http://www.panta-rhei.dyndns.org/pantawiki/SecurityAndEncryptionFaq

Is a very interesting and detailed guide on how to use Tor,provixy,Stunnel , freecap and DCPP

It's great, but I'm still a bit unclear about the following points, perhaps the privacy gurus here can explain.

1) What is the major difference between JAP and TOR? Is it merely that Tor is a socks proxy that allows a suitably "sockified" app to connect with it, while JAP is strictly for HTTP only?

2) When you sockify a app and run it through TOR , your isp is hidden from whatever you connect to right? But what about your ISP? Can it see where you are connecting to? Or does it merely see you connecting to the socks proxy?

3)What is tunneling?

4)Stunnel appears to encrypt connections so no-one can see what is being sent right? How does this interact with Tor or JAP?

Thanks

JAP is an HTTP proxy but can handle HTTP, HTTPS and FTP protocols. It has a limited number of mixes you can connect to so performance can be slow. The client is written in Java so should run on any system where a Java Runtime Environment is available. All traffic is encrypted using 128-bit AES. The JAP client may soon be able to connect to Tor servers (http://www.freehaven.net/tor/developers.html) (see the comment about JAP at the bottom).

Tor uses SOCKS and has more servers available. It should be able to handle any application that can be SOCKSified (not just web/file transfers). Versions are available for Linux/UNIX and Windows but not others (Apple OSX users may be able to use the FreeBSD version). All traffic is encrypted using 128-bit AES. Since both Tor and JAP encrypt traffic, all your ISP should be able to see is the encrypted traffic being sent to the first Tor node/JAP mix. Tunneling is using one protocol to carry headers and data for another - for example you could include file transfer protocol commands within an HTTP request to allow it to pass through a firewall that only allowed HTTP. For tunneling to work, it must go to a server that "unwraps" the protocol at the other end. Tunneling can include encryption and authentication but does not have to. Stunnel (http://www.stunnel.org/) allows you to tunnel network connections within an SSL (HTTPS) connection providing encryption. It must connect to a stunnel server which then decrypts the data. It does not provide anonymity on its own but a network of stunnel servers randomly routing data between themselves multiple times should give the same level of protection as Tor or JAP.

So far Tor has been working the best for me. I used it with SocksCap and usually dont notice any slowdown at all. Tor also seems to take up less resources than Jap. I have been using Tor for every single application that uses the net with no problems whatsoever (msn/icq/aim/sonork/winamp streams/various updates/browser/etc.) but I am sure it has it's limits.

-{ Quote: "So far Tor has been working the best for me. I used it with SocksCap and usually dont notice any slowdown at all. Tor also seems to take up less resources than Jap. I have been using Tor for every single application that uses the net with no problems whatsoever (msn/icq/aim/sonork/winamp streams/various updates/browser/etc.) but I am sure it has it's limits." }-

Yeah seems to work great. For other than web browsing, I;m using freecap/wincap plus Tor

Though I often get a warning in the Tor console about "your application is giving Tor only an Ip address. Applications that do DNS resolving themselves may leak info. Consider using socks4A(eg via prioxy or socat) instead

What implications does this have?

I suppose it means for sure that my ISP can know where I'm going, by watching what DNS lookups my apps are doing correct?

But does it also enable my destination servers to guess where I'm going from ? As you can see I have only a vague idea how DNS looks is done.

Also you mention in another post that web-browser+proxomitron (sockified) takes the place of privoxy . How do you do it? When I do it , gives me a error message about Tor not handling HTTP proxy.

What I did was to point my browser firefox to
127.0.0.1 ,8080 (proxo listens on this). I ran proxomitron from sockscap. Then in proxomitron i set it to use the remote proxy 127.0.0.1 ,9050. What did i do wrong?

-{ Quote: " JAP is an HTTP proxy but can handle HTTP, HTTPS and FTP protocols. It has a limited number of mixes you can connect to so performance can be slow. The client is written in Java so should run on any system where a Java Runtime Environment is available. All traffic is encrypted using 128-bit AES. The JAP client may soon be able to connect to Tor servers (http://www.freehaven.net/tor/developers.html) (see the comment about JAP at the bottom).

Tor uses SOCKS and has more servers available. It should be able to handle any application that can be SOCKSified (not just web/file transfers). Versions are available for Linux/UNIX and Windows but not others (Apple OSX users may be able to use the FreeBSD version). All traffic is encrypted using 128-bit AES. Since both Tor and JAP encrypt traffic, all your ISP should be able to see is the encrypted traffic being sent to the first Tor node/JAP mix. Tunneling is using one protocol to carry headers and data for another - for example you could include file transfer protocol commands within an HTTP request to allow it to pass through a firewall that only allowed HTTP. For tunneling to work, it must go to a server that "unwraps" the protocol at the other end. Tunneling can include encryption and authentication but does not have to. Stunnel (http://www.stunnel.org/) allows you to tunnel network connections within an SSL (HTTPS) connection providing encryption. It must connect to a stunnel server which then decrypts the data. It does not provide anonymity on its own but a network of stunnel servers randomly routing data between themselves multiple times should give the same level of protection as Tor or JAP." }-

I just knew I could count on you to answer the questions with the details.

It seems to me that, there are 3 seperate concerns to privacy and security when using such measures

1) Can your ISP see where you are connecting to?

2) Can your destination figure out your orginating ip

3) Are the contents you send secure against prying eyes on route?

I'm less concerned with 1, but it's nice to have if possible.

If I use Tor or JAPS I'm automatically assued of 1)+2) no? But it won't protect the contents from being intercepted between the last mix and the final destination?

What if I use a simple annoymizer service? Or just Stunnel?

Very interesting technical discussion, this. I use eXtraDNS so I can bypass my ISP's DNS logs (I assume) and The Proxomitron (Altosax filters, must get new ones - recommendations for a set that works with Hotmail, please?) which then goes via JAP's Dresden-ULD. I also have Anonymizer 2004, which (I guess) bypasses all the above. Worries me a bit to put my trusted eggs in one basket, must admit. Thinking of using a port bridge to force everything through JAP... Can't find a personal "free" mailserver that doesn't require registration...just how anonymous can it be if it demands to know your details, for Pity's sake?

I really don't care about slow performance - we get broadband next year. More concerned about living my own life without someone else thinking I'm their bloody property, 8)

-{ Quote: "What I did was to point my browser firefox to
127.0.0.1 ,8080 (proxo listens on this). I ran proxomitron from sockscap. Then in proxomitron i set it to use the remote proxy 127.0.0.1 ,9050. What did i do wrong?" }-

No need to enable the Remote Proxy in Proxomitron ;)

If you run it socksified with SocksCap, it'll work.

-{ Quote: "Also you mention in another post that web-browser+proxomitron (sockified) takes the place of privoxy . How do you do it? When I do it , gives me a error message about Tor not handling HTTP proxy." }-

Install SocksCap and change its settings to localhost:9050 for Socks5
This will make all programs run with SocksCap connect through Tor on port 9050

Click to add a program and find Proxomitron
Once you have it added drag the Proxomitron icon from SocksCap to your desktop to create a shortcut
Then you just click on that shortcut to run Proxomitron under SocksCap
Do not use the remote proxy in Proxomitron, SocksCap will make it all automatic for you

-{ Quote: "...Applications that do DNS resolving themselves may leak info. Consider using socks4A(eg via prioxy or socat) instead

What implications does this have?" }-If the DNS server owner logs requests, then they can keep track of your lookups. This can give them a partial picture of your web activity (I say partial since most PCs cache DNS lookup results so will not do a lookup every time a site is visited and lookups are needed for almost all network activities, not just web access). You could avoid this by overriding your network settings and specifying a public DNS server (like OpenRSC (http://support.open-rsc.org/.servers/) or OpenNIC (http://www.opennic.unrated.net/public_servers.html)) but performance may be slower (the server would not be local and may be more heavily loaded).-{ Quote: "But does it also enable my destination servers to guess where I'm going from ? As you can see I have only a vague idea how DNS looks is done." }-Destination websites will have no idea of DNS activity. Someone running a website could also administer the DNS server responsible for providing its address (known as the authoritatve server) which can give them an idea of where lookups are coming from - however for most users, the first DNS server they contact (which would be their ISP's in most cases) would contact the authoritative server itself to obtain (and then cache) the results - so at best, they could tell which ISP you were using if they could link the DNS lookup with your subsequent page request (which is unlikely since it would be coming from a different network if you used JAP/Tor).

This is known as a recursive DNS lookup - it is also possible to do an iterative lookup where the first DNS server simply supplies the address of the authoritative DNS server leaving it up to your system to query it, but this form of lookup is normally only used between DNS servers.-{ Quote: "1) Can your ISP see where you are connecting to?" }-They will be able to see a connection to the first server of JAP or Tor but not where they connect to in turn - so they will not know the ultimate destination. Assuming that you are running a firewall, this should report the same information - as will a netstat command run from a command prompt window.-{ Quote: "2) Can your destination figure out your orginating ip" }-Not from the traffic alone - it will appear to come from the last server in Tor/JAP. However Java or Javascript can be used to find this information from your browser (hence the reason for using Proxomitron or another web filter to stop this). To see what information your browser reveals, visit a site like BrowserSpy (http://gemal.dk/browserspy/) or Leader Network Tools (http://www.leader.ru/secure/who.html).

It is also possible for a webpage to include Java/Javascript code designed to cause a browser to make a direct connection bypassing any proxies. Aside from blocking all Java/Javascript, the best defence against this is to use your firewall to restrict your browser to contacting the proxy only.-{ Quote: "3) Are the contents you send secure against prying eyes on route?" }-While encrypted, yes. However since the desintation expects unencrypted traffic, the final stage (between the last Tor/JAP server and the destination) will be in the clear. For someone to identify it as your traffic though, they need to monitor every server of Tor/JAP and perform traffic analysis to link it with your (encrypted) incoming request. The only groups with these sort of resources are likely to be the TLA agencies (hence both Tor/JAP warn against relying on their systems for "strong anonymity"). However to prevent ISP logging or website tracking, these systems should be more than adequate.-{ Quote: "What if I use a simple annoymizer service? Or just Stunnel?" }-Since these only involve one intermediate server (rather than a whole network), traffic analysis is much easier - meaning that they would offer less anonymity. However (as mentioned above) a network of Stunnel servers routing connections at random would give equivalent protection (this is basically how Tor/JAP work).-{ Quote: "No need to enable the Remote Proxy in Proxomitron" }-Thanks for that! I had configured Proxomitron to use Tor as a remote proxy and was scratching my head as to why it wasn't working. Now it does. :) It would be nice to avoid having to use SocksCap though - the splash screen on startup and its time-restricted functionality are somewhat annoying. However if the JAP client gains Tor functionality that would definitely be the best of both worlds...

The only time I get "Your application (using socks x on port x) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A..." is when I don't connect through Proxomitron (eg. aim). Does this mean that Proxomitorn is doing its DNS through Tor?

It's so funny, now everything on "http://gemal.dk/browserspy/headers.cgi" is like:

-{ Quote: "HTTP_ACCEPT_LANGUAGE en-uk
HTTP_CLIENT_IP 216.15.9.94
HTTP_HOST gemal.dk
HTTP_REFERER http://gemal.dk/browserspy/headers.cgi
HTTP_USER_AGENT Mozilla/3.02Gold (WinNT; I) via proxy gateway CERN-HTTPD/3.0 libwww/2.17
HTTP_VIA mulga.bs.wa.gov.au
HTTP_X_FORWARDED_FOR 63.127.192.162
QUERY_STRING
REMOTE_ADDR 209.8.40.140
REMOTE_PORT 48875
REQUEST_METHOD GET
REQUEST_URI /browserspy/headers.cgi" }-

None of the IPs are mine, my browser is Firefox, and my language is Canadian :D

I would just like to say that with SocksCap set to resolve all addresses remotely it lets Tor do the job. You can test this by going to a false url and watching the Tor window try to resolve it.

-{ Quote: "I use eXtraDNS so I can bypass my ISP's DNS logs (I assume) and The Proxomitron (Altosax filters, must get new ones - recommendations for a set that works with Hotmail, please?) which then goes via JAP's Dresden-ULD. I also have Anonymizer 2004, which (I guess) bypasses all the above. " }-
And now I've installed Sockscap...even though I haven't got a clue how to use it! Is it possible to coordinate all or most of the above with Sockscap to achieve privacy and anonymity?

Thank you, O Knowledgeable Ones!

P.S. Know what would really be neat? If my ISP only ever directed my traffic to one, and only one, address on the Internet - in an encrypted stream. Kind of moving all my ports (DNS, HTTP etcetera) out of my machine and onto a remote server. Thanks.

-{ Quote: "And now I've installed Sockscap...even though I haven't got a clue how to use it! Is it possible to coordinate all or most of the above with Sockscap to achieve privacy and anonymity?" }-Check the Setting up Tor/Proxomitron+SocksCap (http://www.wilderssecurity.com/showthread.php?t=55748) thread for configuration details.-{ Quote: "P.S. Know what would really be neat? If my ISP only ever directed my traffic to one, and only one, address on the Internet - in an encrypted stream. Kind of moving all my ports (DNS, HTTP etcetera) out of my machine and onto a remote server." }-Ah, but if your ISP was doing the encryption, they'd be able to peek inside and see what you were up to wouldn't they? ;)

Thanks Paranoid2000, pretty much the answers I expected, nice of you to confirm them.


-{ Quote: "Thanks for that! I had configured Proxomitron to use Tor as a remote proxy and was scratching my head as to why it wasn't working. Now it does. :) It would be nice to avoid having to use SocksCap though - the splash screen on startup and its time-restricted functionality are somewhat annoying. However if the JAP client gains Tor functionality that would definitely be the best of both worlds..." }-

Now let me return the favour.

I've being playing with both freecap http://www.freecap.ru/eng/?p=index and sockscap.

Freecap is a open source free software. It has no splash screen, and is 100% free.

I've sockified some of my apps via both freecap and sockscap, and compared them. Some work in one but not the other and vice versa. In particular I have one software that starts a child processe and when using freecap, the child process is sockified automatically, but not when using sockscap (apparantly).

On the other hand, I read in another thread where John mentioned the trick of dragging the app in sockscap to the desktop. This doesn't seem to result in a splash screen.

I just noticed in both sockscap and wincap you can select socks5 , what does that do?,

All about socks:

http://www.stayinvisible.com/index.pl/socks_proxy_servers

http://www.google.com/search?hl=en&lr=&client=firefox-a&rls=org.mozilla:en-US:official&oi=defmore&q=define:SOCKS

http://www.webopedia.com/TERM/S/SOCKS.html

Just curious, anyone here had sucuess with sockifying your email client, then using it to send smtp via Tor?

I can't seem to get it to work. Most of the smtp servers I use, add my ip address to the headers, and once I even had a nasty experience where the guy i replied to via email said he port scanned me.

I can recieve mail via Becky! V.2
But I cannot send mail. Tor gives me this:

No Tor server exists that allows exit to smtp....

Check out Quicksilver:

http://quicksilver.skuz.net/

and Jack B. Nymble:

http://www.bigfoot.com/~potatoware/jbn2/index.html

-{ Quote: "Ah, but if your ISP was doing the encryption, they'd be able to peek inside and see what you were up to wouldn't they? ;)" }-
ISPs don't do encryption! Clients and servers do! (Or am I missing something here?)

-{ Quote: "I can recieve mail via Becky! V.2
But I cannot send mail. Tor gives me this:

No Tor server exists that allows exit to smtp....

Check out Quicksilver:

http://quicksilver.skuz.net/

and Jack B. Nymble:

http://www.bigfoot.com/~potatoware/jbn2/index.html" }-


Thanks . I have the same problem. I have played with quicksilver before, but I prefer to use smtp via my normal email client.

-{ Quote: "Freecap is a open source free software. It has no splash screen, and is 100% free." }-Thanks for the pointer - I'll check Freecap out. :)-{ Quote: "I've sockified some of my apps via both freecap and sockscap, and compared them. Some work in one but not the other and vice versa. In particular I have one software that starts a child processe and when using freecap, the child process is sockified automatically, but not when using sockscap (apparantly)." }-This could be related to ASPack (a runtime compression tool) - programs using it didn't work with FreeCap but the latest version apparently works around this on WinNT/2K/XP systems.-{ Quote: "I can recieve mail via Becky! V.2
But I cannot send mail. Tor gives me this:

No Tor server exists that allows exit to smtp...." }-Even if one did exist, it most likely would not work since most ISPs limit access to their SMTP servers to their own IP addresses only (otherwise they would get relay-raped by spammers). Many ISPs offer a webpage for email access however (and there is Mail2Web (http://www.mail2web.com/) for those that don't) and these should be accessible from Tor, if you wish to keep using your ISP email.

I'd also recommend checking out SpamGourmet (www.spamgourmet.com) which allows you to create throwaway accounts where messages get relayed to your main email address - this is an anti-spam solution (if you give a different address to each website you correspond with, you know who to blame when one starts receiving spam), not an anonymiser (your real email address is still visible in the email headers) but a useful addition nonetheless.

One problem I have encountered is that your IP address can change quite frequently with Tor. Some websites (like SpamGourmet) do use your address to identify your session so you may keep getting logged out. If you encounter this, try using JAP for that site to confirm if this is the cause (with JAP, your IP address only changes if you switch mix servers).

BTW, just checked the IP address on a forum post I made using Tor...

"The IP Address is: 194.70.3.60. The host name is: the.dogs.bollo.cx."

Gotta love some of those domain names. ;D

-{ Quote: "None of the IPs are mine, my browser is Firefox, and my language is Canadian :D" }-

Language is Canadian? You mean English?

-{ Quote: "I'd also recommend checking out SpamGourmet (www.spamgourmet.com) which allows you to create throwaway accounts where messages get relayed to your main email address - this is an anti-spam solution (if you give a different address to each website you correspond with, you know who to blame when one starts receiving spam), not an anonymiser (your real email address is still visible in the email headers) but a useful addition nonetheless." }-

Paranoid, Nothing is more useful to me and has changed my surfing and email life as much as Spam Gourmet. It is an incredible service. Thanks for your very useful posts in this thread. I think you are right on target. I use them all some, but have found the commercial proxies like Primedius and FindNot.com are far speedier and I get mad when the software solutions timeout or slow way down. Good stuff though and you do a great job of explaining to those new to JAP, TOR, Stunnel and others.

Cheers.
Gerard

-{ Quote: "Even if one did exist, it most likely would not work since most ISPs limit access to their SMTP servers to their own IP addresses only (otherwise they would get relay-raped by spammers).

" }-

Not really since the emails i'm testing are not ISPish SMTP servers. As a result they use other methods to authenticate rather than just restricting by ip ranges.

-{ Quote: "
Many ISPs offer a webpage for email access however (and there is Mail2Web (http://www.mail2web.com/) for those that don't) and these should be accessible from Tor, if you wish to keep using your ISP email.
" }-

Sure, but that's defeats the purpose of using POP/SMTP.

-{ Quote: "
I'd also recommend checking out SpamGourmet (www.spamgourmet.com) which allows you to create throwaway accounts where messages get relayed to your main email address - this is an anti-spam solution (if you give a different address to each website you correspond with, you know who to blame when one starts receiving spam), not an anonymiser (your real email address is still visible in the email headers) but a useful addition nonetheless.
" }-

I use spamgourmet, but this is a different matter. I want to stop smtp servers from adding my ip address to the headers. SG actually does this too I think, but in a very round about method.

-{ Quote: "I use spamgourmet, but this is a different matter. I want to stop smtp servers from adding my ip address to the headers. SG actually does this too I think, but in a very round about method." }-Any SMTP server which did not add the IP address to the header would be jumped on by spammers the world over since normal ones can catch out a spam-SMTP server using a fake HELO. They do exist (mainly ones running outdated software) but are quite likely to be blacklisted.

As for SpamGourmet, it is not an email anonymiser - it does include your original address in the headers.

Given the problems of spam, I would suggest that your only method of using anonymous email is via a web page (accessed via Tor, JAP or whatever...). Just another reason to kick any spammers you know. ;) Or better yet, subscribe them to the Scientologists and let them spam each other...

-{ Quote: "Any SMTP server which did not add the IP address to the header would be jumped on by spammers the world over since normal ones can catch out a spam-SMTP server using a fake HELO.
" }-

Don't quite get what you are saying

" }-
They do exist (mainly ones running outdated software) but are quite likely to be blacklisted." }-

That's why if Tor could work, it would be great. No need for the SMTP server to fake anything.

-{ Quote: "Don't quite get what you are saying" }-Adding IP addresses to mail headers is a standard feature of any mailserver software. Only very old versions do not do this.-{ Quote: "That's why if Tor could work, it would be great. No need for the SMTP server to fake anything." }-It would be great for spammers who would then deluge Tor with all their junk mails. If this happened, Tor's performance would drop through the floor until every Tor server ended up on an email blacklist.

-{ Quote: "Adding IP addresses to mail headers is a standard feature of any mailserver software. Only very old versions do not do this.It would be great for spammers who would then deluge Tor with all their junk mails. If this happened, Tor's performance would drop through the floor until every Tor server ended up on an email blacklist." }-

Huh? The smtp servers would allow you access only if you could authicate yourself. So if anything goes wrong, they know who exactly to shut down. No?

-{ Quote: "Huh? The smtp servers would allow you access only if you could authicate yourself. So if anything goes wrong, they know who exactly to shut down. No?" }-SMTP (as defined in RFC 821 (http://www.faqs.org/rfcs/rfc821.html)) offers no means of authentication. Either a mail server has to use an extension to SMTP (such as that covered in RFC 2554 (http://www.faqs.org/rfcs/rfc2554.html)) or require a POP3/IMAP connection first (which does require authentication). SMTP extensions may not be supported on all servers and the POP3/IMAP approach requires you to use the same IP address for the SMTP connection - which cannot be guaranteed on Tor where each connection may exit via a different server.

Looks like JAP is back dored
http://lists.netsys.com/pipermail/full-disclosure/2003-August/009084.html
http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm

-{ Quote: "Looks like JAP is back dored" }-Already discussed at length (http://www.wilderssecurity.com/showthread.php?t=44764).

-{ Quote: "Already discussed at length (http://www.wilderssecurity.com/showthread.php?t=44764)." }-
I wonder when people look up JAP on Google and then post the backdoor notices they don't also find links to the posts that show that what happened, in the long run, was a good thing. It is a perfect example as to how and why open source works! Had this been a closed souce private compnay that received that subpoena and complied, it might still be backdoored and nobody would know. It's a textbook case of why open source is always better when it comes to security tools.
Gerard
ps: Another example is Window Washer and a BIG bug. If you run WW, do yourself a favor and run a quick test. Make a simple text file, make sure WW is set to 'bleach' at its safest level and run the program. Now, check with WinHex or Directory Snoop or something similar. Is it gone? Surprise if you're using almost all releases of 5.0+ The file is still there and fully recoverable! If it had been an open source program, it would have been discovered right away that the program itself was actually disabled to 'bleach' for nearly a year.

-{ Quote: "
Tor uses SOCKS and has more servers available. It should be able to handle any application that can be SOCKSified (not just web/file transfers)." }-
I tried to send to myself an email using SOCKSified Thunderbird. It works, but... my local IP is stored in headers together with TOR IP. Any workaround?

-{ Quote: "...Had this been a closed souce private compnay that received that subpoena and complied, it might still be backdoored and nobody would know. It's a textbook case of why open source is always better when it comes to security tools." }-An excellent point indeed.-{ Quote: "I tried to send to myself an email using SOCKSified Thunderbird. It works, but... my local IP is stored in headers together with TOR IP. Any workaround?" }-Your email software adds this information. To avoid having your address included in email headers you need to use an anonymizing remailer service (AJohn mentions a couple above).

-{ Quote: "Your email software adds this information. To avoid having your address included in email headers you need to use an anonymizing remailer service (AJohn mentions a couple above)." }-What if I register and use whichever webmail service using TOR? That's because in the past I used remailers Ajohn mentioned and they lost a lot of messages :(

-{ Quote: "What if I register and use whichever webmail service using TOR?" }-That was the recommendation given in post #26 above...

-{ Quote: "
It is also possible for a webpage to include Java/Javascript code designed to cause a browser to make a direct connection bypassing any proxies. Aside from blocking all Java/Javascript, the best defence against this is to use your firewall to restrict your browser to contacting the proxy only." }-

Please can you tell how this can be configured on a firewall. I'm using sockscap, with TOR, along Sygate Pro.
Thanks for your help

Please see the Setting up Tor/Proxomitron+SocksCap (http://www.wilderssecurity.com/showthread.php?t=55748) thread for details on firewall configuration.

Do note however that Sygate has a rather nasty loopback vulnerability (http://forums.sygate.com/vb/showthread.php?threadid=7813) which means that any application can gain Internet access using the permissions given to local proxy applications like Tor or Proxomitron. Since this can include any trojans or malware, using another firewall that can filter localhost traffic better is advisable - or using an anonymizing service that does not need a local proxy (Anonymizer's basic service where your browser makes an encrypted SSL connection to its website being one example).

-{ Quote: "Please see the Setting up Tor/Proxomitron+SocksCap (http://www.wilderssecurity.com/showthread.php?t=55748) thread for details on firewall configuration.

Do note however that Sygate has a rather nasty loopback vulnerability (http://forums.sygate.com/vb/showthread.php?threadid=7813) which means that any application can gain Internet access using the permissions given to local proxy applications like Tor or Proxomitron. Since this can include any trojans or malware, using another firewall that can filter localhost traffic better is advisable - or using an anonymizing service that does not need a local proxy (Anonymizer's basic service where your browser makes an encrypted SSL connection to its website being one example)." }-

P2K, thanks for your reply.
I already have TOR, and sockscap running and configured. My concerne is only how to restrict the browser to contact the proxy only, and do not accept a direct connection to web page?

I didn't get the idea, if I restrict through ports, how can the firewall tell if the connection is comming from a proxy server, or directly from the web page?

-{ Quote: "My concerne is only how to restrict the browser to contact the proxy only, and do not accept a direct connection to web page?" }-Allow the browser to connect to the localhost address 127.0.0.1 only-{ Quote: "
I didn't get the idea, if I restrict through ports, how can the firewall tell if the connection is comming from a proxy server, or directly from the web page?" }-Most personal firewalls (Sygate included) monitor which applications are requesting a connection, so it is possible to create a rule for application X allowing it access to address Y using port Z. However, Sygate does not filter attempts to access local proxies so if you create a rule for such a proxy, any other application can connect to this proxy and send data through it, gaining network access.

Thanks P2K, your expertise is highly appreciated

That is because TOR blocks SMTP on the regular SMTP port (forgot what it is). I've been wanting to set up my own mail server using MS XP IIS, setting it to a diffferent port for SMTP, and then seeing if I can send using my own SMPT server on my regular box. I'll bet it would work. If so, we can all ahve our own proxified, encrypted SMTPs, and there is nothing anyone can do about that. Note that some ISPs block the normal SMTP port, so you will need to change it. Cox blocks port 80 so people can't easily run webservers. You can use a service that will automatically redirect traffic to your odd web port, or you can use any other port. If you use a web server for personal traffic (I use mine to exchange large files with friends and with my small web design business between clients) simply changing the port for HTTP to 8080 work, and looks like: yourispnumber:8080 as a URL.

-{ Quote: "I can recieve mail via Becky! V.2
But I cannot send mail. Tor gives me this:

No Tor server exists that allows exit to smtp....

Check out Quicksilver:

http://quicksilver.skuz.net/

and Jack B. Nymble:

http://www.bigfoot.com/~potatoware/jbn2/index.html" }-

If I'm running Tor and Privoxy, is there any further benefit to adding Sockscap to the mix?

If so, how do you go about it? (I saw the configuration screen for SocksCap in another thread, but I couldn't figure out whether that was in a set-up that already had Tor & Privoxy running, or just for Tor and Sockscap).

Darn - it's geting complicated, ain't it?Pete

Spy1: Privoxy handles web traffic, so SocksCap would only become necessary if you wanted to run other applications over Tor (Usenet for example, though this appears to be restricted if you check related threads). See the Setting up Tor/Proxomitron+SocksCap (http://www.wilderssecurity.com/showthread.php?t=55748) for setup details about SocksCap - setup is simple but the 5-second splash screen gets annoying fast. FreeCap (http://www.freecap.ru/eng/?p=index) is another option, but I've not been able to get it to work on my system.

Spanner: VPN's are not within the topic of this thread - I'd suggest you create a new one instead in the Other Firewalls forum (your problem is really ZA-related).