LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page question about tor, privoxy & squid
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 04-08-2006, 03:24 AM   #1
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Rep: Reputation: 30
question about tor, privoxy & squid

hi there,

i'm just wondering if i setup squid to use privoxy as a cache_peer and then setup privoxy & tor to work together will i still get the same level of security offered with the privoxy tor setup?
 
Old 04-08-2006, 06:09 AM   #2
mrclisdue
Member
 
Registered: Dec 2005
Distribution: Slackware -current, 13.37
Posts: 861

Rep: Reputation: 93
Code:
WARNING: [WWW] recent testing has shown that using Squid in conjunction with Tor
and Privoxy is a critical compromise to your privacy! Please read [WWW] this update for more details. Thank you.

    *

      Squid 2 can be compiled with, "--disable-internal-dns", and use 
an external dns client of your choice to prevent dns leaks. 
You could even disable dns lookups from squid entirely if you'd like. See squid documentation for more info.
from:

http://wiki.noreply.org/noreply/TheO...ter/SquidProxy


cheers,
 
Old 04-08-2006, 01:36 PM   #3
gabsik
Member
 
Registered: Dec 2005
Location: italia
Distribution: Debian etch stable
Posts: 532

Rep: Reputation: 30
It's about a dns leaks while browsing but it dosn't affect you if you use firefox1.5 i cannot link you anyware but it's the thruth !!!!
 
Old 04-08-2006, 05:57 PM   #4
mrclisdue
Member
 
Registered: Dec 2005
Distribution: Slackware -current, 13.37
Posts: 861

Rep: Reputation: 93
Quote:
Originally Posted by gabsik
It's about a dns leaks while browsing but it dosn't affect you if you use firefox1.5 i cannot link you anyware but it's the thruth !!!!
this was actually uncovered in deer park alpha and then incorporated into ff 1.5 - I know there was discussion and howto's on the ortalk mailing list, and I would expect that there would be discussion on the tor wiki, however these are the two lines I've changed in about:config regarding dns:

network.dns.disableIPv6 true
network.proxy.socks_remote_dns true

if I get around to checking into actual links and explanations in the next few days, or if someone specifically requests, I will post here.

cheers,
 
Old 04-08-2006, 08:09 PM   #5
gabsik
Member
 
Registered: Dec 2005
Location: italia
Distribution: Debian etch stable
Posts: 532

Rep: Reputation: 30
nice one !
 
Old 04-08-2006, 08:15 PM   #6
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Original Poster
Rep: Reputation: 30
hi mrclisdue,

so what your saying to ms is i can setup tor, privoxy ans squid together as long as i add in those few lines?

network.dns.disableIPv6 true
network.proxy.socks_remote_dns true

but where do i put them?
 
Old 04-08-2006, 09:22 PM   #7
mrclisdue
Member
 
Registered: Dec 2005
Distribution: Slackware -current, 13.37
Posts: 861

Rep: Reputation: 93
As per my first post, Squid must be compiled with "--disable-internal-dns", and/or disable dns lookups entirely through squid.

Secondly, I searched back through the ortalk mailing list, and it appears you must have FF 1.1x, then in about:config either find or add

network.proxy.socks_remote_dns

and set the value to true.

That info was found here:

Code:
http://archives.seul.org/or/talk/Aug-2005/msg00303.html
If you browse the same ortalk archives for Sept, 2005, you will see some discussion on squid and dns leaks.

There is also this tor wiki entry:

Code:
http://wiki.noreply.org/noreply/TheOnionRouter/SquidWarning
cheers,
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Privoxy Squid Tor gabsik Linux - Networking 2 01-26-2006 09:18 PM
Tor and privoxy gabsik Linux - Networking 1 12-26-2005 01:57 PM
Tor & Privoxy - how to get it to work? EvilBill Ubuntu 1 12-05-2005 08:51 PM
Privoxy and tor z3nith Linux - Software 2 10-01-2005 09:31 PM
Tor & Privoxy esage Linux - Software 3 07-25-2005 10:35 PM


All times are GMT -5. The time now is 11:17 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration