Silk Road forums

Discussion => Security => Topic started by: goblin on December 15, 2012, 05:52 pm

Title: DNS leaks using bitcoin client?
Post by: goblin on December 15, 2012, 05:52 pm
I get this all the time (in the message log section of vidalia) running the bitcoin client, ad I'm sure everyone else does too. Question is, is there any way to force it to go through socks4a instead of socks4? This business of using privoxy or socat, how would you implement it, if you're stuck using the torbrowser bundle?

An expert's help here would be a godsend. This thing sure makes me nervous.

goblin

[Warning] Your application (using socks4 to port 8333) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.
Title: Re: DNS leaks using bitcoin client?
Post by: woahmang on December 15, 2012, 06:21 pm
Bitcoin is a peer-to-peer network and from what I understand doesn't do any DNS lookups, it connects directly to IP addresses without first resolving them from a domain name. This would make the TOR bundle a bit nervous because it's assuming that an application is resolving domain names (google.com) to IP addresses (173.194.35.145) through your ISP's Domain Name Service servers and then connecting to the IP addresses via TOR, rather than resolving the domains through TOR. This would mean it's leaking information to your ISP about which domains you're accessing. But like I said, Bitcoin connects to nameless computers on a peer-to-peer network, they're just other people rather than services which have a human readable name published to DNS.

If you suspect that your ISP is logging DNS requests (this is cheap and easy) to its servers then you could change your DNS servers to ones in a completely different jurisdiction, and unless they're doing deep packet inspection (rather costly) they'll never know which sites you're visiting.

Also, if you don't trust what I've said here then you can verify it using WireShark. Record your traffic when you see the warning, then look stuff happening on the DNS protocol in the recording log. You'll see everything your computer is requesting over DNS and what information could potentially be being leaked.
Title: Re: DNS leaks using bitcoin client?
Post by: SelfSovereignty on December 15, 2012, 06:22 pm
So I'm no expert (infact if you actually know what the difference between socks4a and socks4 is, you know more than I do)... but I wouldn't worry about it.  As I understand it, the Bitcoin client stores a database of nodes so that when it's started up it can bootstrap itself onto the network instead of always needing to query a central source the way bittorrent does with trackers.

Not everybody has a forward-facing, human-readable address.  If bitcoin stores the dotted quad address (numeric form; some people say this is fine usage, others say I'm fucking retarded and it's not a real thing... but it gets the idea across), then of course Tor is only going to see the dotted quad address.  There was no DNS query for it in the first place.  It wouldn't exist in any DNS server's table anywhere in the world.  It's only the numeric address where somebody's running a client, nothing more.

See what I mean?

... awww... Woahmang beat me to it :(  sniffles... lol
Title: Re: DNS leaks using bitcoin client?
Post by: goblin on December 15, 2012, 06:27 pm
Thanks to both you guys for much needed relief. I'll keep looking at it with at least one eye at all times, though. Wireshark, I'll look it up.
Title: Re: DNS leaks using bitcoin client?
Post by: SelfSovereignty on December 15, 2012, 06:30 pm
BTW, it came to mind while reading your post: the Tor Browser Bundle is really three pieces of software.  The standard Tor program, Vidalia which is a GUI for configuring the Tor program, and the Tor Browser (a modded little Firefox version with some plugins preinstalled).  So "being stuck with it," really isn't hampering you any.  You're still using the same Tor program that any security expert would be using (assuming they don't use a still-in-testing prerelease version or something, of course).

And yeah, Wireshark is a great tool.  It's a little daunting if you don't know anything about packets and headers and... well yeah.  It's a little daunting at first.