[tor-talk] tor transparent proxy security concerns (autostart and dns resolve for non-tor)

hmoh at Safe-mail.net hmoh at Safe-mail.net
Thu Jan 5 13:32:07 UTC 2012


I like the idea of the tor transparent proxy and tor-enabeld linux user account very much. But I think there are a lot security concerns.

'If you want to make the iptables rules permanent you have to make sure they are executed at startup time, for example by adding a script in the right directory. On Debian/Ubuntu you can do something like this:

sudo touch /etc/init.d/anonuser
sudo chmod a+x /etc/init.d/anonuser
sudo nano /etc/init.d/anonuser'

This didn't work for me as it seams that not all scripts inside init.d are automatically executed upon boot on Debian. Adding this to /etc/init.d which seams to be the user defined autostart file however worked. Anyway... This approach can not be recommend in any case.

There is no control over the boot process, in particular the boot order. Will the user anonymous have applications autostarting who shall use Tor? When will they be started? When will the network interface connect? When will those iptables rules be activated? Before or after? Leak or no leak?

I think a better approach could be
- nano /etc/firewall.sh
- and add all the iptables rules
- chown root /etc/firewall.sh
- chmod 700 /etc/firewall.sh
- nano /etc/network/interfaces
- and add 'pre-up /etc/firewall.sh" before the internet connection.
This should ensure that the firewall rules take in place before any applications can possibly leak. Not sure about all this, it's just my conclusion after a lot of research on that topic.


'Tests show that ***for some reason*** this solution is still leaking DNS queries, so you can configure all DNS traffic to go through Tor on your computer:

echo "nameserver 127.0.0.1" > /etc/resolv.conf'
Uhm, that's bad. For some reason? This sounds somehow unprofessional, not really knowing what's happening. I mean, with proper iptables configuration, nothing should leak? If that dns "hack" is needed to stop leaking, what else has been forgotten/is leaking?

To use Tor for all dns requests, also non-anonymous surfing, is imho also a very bad idea. You'll proable use same exit server for dns for anonymous and non-anonymous dns requests at the same time. While most users should be aware that dns requests throught Tor could be spoofed (redirected to malicious site) they're not aware that the same applies now to their normal surfing. It's somewhat adding an extra risk as there are probable more evil exit servers then providers who spoof dns.

Unfortunally I do not know a better solution here. Can someone come up with a solution how this 'echo "nameserver 127.0.0.1" > /etc/resolv.conf' can be avoided by using better iptables rules?


More information about the tor-talk mailing list