temp321 Posted August 16, 2007 Report Share Posted August 16, 2007 I have set up a socks 5 proxy. These are supposed to be able to handle inbound connections.However, I still can't get inbound connections, and somehow the tracker is sending clients my IP behind the proxy, and those clients then try to connect to me directly. This is a pretty big security hole IMHO.I am sure I have setup everything correctly. In the connections panel under proxy server. I selected my socks 5 server and checked "Use proxy server for peer-to-peer connections. Outbound connections work perfectly. I remember there being a post a long time ago about this, but I haven't been able to find it again. The change log has not showed any fixes for this problem.Has this problem been fixed yet, or will it ever be fixed? Link to comment Share on other sites More sharing options...
Ultima Posted August 16, 2007 Report Share Posted August 16, 2007 How is this a security hole?And just because the tracker can detect your real IP address doesn't necessarily make it µTorrent's problem; it might simply be your proxy server's problem for sending your actual IP address. That said, I don't use the proxy server feature, so I can't refute/confirm any bug reports about it. Link to comment Share on other sites More sharing options...
temp321 Posted August 16, 2007 Author Report Share Posted August 16, 2007 This is a security hole because having checked "Use proxy server for peer-to-peer connections"One would expect inbound connections to be included as a "peer-to-peer" connection.Also socks 5 is supposed to be secure. You can check the source code of the proxy program I'm using if you think the server is sending my actual IP adddress.http://3proxy.ru/download/You can also download the binary and test it easily. Just run the proxy on one computer, and watch your firewall receive all the inbound connections that ignores the proxy and goes straight to your utorrent computer. Link to comment Share on other sites More sharing options...
Firon Posted August 18, 2007 Report Share Posted August 18, 2007 Your proxy is telling the tracker the IP (using X-Forwarded-For, I assume). Link to comment Share on other sites More sharing options...
temp321 Posted August 19, 2007 Author Report Share Posted August 19, 2007 Socks 5 does not create Http headers. Please test it out for yourself. Link to comment Share on other sites More sharing options...
Firon Posted August 19, 2007 Report Share Posted August 19, 2007 It can. Any proxy can add arbitrary headers when configured to do so. Link to comment Share on other sites More sharing options...
temp321 Posted August 20, 2007 Author Report Share Posted August 20, 2007 You can see the source code, it does not add any headers. You can also run it and reproduce it. Link to comment Share on other sites More sharing options...
LatecomerX Posted September 5, 2007 Report Share Posted September 5, 2007 Hi,I registered with this forum to search for, or post, a similar bug. I have configured uTorrent to "use proxy server for peer-to-peer connections", but it is using direct connections with peers - I have confirmed this with a friend of mine. My actual IP address appeared in the list of peers of his torrent client. Maybe this is not considered a security hole, but it is definitely a very critical bug as it leave the users trackable while they thought they virtually aren't. I second to what temp321 has mentioned - Socks5 proxy servers are supposed to keep its users truly anonymous. They act as clients themselves to send/receive data from the destination/source on behalf of its users.From http://www.freeproxy.ru/en/free_proxy/faq/what_is_socks_proxy.htm,Anonymity of a SOCKS ProxyAs SOCKS (as it was already marked above) transfers all data from a client to a server, nothing adding from itself, from the point of view of a web-server, a socks proxy is a client. Therefore anonymity of this type of proxy servers is really always absolute.I'm suspecting that the proxy options are not used in peer-to-peer connections. Can you please check this and fix it as soon as possible?Last but not the least, uTorrent definitely rocks. But it can be even better. - LatecomerX Link to comment Share on other sites More sharing options...
Firon Posted September 5, 2007 Report Share Posted September 5, 2007 And does it happen with this build? http://download.utorrent.com/1.7.2/utorrent-1.7.2-proxy.exe Link to comment Share on other sites More sharing options...
LatecomerX Posted September 5, 2007 Report Share Posted September 5, 2007 I have just tested with the same friend of mine minutes ago and he is still able to view my actual IP address. Link to comment Share on other sites More sharing options...
Firon Posted September 5, 2007 Report Share Posted September 5, 2007 Oh, um, his client probably cached it. Make him remove and re-add the torrent. Link to comment Share on other sites More sharing options...
LatecomerX Posted September 5, 2007 Report Share Posted September 5, 2007 He re-downloaded the torrent as he deleted it after our first test. So is a program restart or a change of torrent required? Link to comment Share on other sites More sharing options...
Firon Posted September 5, 2007 Report Share Posted September 5, 2007 I'd suggest a different torrent, yes.I'm testing right now with a Socks4 (don't have 5) proxy and the build I gave you and it seems to be working okay. My connections are going through the proxy (staring at the log for it...) Link to comment Share on other sites More sharing options...
LatecomerX Posted September 5, 2007 Report Share Posted September 5, 2007 Nope, he's still seeing it with a different torrent. Anyway, is there a way that I can contact you privately (through MSN or something)? PunBB doesn't seem to support private messaging yet. Link to comment Share on other sites More sharing options...
Firon Posted September 5, 2007 Report Share Posted September 5, 2007 Send me an e-mail (PunBB lets you do that) and I'll give you contact info. Link to comment Share on other sites More sharing options...
LatecomerX Posted September 5, 2007 Report Share Posted September 5, 2007 I have sent it. Let me know through the forum if you're sending an e-mail reply as e-mail filters may block it. Link to comment Share on other sites More sharing options...
Firon Posted September 6, 2007 Report Share Posted September 6, 2007 I responded now. Link to comment Share on other sites More sharing options...
patcat88 Posted February 6, 2008 Report Share Posted February 6, 2008 Try setting the "IP/Hostname to report to tracker:" setting in pref-BitTorrent. Not all trackers respect it though. But it might stop your secret/real IP from poping up in the swarm. Im not sure whether uTorrent access the tracker through the proxy, if it does, the tracker will pick up proxy IP and everything is fine. Unless proxy only listens to your reported IP by uTorrent. I don't know what the default is with trackers nowadays. Link to comment Share on other sites More sharing options...
Ultima Posted February 7, 2008 Report Share Posted February 7, 2008 The proxy works only with tracker communication unless the user specifically chooses otherwise ("otherwise" meaning tracker and peer communication). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.