JanusVM DNS Leaks

Discussion in 'privacy technology' started by charliejade, Aug 30, 2008.

Thread Status:
Not open for further replies.
  1. charliejade

    charliejade Registered Member

    Joined:
    Aug 30, 2008
    Posts:
    6
    Hi,
    I have been testing tor access using the Janus VM image loaded in Vmware player. It all works fine on the host machine (windows xp pro sp2) and I am able to connect via vpn from other workstations.
    There is just one problem, whereas on the host machine the script provided
    "\\192.xxx.x.x\setup\run.bat" gives a vpn connection to the virtual machine with no dns leaks to my isp (I am running dnseye) any connections via other windows clients (using the new connection method within network connections) fails to prevent dns leaks taking place on said clients. I know the JanusVM developer Kyle Williams is busy with the Xerobank machine project but I would like to know whether there is a way to prevent these dns leaks when connecting from other workstations on the lan ?
    Is there some script or step that I may have left out ?

    Thanks
     
  2. goldenone

    goldenone Registered Member

    Joined:
    May 31, 2007
    Posts:
    17
    Have you tried e-mailing the author? He is usually pretty helpful if you contact him.

    In regards to other workstations in your LAN leaking DNS while using JanusVM, are these workstations using the IP address of the local router in your LAN? If so, then you will always leak DNS request since your router forwards the request to your ISP.

    JanusVM does not try to route LAN traffic through Tor, so any request to your router's DNS will not be masked.
    The good news is that there is an easy fix.
    Set the DNS of your workstation to any external DNS (4.2.2.1, 4.2.2.2, 4.2.2.3) and all DNS request will be routed through JanusVM and not your local router.

    JanusVM lacks good documentation, but this is mentioned on the documentation page.

    It also looks like there is a application inside the VM that helps you with this issue.

    "We wrote TorSEC.exe to solve this problem. TorSEC is located inside the VM. The UNC for it is '\\JanusVM\Setup\files\TorSEC.exe'."

    I'm guessing that '\\JanusVM\....' is really '\\<JanusVM's IP Address>\....'".


     
  3. charliejade

    charliejade Registered Member

    Joined:
    Aug 30, 2008
    Posts:
    6
    goldenone

    Thank you very much for your answer, yes you are correct they are either set to my default gateway or manually to my isp's dns servers.
    I will try the settings you suggest, from the links you provided this should fix the problem.
    I do have one final question though; in the VM machine network settings I notice that the dns servers are as you say 4.2.2.2 etc, (Level3 I believe) and also after running the vlan script on the host machine (192.xxx.xxx.xxx\setup\run.bat) the local networks' dns servers are changed to opendns servers.
    I now understand why in the case of correcting dns leaks; but I thought that tor had the directory servers "hardcoded into the client code and so had no need to use dns to find the "guard/entry nodes" .
    I just wondered does the VM machine require level3 dns servers in order to find the 3 hops in the tor circuit.
    Or have I got it completely wrong , in any case does the VM machine require dns servers and if so why ? sorry if it seems like a silly question but I don't fully understand.

    Regards and thanks. :)
     
  4. charliejade

    charliejade Registered Member

    Joined:
    Aug 30, 2008
    Posts:
    6
    I have another question
    I have made the relevant dns changes to my lan network settings.(dns leaks now fixed)
    I then used wireshark to sniff traffic on the vpn network.
    why are vpn dns requests being sent (directly ?) to a 3rd party dns server ?
    This seems to mean that instead of leaking your dns requests to your isp, you are simply giving them to a 3rd party.
    Whereas tor dns requests should not leak at all.
    example wireshark 10.10.10.10 4.2.2.1 DNS Standard query A xxxxx.xxxxxxxxxxx.com
    surely if these request are been sent via tor, the EXIT NODE should do the dns resolution via it's dns servers
    thus protecting your true ip from any 3rd party.
    Have I understood this correctly ?

    Thanks
     
  5. charliejade

    charliejade Registered Member

    Joined:
    Aug 30, 2008
    Posts:
    6
    Have done some further wireshark sniffing and the I believe that the dns requests are passed via tor (i.e encrypted to the entry node)
    I don't understand how the process works after that, my concern is that at no point should the 3rd party dns resolvers specified in the network of the vlan client or
    the Virtualmachine itself have any knowledge of my public facing ip.
    As long the dns providers are unable to tie the requests to the originating ip I'm happy. :)
     
Loading...
Thread Status:
Not open for further replies.