BlockNumericIPRequests patch (fwd)
Jason Holt
jason at lunkwill.org
Sun Mar 12 22:16:41 UTC 2006
On Sun, 12 Mar 2006, Roger Dingledine wrote:
> First, we already have a TestSocks config option:
>
> TestSocks 0|1
> When this option is enabled, Tor will make a notice-level log
> entry for each connection to the Socks port indicating whether
> the request used a hostname (safe) or an IP address (unsafe).
> This helps to determine whether an application using Tor is pos-
> sibly leaking DNS requests. (Default: 0)
>
> This doesn't do quite what your patch does, of course. But is it
> sufficient?
Actually, is it even necessary now that it always warns about IP-only
connections?
> Second, even with your patch, an application using the wrong socks
> version will do the DNS resolve, and then fail to work. So in a sense
> it is broken in *both* respects now. Is this better behavior than before?
>
> I'd like to figure these out a bit more before we simply hand more
> options to the users and hope it solves the problem. :)
Certainly, it's a tradeoff which must be evaluated. The fact that my option
doesn't catch the problem until the DNS lookup has already happened is
significant, and I've been thinking it should be documented. The option could
also cause mysterious problems in applications that don't always do a DNS
lookup (bittorrent, perhaps?). OTOH, in most cases, users would presumably not
make their very first connection to a sensitive site after installing a new
app or changing a configuration.
And, of course, it could be a significant advantage to have proactive
rejection of potentially dangerous connections rather than leaving a log entry
which may go unnoticed. Users are notoriously bad about auditing log entries.
-J
More information about the tor-dev
mailing list