Filezilla on Tor, problem


2 years ago
I configured Filezilla to use Tor: Host is 127.0.0.1, Port 9150, Socks5.
When I connect to FTP server and upload files, it seems that traffic goes thru Tor (i can see it on Tor bandwith graph).
I use Tor Browser Bundle, so I start TBB first, then Filezilla.

But Tor gave me several error messages:
"One of your applications established a connection through Tor to "88.180.227.20: xxxxx" using a protocol that may leak information about your destination. Please ensure you configure your applications to use only SOCKS4a or SOCKS5 with remote hostname resolution."

IP "88.180.227.20" is a IP of the FTP server
"xxxxx" = many different 5digit numbers of ports. I don't know why it uses all these ports? why it is not only one ftp port?

Tor gave me about 10 error messages, only port number was different in each error message.

Was the FTP transfer secure and anonymous? Or FTP provider revealed my identity and true location?

My torcc file:
SocksListenAddress 127.0.0.1
SocksPort 9150
ControlPort 9151

2 years ago
FTP goes unencrypted on last hop (from Tor Exit Node to FTP Server), so it is not secure at all. You should use SCP or SFTP instead. Otherwise Tor Exit Node can grab your ftp password or even modify files you are uploading. But this dowsn't reveal your location, only your data.



"protocol that may leak information about your destination" I am pretty sure this is about DNS leak. If you enter in filezilla something like "username.proxad.net" it makes DNS request saying "What is the IP-address of username.proxad.net?". This request comes unencrypted, and from your real IP adress. DNS server responds to you: "IP address of username.proxad.net is 88.180.227.20". And then Filezilla connects to 88.180.227.20 through Tor. So if in, say, 2 seconds, somebody asks for DNS resolving and then connects from entirely different IP - this is pretty likely the same person. This is how you can be traced, and this is called DNS leak.

But if you enter in Filezilla IP address, not hostname - it doesn't make DNS request, so there is no danger even if Tor still says "it's insecure".


"SOCKS4a or SOCKS5 with remote hostname resolution" means DNS requests are also routed through Tor, so FTP server doesn't receive any packets from your real IP.

Reply

You are not logged in. Login or register to reply on this thread.