Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
04-08-2006, 03:24 AM
|
#1
|
|
Member
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855
Rep: 
|
question about tor, privoxy & squid
hi there,
i'm just wondering if i setup squid to use privoxy as a cache_peer and then setup privoxy & tor to work together will i still get the same level of security offered with the privoxy tor setup?
|
|
|
|
|
04-08-2006, 06:09 AM
|
#2
|
|
Senior Member
Registered: Dec 2005
Distribution: Slackware
Posts: 1,135
|
Code:
WARNING: [WWW] recent testing has shown that using Squid in conjunction with Tor
and Privoxy is a critical compromise to your privacy! Please read [WWW] this update for more details. Thank you.
*
Squid 2 can be compiled with, "--disable-internal-dns", and use
an external dns client of your choice to prevent dns leaks.
You could even disable dns lookups from squid entirely if you'd like. See squid documentation for more info.
from:
http://wiki.noreply.org/noreply/TheO...ter/SquidProxy
cheers, |
|
|
|
|
04-08-2006, 01:36 PM
|
#3
|
|
Member
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567
Rep:
|
It's about a dns leaks while browsing but it dosn't affect you if you use firefox1.5 i cannot link you anyware but it's the thruth !!!!
|
|
|
|
|
04-08-2006, 05:57 PM
|
#4
|
|
Senior Member
Registered: Dec 2005
Distribution: Slackware
Posts: 1,135
|
Quote:
|
Originally Posted by gabsik
It's about a dns leaks while browsing but it dosn't affect you if you use firefox1.5 i cannot link you anyware but it's the thruth !!!!
|
this was actually uncovered in deer park alpha and then incorporated into ff 1.5 - I know there was discussion and howto's on the ortalk mailing list, and I would expect that there would be discussion on the tor wiki, however these are the two lines I've changed in about :config regarding dns:
network.dns.disableIPv6 true
network.proxy.socks_remote_dns true
if I get around to checking into actual links and explanations in the next few days, or if someone specifically requests, I will post here.
cheers, |
|
|
|
|
04-08-2006, 08:09 PM
|
#5
|
|
Member
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567
Rep:
|
nice one !
|
|
|
|
|
04-08-2006, 08:15 PM
|
#6
|
|
Member
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855
Original Poster
Rep:
|
hi mrclisdue,
so what your saying to ms is i can setup tor, privoxy ans squid together as long as i add in those few lines?
network.dns.disableIPv6 true
network.proxy.socks_remote_dns true
but where do i put them?
|
|
|
|
|
04-08-2006, 09:22 PM
|
#7
|
|
Senior Member
Registered: Dec 2005
Distribution: Slackware
Posts: 1,135
|
As per my first post, Squid must be compiled with "--disable-internal-dns", and/or disable dns lookups entirely through squid.
Secondly, I searched back through the ortalk mailing list, and it appears you must have FF 1.1x, then in about :config either find or add
network.proxy.socks_remote_dns
and set the value to true.
That info was found here:
Code:
http://archives.seul.org/or/talk/Aug-2005/msg00303.html
If you browse the same ortalk archives for Sept, 2005, you will see some discussion on squid and dns leaks.
There is also this tor wiki entry:
Code:
http://wiki.noreply.org/noreply/TheOnionRouter/SquidWarning
cheers, |
|
|
|
All times are GMT -5. The time now is 06:38 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
