Buggy Proxy Settings?

[temp321]

I have set up a socks 5 proxy. These are supposed to be able to handle inbound connections.

However, I still can't get inbound connections, and somehow the tracker is sending clients my IP behind the proxy, and those clients then try to connect to me directly. This is a pretty big security hole IMHO.

I am sure I have setup everything correctly. In the connections panel under proxy server. I selected my socks 5 server and checked "Use proxy server for peer-to-peer connections. Outbound connections work perfectly.

I remember there being a post a long time ago about this, but I haven't been able to find it again. The change log has not showed any fixes for this problem.

Has this problem been fixed yet, or will it ever be fixed?

[Ultima]

How is this a security hole?

And just because the tracker can detect your real IP address doesn't necessarily make it µTorrent's problem; it might simply be your proxy server's problem for sending your actual IP address. That said, I don't use the proxy server feature, so I can't refute/confirm any bug reports about it.

[temp321]

This is a security hole because having checked

"Use proxy server for peer-to-peer connections"

One would expect inbound connections to be included as a "peer-to-peer" connection.

Also socks 5 is supposed to be secure. You can check the source code of the proxy program I'm using if you think the server is sending my actual IP adddress.

http://3proxy.ru/download/

You can also download the binary and test it easily. Just run the proxy on one computer, and watch your firewall receive all the inbound connections that ignores the proxy and goes straight to your utorrent computer.

[Firon]

Your proxy is telling the tracker the IP (using X-Forwarded-For, I assume).

[temp321]

Socks 5 does not create Http headers. Please test it out for yourself.

[Firon]

It can. Any proxy can add arbitrary headers when configured to do so.

[temp321]

You can see the source code, it does not add any headers. You can also run it and reproduce it.

[LatecomerX]

Hi,

I registered with this forum to search for, or post, a similar bug. I have configured uTorrent to "use proxy server for peer-to-peer connections", but it is using direct connections with peers - I have confirmed this with a friend of mine. My actual IP address appeared in the list of peers of his torrent client. Maybe this is not considered a security hole, but it is definitely a very critical bug as it leave the users trackable while they thought they virtually aren't. I second to what temp321 has mentioned - Socks5 proxy servers are supposed to keep its users truly anonymous. They act as clients themselves to send/receive data from the destination/source on behalf of its users.

From http://www.freeproxy.ru/en/free_proxy/faq/what_is_socks_proxy.htm,

Anonymity of a SOCKS Proxy

As SOCKS (as it was already marked above) transfers all data from a client to a server, nothing adding from itself, from the point of view of a web-server, a socks proxy is a client. Therefore anonymity of this type of proxy servers is really always absolute.

I'm suspecting that the proxy options are not used in peer-to-peer connections. Can you please check this and fix it as soon as possible?

Last but not the least, uTorrent definitely rocks. But it can be even better.

- LatecomerX

[Firon]

And does it happen with this build? http://download.utorrent.com/1.7.2/utorrent-1.7.2-proxy.exe

[LatecomerX]

I have just tested with the same friend of mine minutes ago and he is still able to view my actual IP address.

[Firon]

Oh, um, his client probably cached it. Make him remove and re-add the torrent.

[LatecomerX]

He re-downloaded the torrent as he deleted it after our first test. So is a program restart or a change of torrent required?

[Firon]

I'd suggest a different torrent, yes.

I'm testing right now with a Socks4 (don't have 5) proxy and the build I gave you and it seems to be working okay. My connections are going through the proxy (staring at the log for it...)

[LatecomerX]

Nope, he's still seeing it with a different torrent. Anyway, is there a way that I can contact you privately (through MSN or something)? PunBB doesn't seem to support private messaging yet.

[Firon]

Send me an e-mail (PunBB lets you do that) and I'll give you contact info.

[LatecomerX]

I have sent it. Let me know through the forum if you're sending an e-mail reply as e-mail filters may block it.

[Firon]

I responded now.

[patcat88]

Try setting the "IP/Hostname to report to tracker:" setting in pref-BitTorrent. Not all trackers respect it though. But it might stop your secret/real IP from poping up in the swarm. Im not sure whether uTorrent access the tracker through the proxy, if it does, the tracker will pick up proxy IP and everything is fine. Unless proxy only listens to your reported IP by uTorrent. I don't know what the default is with trackers nowadays.

[Ultima]

The proxy works only with tracker communication unless the user specifically chooses otherwise ("otherwise" meaning tracker and peer communication).