On Fri, Oct 20, 2006 at 03:31:22PM -0700, coderman wrote: > i'm fond of the transparent proxy router approach we've used to try > and fail safe for most protocols (at least with respect to the DNS > leaks and covert TCP connections via Java/Flash/etc).[1] [snip] > it would be nice to have a detailed proxy checker available that looks > at these Java/Flash/RealPlayer/etc holes. right now there are a > handful of common http proxy checkers but these look for headers and > IP at best.
Right, this would be great. There are a few checkers out there that hand a java program to the user that fetches his IP address. We (Tor) get mail every so often from people who say "hey, I went to this site and it knows who I am! Tor's broken!" One of these days I'll get around to writing the single clear paragraph that will explain everything to everybody. That's still in the works though; feel free to beat me to it. It would go between http://tor.eff.org/docs/tor-doc-win32#verify and http://tor.eff.org/docs/tor-doc-win32#server as a new section. > 1. http://janusvm.peertech.org/ uses a pptp vpn connection to force a > default route through the virtual machine providing transparent TCP > and DNS proxy through Tor. this defeats all of the covert TCP > connection attacks designed to circumvent browser/application level > SOCKS/HTTP proxy settings, but does not address identifying data > within the TCP streams. Right. Yay JanusVM. I think the eventual solution for packaging Tor correctly will be to run a VM or something similar that handles all network traffic correctly, so people don't have to worry so much about configuring things. It still won't be perfect though, because your Firefox's Java program can still run whatever it likes, and because cookies and other application-level issues need to be solved too. See also http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TransportIPnotTCP > [people have been asking about non-Win > support, and this will be forthcoming in the next few months via > openvpn for *bsd/linux/solaris/mac] See also http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy for Linux, BSD, and probably OS X. --Roger
