Socks5 Proxy Leaking IPs! :(

[missio]

The image is from a tool called Netlimiter, which is excellent at tracking all connections made by an executable.

You can see the blue hilighted IP is the proxy.

You can then see the huge number of leaked connections.

Anonymous mode: ON

This problem has been linked in the past a number of times, but has always been faded into obscurity, either because an update fixes the issue but then a consecutive update invariable breaks it again; or it is misunderstood, misdiagnosed, and then abandoned. Unfortunately, other concerned users don't have tools which report all connections, therefore it is difficult to identify, prove, and test what is happening on both the User and Developer ends.

Some users are told to download a test torrent to see if the IP leaks from places such as torguard. The problem is that all test torrents I  have come across are dead; or if they do work, they don't report all IPs.

The problem is that although the majority of the traffic is sent through the socks5, some isn't. This fractional traffic is obviously not reported by the single reporting ip system of test torrents, and the user is lulled into a false sense of security.

As much as I hate going back, I am currently forced to use utorrent until this issue is resolved once and for all. utorrent even has a tickboxes in connection configuration named:
1. Disable all DNS Lookups
2. Disable features which leak identifying information
3. Disable connections unsupported by the proxy.

It seems to me that this is exactly the kind of thing that qB needs. They have obviously had problems with the same issues.

Just the other day, I shut down qB and restarted it and looked into the log section, only to find, in horror, that it had completely bypassed ALL proxy settings and was linking to the outside world through my actual IP. I checked my proxy settings in the options menu, and they were all perfect. I shut it down again, and on the second restart, it was routing traffic through the proxy, yet leaking IPs as usual.

Please, these are very serious vulnerabilities in these trying time, which need some Tender Loving Care. It doesn't seem like security issues are being held in high regard, as they have existed for years and they keep rearing their ugly heads. Kindly, can someone take a real delve into this and fix it once and for all?

Please don't take this as criticism... I appreciate all the work you guys are doing.

Gratefully,
Missio

[Peter]

It's a known issue, but thanks for the heads up.

There is a ticket for it on our bugtracker.
A person I met on IRC said he will work on it, not sure if he started it / finished it / or what's the state on it now.
If you have some C++ skills, and some free time, you can also help to implement a fix and submit a PR.

By the way, don't trust SOCKS. It's not encrypted, and it leaks anyway.
(Don't ask me how, but people received C&D letters even using uTorrent and other software.)
You can however use AirVPN, and set up rules for your traffic so only qBittorrent's traffic goes through that.

(I read a tutorial about this, maybe it was on AirVPN, or somewhere else. But there is a way to do this.)

[Compass]

I noticed the same on GNU/Linux (Anonymous Mode on, Socks5 Proxy on, DHT on etc), but there is a workaround.

Simply remove the port in your router that is being forwarded to QB. In my case I just deactivated it.
If you're connected directly to the internet (your PC has a internet ip address), block the port using Windows Firewall (it should also work doing this way, I hope).

Even though my QB port is blocked I still get Online (green) status in QB. And I stopped seeing IP leaks too in netstat.

Compass.

[Peter]

@OP: Be careful with Netlimiter though. It can ban you from games for example.

You can find many similar (and free!) tools all around the internet.
Just use the "sysinternals suite", it's got 99% of the tools anyone may ever need on Windows.