Library Defeats Tor Followup Addl Info

Robert Hogan robert at roberthogan.net
Tue Oct 16 19:46:10 UTC 2007 

On Monday 15 October 2007 23:58:37 mark485anderson at eml.cc wrote:
<shnip>
> >
> > well then explain to me how they can monitor dns traffic if all dns
> > requests are made within the originating client box and not to any
> > outside source. maybe all you tor gurus can explain how clients usually
> > make dns requests through tor and WHY IT IS THAT TOR ALLOWS COMPUTERS TO
> > LEAK DNS REQUESTS AT ALL???? TOR SOFTWARE SHOULD NOT ALLOW THIS AND
> > SHOULD FAIL TO WORK IF DNS REQUESTS ARE MADE TO ANY NODE OTHER THAN TOR
> > THROUGH PRIVOXY. OH THAT'S RIGHT TOR IS "EXPERIMENTAL" AND "NOT FOR
> > GENERAL USE". FUNNY HOW LONG IT HAS BEEN EXPERIMENTAL. MAYBE THE FAULT
> > HERE IS WITH TOR, NOT WITH ME OR THE LIBRARY?
> >
<shnip>

Whether a dns request gets routed through privoxy  (or any other privacy proxy 
you use) and then tor depends on the system call the application uses to 
perform the request.

The problem is that some applications perform system calls that by-pass their 
own proxy settings. This is more by happenstance than design. It's important 
for Tor users to know how to guard against this and even prevent it and the 
tor devs have put a lot of work into making it easier for tor's helper 
applications to do so.

It sounds like in your situation some windows equivalent of a kernel module is 
hooking system calls like dns requests and doing something funky with them, 
the result being that DNS requests that would get routed to Tor on a normal 
installation are being forwarded to a big display board in the staff common 
room or whatever.

Tor can't manage and inspect your system the way you would like it to. Other 
apps have to help it do this. For browsing purposes, on an OS that you can't 
control and don't own, the only real solution may be something like janusvm 
or a livecd like incognito.

Hope this helps, and apologies if I'm repeating stuff elsewhere in the thread 
or have misunderstood your query. 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20071016/8f783c03/attachment.pgp>

More information about the tor-talk mailing list