Opened 7 years ago

Closed 7 years ago

#6990 closed defect (worksforme)

I got this msg again and again !

Reported by: kral2008 Owned by: erinn
Priority: Low Milestone:
Component: Applications/Tor bundles/installation Version: Tor: 0.2.2.39
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I got messages like below again and again from Tor Message Log; for example:
"[Fri Sep 28 15:47:00 2012] Potentially Dangerous Connection! - One of your applications established a connection through Tor to "173.194.32.15:443" using a protocol that may leak information about your destination. Please ensure you configure your applications to use only SOCKS4a or SOCKS5 with remote hostname resolution."
Whats the problem?
I have downloaded and installed last ver of tor from Torproject.org.
Thanks.

Child Tickets

Change History (9)

comment:1 Changed 7 years ago by rransom

Component: TorStatusTor bundles/installation
Owner: set to erinn
Priority: criticalminor
Type: taskdefect

That IP address appears to be one of Google's servers which hosts cached copies of indexed pages. Perhaps TBB should set ‘WarnUnsafeSocks 0’; the only program which should be configured to use its Tor client is known to be safe.

comment:2 in reply to:  1 ; Changed 7 years ago by arma

Replying to rransom:

Perhaps TBB should set ‘WarnUnsafeSocks 0’; the only program which should be configured to use its Tor client is known to be safe.

Well, the question is what application caused Tor to output these complaints? The Tor Browser shouldn't be generating them. What else is using Tor on that system?

comment:3 in reply to:  2 Changed 7 years ago by rransom

Replying to arma:

Replying to rransom:

Perhaps TBB should set ‘WarnUnsafeSocks 0’; the only program which should be configured to use its Tor client is known to be safe.

Well, the question is what application caused Tor to output these complaints? The Tor Browser shouldn't be generating them. What else is using Tor on that system?

The Tor Browser is generating these messages. Google links to its cached pages using the IP address of the server on which they are stored.

comment:4 Changed 7 years ago by Sebastian

That still shouldn't trigger this message, because TBB is supposed to put the IP address as hostname which would prevent the warning

comment:5 Changed 7 years ago by arma

Right. The warning happens not when an IP address is presented, but when a socks variant is used that can only send IP addresses.

comment:6 Changed 7 years ago by arma

I assume the user either installed some dangerous extension to his/her tor browser, or pointed some dangerous application to use TBB's tor.

comment:7 in reply to:  5 Changed 7 years ago by rransom

Replying to arma:

Right. The warning happens not when an IP address is presented, but when a socks variant is used that can only send IP addresses.

The warning happens when a client presents an IP address using SOCKS5.

comment:8 Changed 7 years ago by arma

No, the warning happens when the application does a socks5 request with address type 1 or 4 (ipv4 or ipv6) rather than 3 (hostname).

It doesn't matter what the address is -- only what the socks5 address type is. So if you present an IP address while doing a a socks5 request with address type 3 (which is what TBB is supposed to do), you won't get such a warning.

comment:9 Changed 7 years ago by arma

Resolution: worksforme
Status: newclosed

Closing.

If the original poster is still around and wants to tell us what other programs he/she was running through Tor at the same time, that'd be grand.

Note: See TracTickets for help on using tickets.