Lynx leaks DNS
jimmymac at copper.net
Fri Jun 26 15:02:04 UTC 2009
Fabian Keil wrote:
> Jim McClanahan <jimmymac at copper.net> wrote:
> > Quite by accident I discovered that the lynx browser is leaking DNS
> > addresses. I have verified this on:
> > Lynx Version 2.8.4dev.7 (03 Aug 2000) and
> > Lynx Version 2.8.5rel.1 (04 Feb 2004)
> Is there a reason why you aren't using a more recent build?
That was what I had readily available. I just installed lynx on
Ubuntu 8.04 LTS for more testing:
Lynx Version 2.8.6rel.4 (15 Nov 2006)
libwww-FM 2.14, SSL-MM 1.4.1, GNUTLS 2.0.4, ncurses
Built on linux-gnu Apr 8 2008 13:48:42
It shows the same behavior I saw before. But further investigation
reveals this interesting twist: It does not leak if the URL with
protocol is given. But if the http:// is omitted, it leaks, yet still
loads the page. Without thinking, I had just been using p.p. When I
used http://p.p, it did not leak. But it is not only p.p that leaks:
tcpdump -nni eth0 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
08:22:23.435995 IP 192.168.2.102.45063 > 65.247.xx.xx.53: 46608+ A? p.p.
08:22:23.437732 IP 65.247.xx.xx.53 > 192.168.2.102.45063: 46608 2/2/0 A
18.104.22.168, A 22.214.171.124 (109)
08:33:39.447099 IP 192.168.2.102.54845 > 65.247.xx.xx.53: 19107+ A?
08:33:39.679776 IP 65.247.xx.xx.53 > 192.168.2.102.54845: 19107 1/2/2 A
(The returned addresses for p.p is bad behavior on the part of my ISP.
They lead to a "not found" page with advertising.)
Both of the above were without http:// . And When http:// was added,
neither leaked. torcheck.xenobite.eu (both with a w/o http://) verified
I was accessing via Tor.
Not as bad as I thought when I originally posted. But still
disconcerting, particularly considering that it will happily render the
page w/o http:// .
> I can't reproduce the problem with:
> fk at TP51 ~ $lynx --version
> Lynx Version 2.8.6rel.5 (09 May 2007)
> libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.8k, ncurses 5.7.20081102(wide)
> Built on freebsd8.0 Feb 27 2009 22:36:34
More information about the tor-talk