Warning during TOR navigation

Started by AnselmoNaranja, January 06, 2014, 06:23:20 PM

Previous topic - Next topic

AnselmoNaranja

Hello,
while browsing with TOR, they often appear in the console Warning TOR:
[Mon Jan 6 18:19:36 2014] This connection is potentially dangerous! - One of your applications established a connection through Tor to "XXX.XXX.XXX.XXX: 443" using a protocol that could reveal information about your destination. Be sure to configure the applications to use only socks4a or SOCKS5 with remote hostname resolution.

I set as my browser WIKI (set Proxy Sock and v5) and not started Polipo.
Do you have any idea what it could be and if this is to supersede the anonymity?

Thank you

b4d_bl0ck

The most classical tor issue is DNS leaking...
If you are not doing anything particular i think this is the case... otherwise provide more details.

Have fun!
Bye.
bool secure = check_paranoia() ? true : false;

AnselmoNaranja

I'm not doing anything..
What can i do?

The incriminated IP address is 173.194.39.143.
I've execute an nslookup from PTR DNS record about this IP and i've discovered this:

X@Y:~$ nslookup -type=PTR 173.194.39.143
Server:      127.0.0.1
Address:   127.0.0.1#53

Non-authoritative answer:
143.39.194.173.in-addr.arpa   name = bud02s03-in-f15.1e100.net.

And this is a Whois of IP:
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=173.194.39.143?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       173.194.0.0 - 173.194.255.255
CIDR:           173.194.0.0/16
OriginAS:       AS15169
NetName:        GOOGLE
NetHandle:      NET-173-194-0-0-1
Parent:         NET-173-0-0-0-0
NetType:        Direct Allocation
RegDate:        2009-08-17
Updated:        2012-02-24
Ref:            http://whois.arin.net/rest/net/NET-173-194-0-0-1


OrgName:        Google Inc.
OrgId:          GOGL
Address:        1600 Amphitheatre Parkway
City:           Mountain View
StateProv:      CA
PostalCode:     94043
Country:        US
RegDate:        2000-03-30
Updated:        2013-08-07
Ref:            http://whois.arin.net/rest/org/GOGL

OrgTechHandle: ZG39-ARIN
OrgTechName:   Google Inc
OrgTechPhone:  +1-650-253-0000
OrgTechEmail:  arin-contact@google.com
OrgTechRef:    http://whois.arin.net/rest/poc/ZG39-ARIN

OrgAbuseHandle: ZG39-ARIN
OrgAbuseName:   Google Inc
OrgAbusePhone:  +1-650-253-0000
OrgAbuseEmail:  arin-contact@google.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/ZG39-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

What my application call a Google Server without my knowing it?

b4d_bl0ck

Man if you don't tell us what applications you are running, we cannot say anything.
I can't see anything strange, usual tor behaviour. If you have lots of messages like that while browsing, this is nothing exceptional.
Anyways a:
sudo ss -anp | grep <IP_ADDRESS>
will tell you which process the connection belongs to.
(Reasonably if you just have your web browser going through tor, then you can't expect any other socket owner than the browser itself.)

Anyways yes, it compromises anonymity.
Read about it on tor website.

Bye
bool secure = check_paranoia() ? true : false;

AnselmoNaranja

Following a suggestion on the site of TOR, I set the option Application Proxy Vidalia to / usr / bin / polipo (But it is the same even without).
Do not use any other applications and have stopped all other services (except TOR and OCTOPUS course).
I also have not started even the suite "Anonymous" of BackBox.
The command that I've provided does not produce any output.
From the site TOR, it is called DNS leack but also of false positives. Could this be the problem? My configuration seems correct. Has not happened to any of you such a thing?

AnselmoNaranja

Hello,
the problem is still present. I just startare TOR and POLIPO, configure the browser as WIKI, browse, and that's the problem persists.
But this happens to you?

b4d_bl0ck

In this same thread i told you two times (two!) that those warnings alert the user about DNS leaking, and they are "normal" when you use tor (normal for the way tor is built)! After that, you agreed about what is called DNS leaking... and now? Again asking about this?
Man wtf! There are loads of materials about the topic on the web.
bool secure = check_paranoia() ? true : false;