Jump to content
Not connected, Your IP: 3.133.140.88

Recommended Posts

Staff or others,

 

I never considered this so I thought I would ask here among my security minded friends.  I connect via Air and have all the rules in place so the only DNS showing is leaseweb's (Air's) using Windows.  Never an exception while on my host OS and never a leak of any kind.  Now I mount a virtualbox VM running a linux 12.04 OS.  This VM is running TBB (TOR) and it works great.  I decided to check for dns leaks and almost a dozen names show up (VM only not in the host OS).  They match the TOR "circuit" I am currently using at that time.  So now I am trying to consider if this is a vulnerability I need to deal with.  I know the TOR circuit is encrypted between all the nodes but these dns names all showing up sort of concern me.  I am looking for recommendations, and questioning if fellow TOR over Air users are seeing the same thing?  Since the TOR circuit changes every 10 minutes or so I don't see how to write numbers based rules.  What to do, if anything is needed?

Share this post


Link to post

I have done a bunch of reading today.  This is a confusing subject.

 

I created my VM using linux because linux is inherently better at handling DNS than windows.  Then I add the latest TBB.  I only use TOR for reading and while most of the sites I visit are https, not all are.  My ISP dns never shows up whether running inside or outside of the VM (firewall rules on the host).  Note; even Air's dns provider doesn't show up using dnsleaktest while I am in the VM and the machine is still tunnel connected.  That makes sense to me if TBB is working correctly.  My machine is VPN wrapped to cloak TOR use from my ISP.  You would think that the TOR project has throughly considered the dns issue.  It would make absolutely no sense to encrypt the packages between the nodes and yet allow the various node dns servers to "know" what sites you visit even if they can't read the content.

 

Point blank question.  Am I misunderstanding TOR's protections?  Does TOR as generically configured encrypt up to the exit node and block/protect the dns stuff to the exit point, OR is the dns weak and in fact it does allow "bad/evil" nodes in the circuit to know where a user goes (I realize content is encrypted)?  I know about bad exit nodes and http.  That is NOT what I am questioning.  I am questioning the nodes earlier in the circuit.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...