Warnings running through Tor #725

issue gavinandresen opened this issue on December 23, 2011
  1. gavinandresen commented at 7:06 PM on December 23, 2011: contributor

    I'm getting warning in Vidalia running bitcoin through Tor:

    Your application (using socks4 to port 8333) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS.

    From a brief chat in #Tor on irc.oftc.net:

    You can modify your socks code to connect to a hostname (you can use an IP address as hostname without any trouble, if you're using socks5) or you can use socks4a and stuff will also just work

    I don't know nuthin about SOCKS, but I'm hoping somebody else does and can fix this...

  2. laanwj commented at 7:17 PM on December 23, 2011: member

    The bitcoin protocol only exchanges peer addresses as IPs, isn't it?

    Does it ever connect to a hostname instead of an IP? (only for seeding maybe?) If so, it indeed should do this directly through SOCKS, and not by first looking up the name using DNS, as this exposes the host name to anyone listening for DNS requests.

    Edit: DNS lookups should be only used when -dns is passed (which sets fAllowDNS). In practice, it always does DNS lookups for showmyip.com etc when determining the external IP address, and when lookup up the IRC server (!) irc.lfnet.org.

  3. gmaxwell commented at 7:06 AM on January 10, 2012: contributor

    This is half real half bogus, — the warning is generated because of the assumption that if the socks port is seeing IP addresses the client did its own DNS requests which have leaked out. (e.g. lots of apps can be configured to use a proxy but still end up using the libc resolver and then deanonymizing data leaks out via DNS, tor can't see the leak but it can see connections to IPs instead of names) For the most part we don't use DNS— the exceptions being the stuff mentioned above and DNSSeed which can't be usefully done using tor's integrated dns (see the other issue I opened on dnsseed+tor). We should make sure to use dns via tor for the things where we do dns and disable showmyip when using tor (dnsseed is now disabled already) Unfortunately that warning will remain, but after those things are fixed the warning will be completely bogus and I don't think there is anything we can do about that. :(

  4. gavinandresen closed this on Jul 5, 2012
  5. destenson referenced this in commit 618c27a99d on Jun 26, 2016
  6. ptschip referenced this in commit b90b977331 on Aug 6, 2017
  7. dexX7 referenced this in commit 0e0e7e97a3 on Aug 13, 2018
  8. kallewoof referenced this in commit f98b4ee657 on Oct 4, 2019
  9. Losangelosgenetics referenced this in commit 49c84ac7c0 on Mar 12, 2020
  10. DrahtBot locked this on Sep 8, 2021
  11. hebasto referenced this in commit 19764dc143 on Apr 13, 2023
  12. sidhujag referenced this in commit 58b94f3a10 on Apr 13, 2023
Contributors
gavinandresenlaanwjgmaxwell
Labels
Bug
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-02 15:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me