Web requests from firefox, which is currently using privoxy across the SSH tunnel, don’t leak any DNS info. Web requests from IE generate DNS requests (light blue by ethereal default). I’ve just fired up ethereal and double checked this.
SOCKS4 proxies (and firefox using SOCKS5, assuming you’re correct) leak DNS requests.
SETUP SSH PROXY ON IPHONE INSTALL
You don’t need to install privoxy locally on the client machine - all you need is PuTTY and a web browser. privoxy is run on the SSH server (ie the machine at the user’s home) which presumably the user has admin rights to. I searched to see if someone had written an extension that would tell Firefox to use DNS through a proxy, but I haven’t found one yet and I’m not sure if it’s technically possible.ġ0: you’re slightly misinterpreting the howto.
SETUP SSH PROXY ON IPHONE FULL
Supposedly, the Deer Park builds have an option to enable DNS lookups through the proxy (and future public full releases probably will too) but from what I can tell 1.06 does not. Firefox (as of yet) doesn’t support forwarding it’s DNS through the proxy, even though the SOCKS protocol (v5) supports it. Trillian (at least version 3) has an option to forward all of it’s name requests through the proxy, so they can’t tell you are using it unless they see it on a local machine. Worst they could do is lock down a bunch of ports, but worst comes to worst you can use port 80 or 443, which most admins don’t block (unless they just don’t want you using the web of course.) Trillian and Portable Firefox work fine off of a thumbdrive, Putty does as well but does leave a small registry entry on the local machine…not a big deal because it doesnt save a password in that or anything (unless you specifically tell it to.)Īn administrator can *see* what you are trying to accomplish, a well trained administrator knows that you are using SSH if you leave Putty set to a default port, if you change it he/she might be able to tell because they see the DNS request in their logs and then a bunch of encrypted traffic. With Privoxy, this becomes kinda moot, but you need to be a local administrator to install Privoxy properly, otherwise you will be leaking DNS requests to the local network. As was stated before, the biggest concern here is using your work or school’s network’s DNS, they can see where you are going, but they can’t see what you are doing when you are there.
Most versions of SSH and the most current version of Putty can force the highest levels of encryption for the traffic that goes back and forth.
0 kommentar(er)
