Lynx leaks DNS

Jim McClanahan jimmymac at copper.net
Fri Jun 26 15:02:04 UTC 2009


Fabian Keil wrote:
> 
> Jim McClanahan <jimmymac at copper.net> wrote:
> 
> > Quite by accident I discovered that the lynx browser is leaking DNS
> > addresses.  I have verified this on:
> >
> >    Lynx Version 2.8.4dev.7 (03 Aug 2000)   and
> >    Lynx Version 2.8.5rel.1 (04 Feb 2004)
> 
> Is there a reason why you aren't using a more recent build?

That was what I had readily available.  I just installed lynx on
Ubuntu 8.04 LTS for more testing:

   lynx --version
   Lynx Version 2.8.6rel.4 (15 Nov 2006)
   libwww-FM 2.14, SSL-MM 1.4.1, GNUTLS 2.0.4, ncurses
5.6.20071124(wide)
   Built on linux-gnu Apr  8 2008 13:48:42

It shows the same behavior I saw before.  But further investigation
reveals this interesting twist:  It does not leak if the URL with
protocol is given.  But if the http:// is omitted, it leaks, yet still
loads the page.  Without thinking, I had just been using p.p.  When I
used http://p.p, it did not leak.  But it is not only p.p that leaks:

tcpdump -nni eth0 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
08:22:23.435995 IP 192.168.2.102.45063 > 65.247.xx.xx.53: 46608+ A? p.p.
(21)
08:22:23.437732 IP 65.247.xx.xx.53 > 192.168.2.102.45063: 46608 2/2/0 A
64.158.56.50, A 63.251.179.30 (109)
08:33:39.447099 IP 192.168.2.102.54845 > 65.247.xx.xx.53: 19107+ A?
torcheck.xenobite.eu. (38)
08:33:39.679776 IP 65.247.xx.xx.53 > 192.168.2.102.54845: 19107 1/2/2 A
217.160.111.190 (137)

(The returned addresses for p.p is bad behavior on the part of my ISP. 
They lead to a "not found" page with advertising.)  

Both of the above were without http://  .   And When http:// was added,
neither leaked.  torcheck.xenobite.eu (both with a w/o http://) verified
I was accessing via Tor.

Not as bad as I thought when I originally posted.  But still
disconcerting, particularly considering that it will happily render the
page w/o http://  .

> 
> I can't reproduce the problem with:
> 
> fk at TP51 ~ $lynx --version
> Lynx Version 2.8.6rel.5 (09 May 2007)
> libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.8k, ncurses 5.7.20081102(wide)
> Built on freebsd8.0 Feb 27 2009 22:36:34



More information about the tor-talk mailing list