to local dns lookup when a remote lookup request is not answered in a timely manner or is it a failure with the os dns client or even a ff bug? what else could be done to prevent ff from dns leaking? any hints or suggestions would be very nice as it does not make any sense to me to operate a quite complex and complicated system for anonymous browsing when tracking of dns requests is all a profiling facility has to do... what i've forgot to mention that my installation of firefox uses torbutton 1.0.4 which is a firefox add-on preconfiguring the proxy settings for the vidalia bundle, that is http/s: localhost:8118 and socksv5 localhost:9050. Can you reproduce the problem without any Firefox plugins that influence the proxy settings? A few weeks ago I shortly tested FoxyProxy and had similar experiences. I used the always use proxy xyz feature to quickly switch between different Privoxy versions, Firefox own settings were configured to use Privoxy as well. Directly after starting up, Firefox always ignored the proxy settings and fetched some of the live bookmarks directly. The same happened if there were still tabs open from a previous session. I also had the feeling that it would randomly ignore the settings later on, but I didn't use the plugin long enough to verify this. I never used torbutton, but maybe it has similar problems. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: ff 1.5.0.7 2.0 (remote) dns leaks when using tor
Mike Perry wrote: Thus spake lester psigal ([EMAIL PROTECTED]): hi there, i've got a setup for anonymous browsing using firefoxf 1.5.0.7 and lately ff 2 with privoxy and tor (vidalia bundle 0.0.7) on windows xp sp2. the ff configuration option 'network.proxy.socks_remote_dns ' is set to true, the setting 'network.proxy.failover_timeout' is set to 5 and the 'network.proxy.socks_version' is set to 5 but the ethereal logs show that firefox is still leaking dns requests, i.e. ff still does the lookups itself and does not delegate them to the proxy (which is not quite true: the dns requests are always delegated to the proxy and _sometimes_ to the local dns client too). to make it worse the leaks are occuring randomly (sometimes the remote dns works and sometimes not), so i'm guessing that it is a timeout issue. does ff fallback to local dns lookup when a remote lookup request is not answered in a timely manner or is it a failure with the os dns client or even a ff bug? what else could be done to prevent ff from dns leaking? any hints or suggestions would be very nice as it does not make any sense to me to operate a quite complex and complicated system for anonymous browsing when tracking of dns requests is all a profiling facility has to do... thanks p.s. i've already posted the same message to the the mozillazine ff general forum without getting an answer Well, just so you don't feel that everyone is ignoring you, I'll voice most of our reactions: *shock*, *eyes popping*. Woops, time to turn privoxy back on (use HTTP proxy port 8118 and don't list anything in the SOCKS line). Were you able to determine exactly what network.proxy.failover_timeout governed? Was it just DNS? Did it have any effect at all on the behavior? Perhaps the units are miliseconds. Sometimes Tor takes as long as a minute to build a new circuit... It would be logical if either 0 or -1 meant infinite.. Did you try those? thanks for your reply, you're right that i'm quite worrying about such an issue and felt slightly irritated as well... what i've forgot to mention that my installation of firefox uses torbutton 1.0.4 which is a firefox add-on preconfiguring the proxy settings for the vidalia bundle, that is http/s: localhost:8118 and socksv5 localhost:9050. that's alright so far. i was wondering if i got a special problem with my installation or if that is a problem of a more general type, but according to the feedback and other (non-existent) postings it must be a special one, or perhaps a lot of people are thinking they surf anonymously but still leak their dns requests... anyway, i've tried to solve the problem more systematically: i've cleared the cache, tried some web addresses and checked the ethereal logs and it turns out that with the settings mentioned above on each url a local udp dns request occurs, while the tor log reads: - Nov 16 14:07:08:052 [Notice] fetch_from_buf_socks(): Your application (using socks4a on port 80) gave Tor a hostname, which means Tor will do the DNS resolve for you. This is good. - one log entry for each request privoxy makes. this must be wrong because i'm using mozilla thunderbird with the torbutton add-on too (same settings). over here no local dns lookup occurs and the tor log entry reads: - Nov 16 14:26:24:434 [Notice] fetch_from_buf_socks(): Your application (using socks5 on port 995) gave Tor a hostname, which means Tor will do the DNS resolve for you. This is good. - which means thunderbird connects directly to the tor client and speaks socks v5 (and not socks 4a !). the dns query is resolved via the circuit as intended... so i was expecting that firefox does the same: first resolve the dns name via the socks 5 tor client and then retrieve the http/s content via privoxy/tor... then, i've tried different settings: setting ff's 'network.proxy.failover_timeout' to '-1' or '0' - no change (if a timeout occurs privoxy shows up with one of its error pages) leaving socks proxy line blank in ff's connection setting - no change setting all proxy protocols to privoxy port - no change disabling dns client service on win xp - no change disabling 'forward socks4a requests' directive in privoxy configuration - no change also, i've recognized that the local dns queries are occuring when there is an direct user interaction with the browser like entering an url, selecting a bookmark, clicking a link etc. while requests from websites (when loading a page) seem to be resolved remotely (they do not show up in the ethereal logs but are requested in privoxy and log'ged by tor). unfortunately, i don't know if ff resolves dns by an own internal resolver thread or by delegating to the system which makes the whole thing worse. so, usually i'm not easily frustated but over here i'm really missing a thing and i would not wonder if its a little configuration tweak i forgot about... any advice is welcome...
Re: ff 1.5.0.7 2.0 (remote) dns leaks when using tor
Thus spake lester psigal ([EMAIL PROTECTED]): hi there, i've got a setup for anonymous browsing using firefoxf 1.5.0.7 and lately ff 2 with privoxy and tor (vidalia bundle 0.0.7) on windows xp sp2. the ff configuration option 'network.proxy.socks_remote_dns ' is set to true, the setting 'network.proxy.failover_timeout' is set to 5 and the 'network.proxy.socks_version' is set to 5 but the ethereal logs show that firefox is still leaking dns requests, i.e. ff still does the lookups itself and does not delegate them to the proxy (which is not quite true: the dns requests are always delegated to the proxy and _sometimes_ to the local dns client too). to make it worse the leaks are occuring randomly (sometimes the remote dns works and sometimes not), so i'm guessing that it is a timeout issue. does ff fallback to local dns lookup when a remote lookup request is not answered in a timely manner or is it a failure with the os dns client or even a ff bug? what else could be done to prevent ff from dns leaking? any hints or suggestions would be very nice as it does not make any sense to me to operate a quite complex and complicated system for anonymous browsing when tracking of dns requests is all a profiling facility has to do... thanks p.s. i've already posted the same message to the the mozillazine ff general forum without getting an answer Well, just so you don't feel that everyone is ignoring you, I'll voice most of our reactions: *shock*, *eyes popping*. Woops, time to turn privoxy back on (use HTTP proxy port 8118 and don't list anything in the SOCKS line). Were you able to determine exactly what network.proxy.failover_timeout governed? Was it just DNS? Did it have any effect at all on the behavior? Perhaps the units are miliseconds. Sometimes Tor takes as long as a minute to build a new circuit... It would be logical if either 0 or -1 meant infinite.. Did you try those? -- Mike Perry Mad Computer Scientist fscked.org evil labs
ff 1.5.0.7 2.0 (remote) dns leaks when using tor
hi there, i've got a setup for anonymous browsing using firefoxf 1.5.0.7 and lately ff 2 with privoxy and tor (vidalia bundle 0.0.7) on windows xp sp2. the ff configuration option 'network.proxy.socks_remote_dns ' is set to true, the setting 'network.proxy.failover_timeout' is set to 5 and the 'network.proxy.socks_version' is set to 5 but the ethereal logs show that firefox is still leaking dns requests, i.e. ff still does the lookups itself and does not delegate them to the proxy (which is not quite true: the dns requests are always delegated to the proxy and _sometimes_ to the local dns client too). to make it worse the leaks are occuring randomly (sometimes the remote dns works and sometimes not), so i'm guessing that it is a timeout issue. does ff fallback to local dns lookup when a remote lookup request is not answered in a timely manner or is it a failure with the os dns client or even a ff bug? what else could be done to prevent ff from dns leaking? any hints or suggestions would be very nice as it does not make any sense to me to operate a quite complex and complicated system for anonymous browsing when tracking of dns requests is all a profiling facility has to do... thanks p.s. i've already posted the same message to the the mozillazine ff general forum without getting an answer ___ Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
