Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Basically you would use it to see when you requested a page if the request was going out through tor or if the request was going out to the website in general.
What I do when using Tor is to configure my firewall so that only Tor is allowed to start outbound connections. That way I don't have doubts — if I'm not using Tor I simply won't be able to surf.
Basically you would use it to see when you requested a page if the request was going out through tor or if the request was going out to the website in general.
Yes, I understand that in general, but specifically, if it is possible to describe or give an example, what would the packet information look like when going out through Tor and not?
As is common with newbies, we sometime ask a question wanting a simple answer where really what is needed is for one to hit the textbooks, as it were. If this is the case, I respect that; just let me know. The manual for wireshark is frankly daunting! And I can not find any example specific to Tor. I have a feeling that if I want to use wireshark properly, I am going to have to go through some preliminary stages of learning first. I was kind of hoping this might be an exception and I could use wireshark without understanding the totality.
What I do when using Tor is to configure my firewall so that only Tor is allowed to start outbound connections. That way I don't have doubts — if I'm not using Tor I simply won't be able to surf.
This is an intriguing idea? And it sounds suited to my simple mind, but, not having used a firewall in ages (since Windows) and having had a look at the one bundled with Mint (Ubuntu), Gufw, I am going to need help to configure it to do as you suggest.
Are you familiar with Gufw or should I post specific questions for each option? Example: Use the new rule advanced tab? Choose allow TCP. What IP and port to put in the from and to fields? 127.0.0.1 8118 must be one of those. . .
This is an intriguing idea? And it sounds suited to my simple mind, but, not having used a firewall in ages (since Windows) and having had a look at the one bundled with Mint (Ubuntu), Gufw, I am going to need help to configure it to do as you suggest.
Are you familiar with Gufw or should I post specific questions for each option? Example: Use the new rule advanced tab? Choose allow TCP. What IP and port to put in the from and to fields? 127.0.0.1 8118 must be one of those. . .
Well, it depends on where exactly you have Tor and Privoxy running. If it's running on the same host you're using to surf, then all you need to do is find out what user Tor is running as, then tell your firewall to only allow that user to start outbound connections. No need to use any port numbers at all. For example, a command like this would take care of it:
It basically says that if a packet exiting through eth0 wasn't generated by a program running as the user Tor runs as (tor-user in this example) it should be sent to REJECT. You could slap a LOG rule there too if you wanted, in order to know exactly when you would have otherwise been leaking DNS and/or unintentionally doing stuff outside the Tor network. When you're done using Tor, execute the command again with a -D instead of an -I to delete the rule and you're back to normal.
Yes, I understand that in general...snip...without understanding the totality.
In this case it's actually something really really easy to check with say tcpdump, simply verify if the connection is going directly to the website in question on port 80, if it's not and its connecting out to some random host on the net in a port range applicable to tor, it's using tor.
Wireshark, tcpdump, etc are all useful tools but sometimes it's easier to use them in a simple way than in complex way
Edit: Win32 brings up a very elegant solution that appeals to me personally since it will prevent accidents from happening if an app doesn't get restarted at boot up (well, excluding iptables of course.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.