Give me a couple days and I will confirm and report back after running a sniffer. I don't use this library node often, so it will be a few days. Besides I do not have the firewall logs with me now, so don't want to misstate things until I am sure and have gathered as much information as I can.
On Fri, 28 Sep 2007 23:57:17 -0500 (CDT), "Scott Bennett" <[EMAIL PROTECTED]> said: > On Fri, 28 Sep 2007 15:06:48 -0700 [EMAIL PROTECTED] wrote: > > >On Fri, 28 Sep 2007 15:02:53 -0700, [EMAIL PROTECTED] said: > >> > >> On Thu, 27 Sep 2007 21:20:42 -0500 (CDT), "Scott Bennett" > >> <[EMAIL PROTECTED]> said: > >> > On Thu, 27 Sep 2007 19:05:27 -0700 [EMAIL PROTECTED] wrote: > >> > > >> > >On Thu, 27 Sep 2007 19:52:30 -0500 (CDT), "Scott Bennett" > >> > ><[EMAIL PROTECTED]> said: > >> > >> On Thu, 27 Sep 2007 20:35:58 -0400 Watson Ladd > >> > >> <[EMAIL PROTECTED]> > >> > >> wrote: > >> > >> >[EMAIL PROTECTED] wrote: > >> > >> >> Then after agreeing to the TOS, you are able to connect to tor > >> > >> >> servers,= > >> > >> > > >> > >> >> but all dns requests go through a library computer IP, such that > >> > >> >> they > >> > >> >> can see and record where you are going. I am not sure if they can > >> > >> >> see > >> > >> >> the TCP content, but the UDP (which I assume is the dns lookups > >> > >> >> are all= > > What does your firewall software or other tool at your disposal have > to > say about the TCP packets from your browser? Do they go to privoxy? And > where does it say that packets from privoxy go? To your tor client? > Somewhere > else? > > >> > >> >> being monitored and probably logged by the library server through > >> > >> >> which= > >> > >> > > >> > >> >> you are connected. Firewall logs clearly show the outgoing and > >> > >> >> incoming= > >> > >> > > >> > >> >> DNS packets to the library IP. Rest of connections to Tor servers > >> > >> >> in th= > >> > >> >e > >> > >> >> firewall log appear normal. > > Just to confirm: your firewall log shows that the UDP packets in > question are destined to some IP address and port 53? > > >> > >> >Make sure to run DNS queries over tor if anonymity is important. > >> > >> > >> > >> Absolutely. Check your privoxy configuration file to make sure > >> > >> its > >> > >> first line is > >> > >> > >> > >> forward-socks4a / localhost:9050 . > >> > > > >> > >already is > >> > > > >> > Okay. Good. > >> > >> > >> > >> If you're using some other port than 9050, change that accordingly. > >> > >> Other > >> > >> programs, e.g. PuTTY, will need to be configured, too, if you use > >> > >> them. > >> > >> In the case of PuTTY, each remote login site that you configure to be > >> > >> proxied through tor will need to be set to use socks5 and to do DNS > >> > >> name > >> > >> lookups at the proxy end (see "Proxy" under "Connection"). > >> > >> > >> > >> >>=20 > >> > >> >> I have not run a sniffer yet on this, because my laptop is old and > >> > >> >> it > >> > >> >> might not be able to handle it. But tor anonymity is obviously > >> > >> >> shot whe= > > Your laptop, old though it may be, apparently has no trouble > handling > wireless IP traffic, so I would bet that a sniffer storing, say, only UDP > packets to port 53 wouldn't overtax it. > >> > >> >n > >> > >> >> connecting to their wifi nodes. I believe I tried to block the DNS > >> > >> >> lookups to the Library IP with privoxy generic block rules and > >> > >> >> then I\ > > Because I don't know how that works in privoxy, I'll ask, does your > firewall allow you to block outbound UDP packets to port 53? If so, what > happens if you block them that way instead of via privoxy? > > >> > >> >Using socks-4a should fix this. > >> > > > >> > >already set to sock 4a > >> > > > >> > >> > >> > >> Right. Or socks5, though privoxy doesn't yet appear to support > >> > >> that. > >> > > > >> > >did you just start using tor? > >> > > > >> > About 2.5 years so far. > >> > >> > >> > >> >> could not load any web pages, indicating again that the dns > >> > >> >> requests ar= > >> > >> >e > >> > >> >> first being routed to the library machine, where they are, of > >> > >> >> course, > >> > >> >> logged (and maybe sent off to the FBI, if your reading muslim > >> > >> >> materials= > >> > >> >, > >> > >> >> haha). > >> > >> >Now are these DNS requests for sites you are browsing? It sounds like > >> > > >> > I think the question posed here may reveal the answer. > >> > >> Already answered that I think, the dns requests APPEAR to be made each > >> time a new url is looked up and not in looking up tor servers, but I > >> will only know for certain when I run the sniffer, if that is possible > >> on my laptop. > >> > As long as your wireless interface (and its driver) can run in > promiscuous mode, a sniffer ought to work okay. Some systems may well be > able to trap outbound packets without an actual sniffer. On most/all > UNIX > systems, you will need root privileges, too, to run tools like > tcpdump(1). > >> > >> > > >> > >> >that is the case, but I just want to make sure. > >> > >> > >> > >> Most public wireless locations use no encryption at all. In > >> > >> these > >> > >> situations, things like tor and SSH are about the only significant > >> > >> privacy > >> > >> protection most users have. > >> > > > >> > >no problem with tor and other wifi connections, dns goes to tor, hence > >> > >my OP title LIBRARY DEFEATS TOR > >> > >Tentative Conclusion: Tor cannot be used with any confidence on > >> > >publically maintained machines, but there is no reference to this on the > >> > >tor website; nor any real illumination from this group, so far. I > >> > >suppose now someone is going to tell me to disable javascript and > > Actually, that's probably worth a shot, given recent postings by the > author of Torbutton. It's also trivial to do if you have the Quick Java > and/or NoScript plugins installed in firefox. > > >> > >cookies, ;-) The encryption is SUPPOSED to occur at the client before it > > Cookies are just data. They do not execute and therefore do not > query > name servers, so I wouldn't think that would be worth bothering with. > > >> > >even gets to any outside server, but obviously this is not happening as > >> > >the dns requests are being subverted. Perhaps the traffic is being > >> > >shuttled from the kernel OS to a library server. IOW tor should provide > >> > >the encryption necessary and no wifi encryption should be needed. I will > >> > >see if I can run a sniffer to find out exactly what's happening. > >> > > > >> > Yes, and I think that may be why Watson asked the question I noted > >> > above. Tor does its own name server queries for two purposes: 1) to > >> > provide exit service when running in server mode, 2) to look up addresses > >> > of other tor servers, regardless of mode. These are normal operations > >> > and reveal only those activities. When you are using it in a public > >> > location, I assume that it is running only as a client. So that returns > >> > us to the question of exactly what kinds of addresses is tor looking up? > >> > >> the laptop appears to be getting web site dns translations from a > >> library node rather than from tor, which allows tracking and profiling. > >> each time a new url is introduced I get a firewall dns request in the > >> log. > >> > >> > Are they only the addresses of other tor servers? Or do they also > >> > include the addresses of the web sites you're trying to reach? > >> > Would you also please double check your browser configuration to > >> > make sure it is forwarding everything through privoxy? If you're using > >> > a firefox plug-in module like Torbutton, switchproxy, or foxyproxy, have > >> > you accidentally disabled the proxy? > >> > >> nope, don't use those, the browser is always set to go through privoxy. > >> will do some further testing and try to report back, but suprised not > >> more answers to this post. certainly others should have experienced this > >> problem. > >> > I guess that's the point: we haven't experienced it, which is why > we've been asking questions to try to debug the problem. Here are more. > > 1) Are you using a Microslop operating system? If so, which? > And if not, then which operating system and version are you using? > > 2) What is the firewall software that you have referred to several > times? > > 3) Which version of tor are you running? > > 4) Which browser and version are you using? > > 5) Under the assumption for the moment that your connection to the > wireless attach point gets configured by DHCP, which IP address(es) > got assigned to your system for its own address, for an IP gateway, > and for name server(s) to be used? > > I keep having the feeling that what you think is happening differs > from > what is actually happening and/or something misconfigured somehow is > being > overlooked. Please be patient with us. We're trying to help figure out > what's going on, and you're the only one who can provide the > observational > data that might lead to a solution. If it seems like we are just > grabbing > at straws so far, rest assured that we aren't there yet and can't get > there > until we first have at least the basic facts of the case established. > ;-) > Anyone else with pertinent questions, please join in! > > > Scott Bennett, Comm. ASMELG, CFIAG > ********************************************************************** > * Internet: bennett at cs.niu.edu * > *--------------------------------------------------------------------* > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > * -- Gov. John Hancock, New York Journal, 28 January 1790 * > ********************************************************************** -- [EMAIL PROTECTED] -- http://www.fastmail.fm - Does exactly what it says on the tin