ff 1.5.0.7 & 2.0 (remote) dns leaks when using tor
lester psigal
lesterpsigal at yahoo.de
Mon Nov 20 19:39:57 UTC 2006
Fabian Keil wrote:
snip
> Can you reproduce the problem without any Firefox plugins that
> influence the proxy settings?
>
> A few weeks ago I shortly tested FoxyProxy and had similar experiences.
> I used the "always use proxy xyz" feature to quickly switch between
> different Privoxy versions, Firefox own settings were configured
> to use Privoxy as well.
>
> Directly after starting up, Firefox always ignored the proxy
> settings and fetched some of the "live bookmarks" directly. The same
> happened if there were still tabs open from a previous session.
>
> I also had the feeling that it would randomly ignore the settings
> later on, but I didn't use the plugin long enough to verify this.
>
> I never used torbutton, but maybe it has similar problems.
>
> Fabian
>
and
Roger Dingledine wrote:
> (Just got back in town, am starting to plow through my mail)
>
> On Fri, Nov 17, 2006 at 03:38:12PM -0800, lester psigal wrote:
>
>>> Well, just so you don't feel that everyone is ignoring you, I'll voice
>>> most of our reactions: *shock*, *eyes popping*. Woops, time to turn
>>> privoxy back on (use HTTP proxy port 8118 and don't list anything in
>>> the SOCKS line).
>>>
>
> Actually, as far as I know, you should list at least http, https,
> and socks. The reason is that some plugins look at one proxy setting,
> and some look at others. And alas, some plugins don't look at any,
> which might be what you're experiencing.
>
>
>> what i've forgot to mention that my installation of firefox uses
>> torbutton 1.0.4 which is a firefox add-on preconfiguring the proxy
>> settings for the vidalia bundle, that is http/s: localhost:8118
>> and socksv5 localhost:9050.
>> that's alright so far.
>>
>
> It "shouldn't" be Torbutton's fault. That's not to say it isn't, but if I
> were looking for a problem, Torbutton would be pretty far down on my list.
> It just changes Firefox's configuration, after all.
>
>
>> i was wondering if i got a special problem with my installation or if
>> that is a problem of a more general type, but according to the feedback
>> and other (non-existent) postings it must be a special one, or perhaps a
>> lot of people are thinking they surf anonymously but still leak their
>> dns requests...
>>
>
> Might well be. We need to test-and-document all configuration
> combinations, with all the weird extra software that people use. I
> would bet there are a wide variety of seemingly ok combinations that
> are actually bad. Plus, there are many seemingly bad combinations that
> people don't realize might be bad. :)
>
>
snip
>
>
>> also, i've recognized that the local dns queries are occuring when there
>> is an direct user interaction with the browser like entering an url,
>> selecting a bookmark, clicking a link etc. while requests from websites
>> (when loading a page) seem to be resolved remotely (they do not show up
>> in the ethereal logs but are requested in privoxy and log'ged by tor).
>> unfortunately, i don't know if ff resolves dns by an own internal
>> resolver thread or by delegating to the system which makes the whole
>> thing worse.
>>
>
> My first guess is that you have some other firefox plugin installed that
> does a dns lookup for everything you type. What other plugins/extensions
> do you have?
>
> --Roger
>
yep, that's it.
thanks everybody for "puttin' my nose on the right trace"... ;-)
i was right assuming that i missed a 'simple' configuration tweak and
i've made the wrong assumptions about how firefox add-ons work ( i
wasn't aware of the fact that those extensions may override ff's general
configuration settings like 'network.proxy.socks_remote_dns' or the
general proxy settings...).
i'm using several add-ons and when looking on them, it is obvious
which one to disable first in order to check for those local dns
lookups: it's a add-on called 'showip', version 0.8.05, which looks up
ip addresses for any entered url and shows those ip's in ff's status
bar. a quite handy and useful tool but not compatible with using
tor. i've disabled the add-on and everything works out fine, i.e. no
more local dns queries.
i will contact the author of the add-on for further investigation and
will post a follow-up if any useful information about those issues of
dns leaks are yielded.
i would suggest that the maintainers of the following sites should get
asked about including a note or warning about the possible side-effects
of the mozilla add-ons on dns leaking:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ
http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO
http://wiki.noreply.org/noreply/TheOnionRouter/FireFoxUsage
http://www.imperialviolet.org/deerpark.html
to drive even further: wouldn't it be good for any potential firefox/tor
user to know which of the add-ons are safe (in regard of tor
compatibility) to use and which are not. as there are now about 1000
add-ons from which to choose this means a lot of work and checking
(although there are add-ons which do not have any effect by design)
but wouldn't it make sense to collect any experience users have made
with certain add-ons and provide those results on a web page, e.g. the
noreply wiki. if there is some task to do, i will offer my help whenever
i've got time to do so ('though my programming capabilities are quite
weak).
i've worked out a simple example showing some add-ons and their
compatibility in tabular form at
http://www.geocities.com/lesterpsigal/tor/compat.html
you even find there a logo for tor compatibility (heh, heh, heh, isn't
that serious but most probable that's the way the mozilla guys would end
up to...) but there is some seriousness about that thought that software
you use in cooperation with tor should/could be marked as good working
or as not compatible ( this would make sense especially with browsers,
plugins/add-ons, newsreaders, mail or chat software...).
very nice would be some cooperation with the mozdev team (or any other
(open source) development team) to reach a guideline for socks/tor
compatibility within the development process. but, i guess, that's still
a long way to go...
anyway, meanwhile i will enjoy one of the best ideas in
'counter-intelligence on digital exploitation and surveillance
of human web-activity'.
again thanks a lot
lester
___________________________________________________________
Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de
More information about the tor-talk
mailing list