Re: Basic, yet detailed, Tor questions.

On Fri, 2005-09-09 at 18:23 +0000, Me wrote:
> Here are some very basic Tor questions, I would appreciate answers for.
> Thanks.
>
> 1. Am I correct that my ISP cannot understand any of my traffic to and
> from the Net since everything is encypted. I also assume that they
> cannot see the URL since when that is sent, it is also encrypted.

This is correct with the notable exception of DNS requests as per your
question below. If everything is configured properly, the copy of the
tor client residing on your machine securely encrypts everything
outgoing, decrypts everything incoming, and the only thing your ISP (or
anyone observing your connection) can see is encrypted data traveling
between you and your first tor node.

> 3. I believe I am right in saying that Socks 4a works with the
> hostname and does not need the IP address to be resolved before sending
> web traffic. At what point in the me--->privoxy--->tor connection does
> the "resolving" or equivalent occur. I assume it is done through Privoy

Ideally, and typically in socks4a, the tor exit node does DNS
resolution. IOW, the DNS request is passed through Privoxy, to tor,
where it's encrypted, sent to the exit node, and performed from there.

> as it is the socks client? (So therefore, does socks 4a not have to
> bother at any point doing URL to IP through DNS, or is it just that it
> does not have to happen at the beginning of the connection, as is
> normally the case?)

What do you mean by "beginning"? If you mean chronological beginning,
then no, DNS resolution has to happen before anything else. You have to
know what IP to connect to for "whatever.com" before the first SYN
packet is sent. If you mean the physical beginning of the connection,
then yes, DNS resolution is done at the far end. :)

> 4. With other applications, how do I ensure the same system applies.
> For example, using Thundebird, as far as I can see, there is no
> provision for using a proxy. Also, what about telnet for example? If
> I telnet to port 23 or whatever, how do I ensure that it is encypted in

SocksCap, FreeCap(?), or something like socat on *nix. In essence you
have to intercept the connection from your mail/telnet/whatever client
and redirect it through tor unbeknown to that client.

> the same way as web traffic. How do I also ensure the telnet server
> does not know my IP? (I am using telnet as an example). The same would

The easy way is to connect to something that will display what it
believes your IP is. For HTTP traffic that's easy. There's a bunch of
them. For other protocols you might have to do a little digging, or, you
can try connecting back to a server running on your machine.

It's really not necessary to set up a real server either. Something like
netcat can listen for connections of all types on any port, and show you
when something tries to connect. Simply set up everything as you believe
it should be to connect to the outside world anonymously, then fire up
netcat to listen on a given port, and tell your client to connect to
your actual IP:PORT (not 127.0.0.1, or it will probably bypass tor).

The other option is to sniff your connections. Netstat, Ethereal, etc
can show you what connections are being made outside your machine. With
varying degrees of detail. If you fire up Ethereal, for example, and
telnet to wherever, you should see either connections being made
directly to that location, or to a tor node if everything is set up
correctly. You should also see encrypted data, rather than cleartext.

> apply to applications that do not operate within a web browser
> environment. In the case of ICQ, for example, I believe there is a
> proxy setting. Presumbably all I would do is sonfigure it to 9050 and
> that would work. (So Privoxy would not be used)?

That is correct. ICQ/IM/IRC clients that are able to use socks4a proxies
natively should not need Privoxy, socat, or any "man in th middle"
software. No client that can speak SOCKS should need them unless you
need to solve the DNS issue.

--
Hand crafted on Fri. Sep 09, 2005 at 02:59:50 PM

Outide of a dog, a book is a man's best friend.
Inside a dog, it's too dark to read.


.

Relevant Pages

  • Re: Remote Web Workspace
    ... Your DNS is definitely wrong. ... the Client computers should point to the server LAN NIC. ... > Ethernet adapter Server Local Area Connection: ...
    (microsoft.public.windows.server.sbs)
  • Re: Lost Resources
    ... Sorry, but i am talking about the client in the site, not your connection. ... This posting is provided "AS IS" with no warranties, ... Connection-specific DNS Suffix. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Applying computer settings - SLOW
    ... automatically from the SBS DHCP server. ... > far as adding the client machines to dns I had to manually add them ... > they are pre-windows 2000 and do not register themselves in dns. ... > adapter Local Area Connection: ...
    (microsoft.public.windows.server.sbs)
  • Re: Creating a Virtual Domain
    ... "ipconfig /all" results for the DC and client virtual PCs respectively at ... Ethernet adapter Local Area Connection: ... Connection-specific DNS Suffix. ... > In general domain controller must also use Active Directory DNS (and _not_ ...
    (microsoft.public.windows.server.networking)
  • Re: Basic, yet detailed, Tor questions.
    ... If everything is configured properly, the copy of the tor client residing on your machine securely encrypts everything outgoing, decrypts everything incoming, and the only thing your ISP (or anyone observing your connection) can see is encrypted data traveling between you and your first tor node. ...
    (alt.privacy)