Opened 6 years ago

Closed 2 years ago

#10121 closed task (worksforme)

[DNSPort] Don't query local network IP via Tor

Reported by: ikurua22 Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client, DNSPort, needs-proposal, dns
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When using DNSPort, I can request something like:
lookup -type=a 192.168.55.55

Please make tor to stop query(not to send to peers).
Those IPs/FQDNs should be blocked:

127.0.0.1
10.10.x.x
192.168.x.x
*.168.192.*.arpa
*.10.10.*.arpa
*.0.127.*.arpa

Child Tickets

Change History (6)

comment:1 Changed 6 years ago by nickm

Keywords: tor-client added
Milestone: Tor: 0.2.5.x-final

comment:2 Changed 6 years ago by nickm

Milestone: Tor: 0.2.5.x-finalTor: 0.2.???

comment:3 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:4 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:5 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:6 Changed 2 years ago by nickm

Keywords: dns added
Resolution: worksforme
Severity: Normal
Status: newclosed

I think that looking up A records for IP addresses is still not something to support at all, no matter what the IP address is.

For PTR records for private networks, I think we already reject those on the relay side, but we should indeed reject them client-side too... and I believe we do, based on simple testing.

Closing as worksforme?

Note: See TracTickets for help on using tickets.