[tor-talk] Risk with transparent proxy mode [was Re:Operating system updates / software installation behind Tor Transparent Proxy]

coderman coderman at gmail.com
Sat Mar 3 20:12:53 UTC 2012


On Sat, Mar 3, 2012 at 12:33 AM,  <proper at secure-mail.biz> wrote:
>...
> Application level leaks are problematic. We have a page which describes many of these problems including with workarounds (we recommend Tor Browser etc.).

these are significant if you are mixing tor and non-tor access on the
same system. much of this is covered in the thread, and the particular
risks are very specific to context and nature of use, as discussed.


> Anyway, transparent proxying should be still safer then socksifying.

yes. there are still poor and better ways to configure transparent proxy.


> The transparently proxied operating system does not know it's real external IP, only it's Tor exit IP. And can therefore never leak it's real external IP. ... DNS / UDP leaks are impossible. Real IP may also not leak, the operating system doesn't have a way to find it out.

this is not true; you must also prevent all local subnet access when
in this mode. this may entail removing IPv6 interfaces, changing the
default route to a /31 or /30 path, etc.

otherwise there are attacks which reflect or bounce traffic on the
local network to obtain public IP address or leak endpoint to an
attacker.


More information about the tor-talk mailing list