[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: two questions about ssh tunneling

On Fri, 4 Dec 2009 14:13:11 -0800
Tyler MacDonald <tyler@macdonald.name> wrote:

...

>   I believe when you use SOCKS, your browser stops doing DNS resolution and
> just hands the hostnames directly to the SOCKS server. So all they would be
> able to sniff is your encrypted SSH session, which they (hopefully) can't
> decrypt.

Are you sure that applications using SOCKS aren't doing their own DNS
resolution?  The Tor FAQ suggests that they often do:

"Where SOCKS comes in. Your application uses the SOCKS protocol to
connect to your local Tor client. There are 3 versions of SOCKS you are
likely to run into: SOCKS 4 (which only uses IP addresses), SOCKS 5
(which usually uses IP addresses in practice), and SOCKS 4a (which uses
hostnames).

When your application uses SOCKS 4 or SOCKS 5 to give Tor an IP
address, Tor guesses that it 'probably' got the IP address
non-anonymously from a DNS server. That's why it gives you a warning
message: you probably aren't as anonymous as you think."

https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS

Celejar
-- 
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: