Reducing java leakage in windows

Arrakis arrakistor at gmail.com
Mon Dec 3 17:09:59 UTC 2007


Okay pause.

We need to distinguish here because ya'll are talking about different
terms. Internal network IP (192.168.x.x, etc), external IP (your public
IP address), and DNS requests (locally vs remote through socks). The
internal network IP probably isn't a terribly valuable piece of
information to most snoops. The local DNS is an issue because you're
telling your local network/ISP or whomever what addresses  you're
looking at. The big issue is the external network IP, which is what the
public sees and identifies the home user's specific computer.

So what we want to see is an applet running around the
deployment.properties setting, exposing the external network IP. The DNS
leakage should also be investigate of course.

Steve



James Muir wrote:
> phobos at rootme.org wrote:
>> On Sun, Dec 02, 2007 at 11:35:49PM -0800, jacob at appelbaum.net wrote
>> 0.9K bytes in 21 lines about:
>> : I remember these tests. I can't seem to find a copy of the applets you
>> : used. Are you willing to publish them? Or point me in the right
>> : direction should I want to try implementing them?
>>
>> http://exitthematrix.dod.net/matrixmirror/ar01s05.html  Jump down to the
>> "Web bugs" section.  It references
>> http://exitthematrix.dod.net/matrixmirror/misc/superipbug.java from
>> http://www.inet-police.com/cgi-bin/env.cgi
>>
>> There is another more thorough test of a java applet completely ignoring
>> the jvm proxy configuration.  However, my google-fu is weak.
> 
> When I read that example it seems to indicate that the applet reads your
> IP address locally and then submits it back to the originating web site
> through the proxy.  The applet does not seem to ignore proxy settings
> (i.e. it does not seem to open a non-proxied connnection); it just
> submits identifying information through the proxied connection.
> 
> Jacob, Steve: I don't want to publish my complete ready-to-run code on
> the list, but here is an excerpt:
> 
> /***********/
> 
> Socket socket_to_originating_host = null;
> int tcp_port = 80;
> InetSocketAddress originating_host =
>   new InetSocketAddress(getCodeBase().getHost(), tcp_port);
> 
> try {
>       socket_to_originating_host = new Socket(Proxy.NO_PROXY);
>       // timeout is in milliseconds
>       socket_to_originating_host.connect(originating_host, 10000);
>       System.out.println(
>        "Socket Local Address = " +
>        socket_to_originating_host.getLocalAddress().getHostAddress());
> }
> 
> catch (Exception e) {
>       System.out.println("EXCEPTION THROWN:  " + e);
>       System.exit(1);
> 
> }
> 
> /************/
> 
> More details can be found in the paper "Internet Geolocation" on my web
> site.
> 
> -James
> 
> 
> 
> 
> 



More information about the tor-talk mailing list