Help on TOR/Privoxy rules for Kaspersky

[sunrise]

Hi,

I recently used Tor (bundle with Privoxy). I need help on what firewall rules for Tor.exe or Privoxy.exe i need to set for Kaspersky (If you are using KIS).

I have edit the privoxy config.txt to uncomment the # for
forward-socks4a / 127.0.0.1:9050 .
forward 192.168.*.*/ .
forward 10.*.*.*/ .
forward 127.*.*.*/ .

I notice that torbutton extention for firefox uses or default to SOCKS 5 instead of SOCKS 4. Should i change to SOCKS 4 in firefox settings?

i am using the TOR for privacy surfing, so i do not need advanced settings to privoxy or anything else such as filtering etc.

Many thanks!

[sunrise]

Hopeless now.

Vidalia (GUI for TOR) keeps crashing upon startup, saying cant authenticate with TOR. If start TOR from cmd prompt, everything works.

i tried disable my KIS, vidalia works. So i thought its firewall rules perhaps. I gave vidalia, tor, privoxy allow all rules for a start. strange, vidalia still crash with same error.

.......

[Paranoid2000]

Quote:

Originally Posted by sunrise

Vidalia (GUI for TOR) keeps crashing upon startup, saying cant authenticate with TOR. If start TOR from cmd prompt, everything works.

Update your copy of Vidalia - you must use 0.0.13 or later with Tor 0.1.2.16/0.2.0.4-alpha onwards since Tor now requires authentication on its control connection (to avoid exploitation by malware). Earlier versions of Vidalia will crash.

Note that Tor does not filter web traffic so you will most certainly need a filter (Privoxy being one option) to screen out cookies, Javascript and other web content that could be used to track you or even cpmpromise (in the case of Java or Flash) your anonymity by triggering a direct connection (tight firewall rules limiting your browser to access via Privoxy/Tor only and blocking direct access for Flash and Java will stop this also).

[sunrise]

Quote:

Originally Posted by Paranoid2000

Update your copy of Vidalia - you must use 0.0.13 or later with Tor 0.1.2.16/0.2.0.4-alpha onwards since Tor now requires authentication on its control connection (to avoid exploitation by malware). Earlier versions of Vidalia will crash.

Note that Tor does not filter web traffic so you will most certainly need a filter (Privoxy being one option) to screen out cookies, Javascript and other web content that could be used to track you or even cpmpromise (in the case of Java or Flash) your anonymity by triggering a direct connection (tight firewall rules limiting your browser to access via Privoxy/Tor only and blocking direct access for Flash and Java will stop this also).

My vidalia is 0.0.14. Initially, if i start tor using the cmd prompt, it is ok. But if i use vidalia, upon starting it prompt error saying can't authenticate. i saw this similar error in the support ticket for vidalia but they close it , saying it is due to Kaspersky AV. They did not contact Kaspersky for this to confirm. I post in kaspersky, but no resolution yet till i add Vidalia as trusted app, and tell kaspersky not to scan it for 127.0.0.1 and 9051 port. then it is ok now.

I believe it is not due to firewall rules as even if set to allow all, vidalia still cant authenticate/crash. Maybe due to AV, im not too sure.

P.S I follow the firewall rules for TOR and privoxy from earlier thread you posted with regards to TOR and privoxy.

Tor Ruleset:

* Incoming Tor Request: Protocol TCP, Inbound, Remote Host 127.0.0.1, Local Port 9050, Allow
* Tor Network Access: Protocol TCP, Outbound, Remote Port 80, 443, 9001-9004, 9030-9033, 9100, Allow
* Block Other Tor Traffic: Protocol TCP, Outbound, Block


Privoxy Ruleset:

* Incoming Privoxy Request: Protocol TCP, Inbound, Remote Host 127.0.0.1, Local Port 8118, Allow
* Privoxy Tor Access: Protocol TCP, Outbound, Remote Host 127.0.0.1, Remote Port 9050, Allow
* Block Other Privoxy Traffic: Protocol TCP, Outbound, Block

[Paranoid2000]

Quote:

Originally Posted by sunrise

My vidalia is 0.0.14. Initially, if i start tor using the cmd prompt, it is ok. But if i use vidalia, upon starting it prompt error saying can't authenticate. i saw this similar error in the support ticket for vidalia but they close it , saying it is due to Kaspersky AV.

Sounds like Kaspersky's web scanner is causing the problem then. If you are using Tor for all web access, disabling it completely or limiting it to scanning Privoxy->browser incoming traffic only would be the best option since it won't be able to deal with encrypted traffic coming in/out of Tor and you don't want it scanning all web traffic since it will end up doing multiple checks (Tor->Privoxy, Privoxy->browser and possibly more if you are using a filter like Proxomitron as well).

[sunrise]

Quote:

Originally Posted by Paranoid2000

Sounds like Kaspersky's web scanner is causing the problem then. If you are using Tor for all web access, disabling it completely or limiting it to scanning Privoxy->browser incoming traffic only would be the best option since it won't be able to deal with encrypted traffic coming in/out of Tor and you don't want it scanning all web traffic since it will end up doing multiple checks (Tor->Privoxy, Privoxy->browser and possibly more if you are using a filter like Proxomitron as well).

Hi Paranoid2000,

Thanks! As recently i only started to play around with TOR/privoxy, or even get to understand what privoxy does, how privacy software works etc.. I don't really quite understand what you are saying..sorry for being down on the IQ side on this area..

If using TOR/Privoxy, the flow is from Browser>Privoxy>Tor > Internet,outside. correct?

In my kaspersky settings, i actually ask web scanner to scan all ports. As for the trust app, the web scanner will not scan traffic from vidalia.exe to remote host 127.0.0.1 on remote port 9051.

As vidalia traffic is locally only, my AV still scans all other traffic.

I read somewhere TOR/Privoxy may not work/effective? for HTTPS.. that is why may beed Proxomitron..right?

Thanks!!

[Paranoid2000]

Getting everything set up right can be complex so don't worry if it takes some doing - you'll likely only need to do it once.

The key is that online privacy has several aspects that need to be addressed separately - Tor deals with hiding your IP address from sites you visit and your online activities from your ISP or anyone else with access to your local network. It does not do anything about web content which could be used to compromise your privacy in other ways (tracking cookies, web bugs, referrers) which is where filters like Privoxy come in. It also does not do anything to protect against malicious web content which is another good reason for using filters (plus a non-IE browser). Finally Tor cannot prevent applications from trying to access a site directly - that is where a properly configured firewall comes in.

Quote:

Originally Posted by sunrise

If using TOR/Privoxy, the flow is from Browser>Privoxy>Tor > Internet,outside. correct?

Yes. The "ideal" combination in my view is to add Proxomitron since its web filtering is more easily adjustable (and it offers custom filters) in which case you would then have Brower->Proxomitron->Privoxy->Tor. You can get similar functionality by using Firefox with appropriate extensions though (like NoScript, RefControl and GreaseMonkey).

Quote:

Originally Posted by sunrise

In my kaspersky settings, i actually ask web scanner to scan all ports. As for the trust app, the web scanner will not scan traffic from vidalia.exe to remote host 127.0.0.1 on remote port 9051.

It is only worth scanning traffic to/from your browser - just scanning port 8118 (Privoxy's default) will suffice in your case (if you add Proxomitron then use its port instead, 8080). Doing anything else will result in your web traffic being scanned multiple times which provides no benefit but wastes CPU.

Quote:

Originally Posted by sunrise

I read somewhere TOR/Privoxy may not work/effective? for HTTPS.. that is why may beed Proxomitron..right?

That is one very good reason for adding Proxomitron (note that it does not scan HTTPS by default, you need to add extra files as noted in the Dangers of HTTPS thread). However Firefox extensions will work with HTTPS also.

[sunrise]

Quote:

Originally Posted by Paranoid2000

It is only worth scanning traffic to/from your browser - just scanning port 8118 (Privoxy's default) will suffice in your case (if you add Proxomitron then use its port instead, 8080). Doing anything else will result in your web traffic being scanned multiple times which provides no benefit but wastes CPU.That is one very good reason for adding Proxomitron (note that it does not scan HTTPS by default, you need to add extra files as noted in the Dangers of HTTPS thread). However Firefox extensions will work with HTTPS also.

Hi, thanks! i will try adding proxomitron tonight . Being using privoxy but i do not know if proxo have default filters we can simply choose for different levels of security. For privoxy, i have to edit the actions file, try and see whats the outcome etc. fun but good to have user friendly stuff, esp for newbie like me

you mention that i should just let web scanner scan port 8118 or 8080 for proxo. This i understand as i set firefox to use proxy for port 8118 only. But i have a question, when i am not using TOR, means not using privoxy, i dont use proxy to surf the internet; direct connection. This do means i have to scan all ports right?

[Paranoid2000]

If you're new to stuff then Proxomitron may not be the best choice since it is targeted more at power users - see the Webhiker's Guide to Proxomitron for more details. Firefox extensions would probably be an easier route.

If you don't use Privoxy/Tor or another proxy (another benefit of Proxomitron is that you can enable/disable its use of Privoxy/Tor with a single click) then Kaspersky's webscanner would probably need to be set to scan all ports - I don't use it though so I can't be definite on that.