LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-08-2006, 03:24 AM   #1
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Rep: Reputation: 30
question about tor, privoxy & squid


hi there,

i'm just wondering if i setup squid to use privoxy as a cache_peer and then setup privoxy & tor to work together will i still get the same level of security offered with the privoxy tor setup?
 
Old 04-08-2006, 06:09 AM   #2
mrclisdue
Senior Member
 
Registered: Dec 2005
Distribution: Slackware -current, 14.1
Posts: 1,031

Rep: Reputation: 160Reputation: 160
Code:
WARNING: [WWW] recent testing has shown that using Squid in conjunction with Tor
and Privoxy is a critical compromise to your privacy! Please read [WWW] this update for more details. Thank you.

    *

      Squid 2 can be compiled with, "--disable-internal-dns", and use 
an external dns client of your choice to prevent dns leaks. 
You could even disable dns lookups from squid entirely if you'd like. See squid documentation for more info.
from:

http://wiki.noreply.org/noreply/TheO...ter/SquidProxy


cheers,
 
Old 04-08-2006, 01:36 PM   #3
gabsik
Member
 
Registered: Dec 2005
Location: italia
Distribution: Debian Kali
Posts: 541

Rep: Reputation: 30
It's about a dns leaks while browsing but it dosn't affect you if you use firefox1.5 i cannot link you anyware but it's the thruth !!!!
 
Old 04-08-2006, 05:57 PM   #4
mrclisdue
Senior Member
 
Registered: Dec 2005
Distribution: Slackware -current, 14.1
Posts: 1,031

Rep: Reputation: 160Reputation: 160
Quote:
Originally Posted by gabsik
It's about a dns leaks while browsing but it dosn't affect you if you use firefox1.5 i cannot link you anyware but it's the thruth !!!!
this was actually uncovered in deer park alpha and then incorporated into ff 1.5 - I know there was discussion and howto's on the ortalk mailing list, and I would expect that there would be discussion on the tor wiki, however these are the two lines I've changed in about:config regarding dns:

network.dns.disableIPv6 true
network.proxy.socks_remote_dns true

if I get around to checking into actual links and explanations in the next few days, or if someone specifically requests, I will post here.

cheers,
 
Old 04-08-2006, 08:09 PM   #5
gabsik
Member
 
Registered: Dec 2005
Location: italia
Distribution: Debian Kali
Posts: 541

Rep: Reputation: 30
nice one !
 
Old 04-08-2006, 08:15 PM   #6
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Original Poster
Rep: Reputation: 30
hi mrclisdue,

so what your saying to ms is i can setup tor, privoxy ans squid together as long as i add in those few lines?

network.dns.disableIPv6 true
network.proxy.socks_remote_dns true

but where do i put them?
 
Old 04-08-2006, 09:22 PM   #7
mrclisdue
Senior Member
 
Registered: Dec 2005
Distribution: Slackware -current, 14.1
Posts: 1,031

Rep: Reputation: 160Reputation: 160
As per my first post, Squid must be compiled with "--disable-internal-dns", and/or disable dns lookups entirely through squid.

Secondly, I searched back through the ortalk mailing list, and it appears you must have FF 1.1x, then in about:config either find or add

network.proxy.socks_remote_dns

and set the value to true.

That info was found here:

Code:
http://archives.seul.org/or/talk/Aug-2005/msg00303.html
If you browse the same ortalk archives for Sept, 2005, you will see some discussion on squid and dns leaks.

There is also this tor wiki entry:

Code:
http://wiki.noreply.org/noreply/TheOnionRouter/SquidWarning
cheers,
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Privoxy Squid Tor gabsik Linux - Networking 2 01-26-2006 09:18 PM
Tor and privoxy gabsik Linux - Networking 1 12-26-2005 01:57 PM
Tor & Privoxy - how to get it to work? EvilBill Ubuntu 1 12-05-2005 08:51 PM
Privoxy and tor z3nith Linux - Software 2 10-01-2005 09:31 PM
Tor & Privoxy esage Linux - Software 3 07-25-2005 10:35 PM


All times are GMT -5. The time now is 05:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration