Tallow is a small program that redirects all outgoing traffic from a Windows machine through the Tor anonymity network. Any traffic that can not be handled by Tor, eg. UDP, is blocked. Tallow also intercepts and handles DNS requests avoiding possible leaks.
Tallow has several applications, including:
- Tor-ifying: they were never designed to use Tor
- Filter circumvention: if you want to omit a local filter and do not worry about anonymity
- Better-than-nothing-Tor: a Tor can be better than no Tor.
Keep in mind that, by itself, Tallow is not designed to be a complete and secure solution of anonymity. See the warnings below.
Form of Use
Using the Tallow GUI, simply press the large "Tor" button to start redirecting traffic through the Tor network. Press the button again to stop Tor redirection. Note that your Internet connection can be temporarily interrupted each time you activate the button.
To check if the Tor redirect is working, visit the following site: https://check.torproject.org .
Allows you to use the following settings to connect to the Internet:
Here (abcd) represents the local address, and (xyzw) represents a remote server.
Tallow uses WinDivert to intercept all traffic to / from his PC. Tallow handles two main types of traffic: DNS traffic and TCP flows.
DNS queries are intercepted and handled by Tallow. Instead of finding the real IP address of a domain, Tallow generates a random "fake" domain (in the range 220.127.116.11/24) and uses this address in the query response. The false IP is also associated with the domain and is recorded in a table for later reference. The alternative would be to look for the real IP through Tor (which supports DNS). However, since Tallow uses SOCKS4a, the actual IP is not necessary. The handling of DNS requests at the local level is significantly faster.
TCP connections are also intercepted. Tallow "reflects" the outbound TCP connects to the incoming SOCKS4a connects to the Tor program. If the connection is to a false IP, Tallow searches for the corresponding domain and uses it for the SOCKS4a connection. Otherwise, the connection is blocked (by default) or a SOCKS4 direct connection through Tor is used. Connecting TCP to SOCKS4 (a) is possible with a little magic.
All the rest of the traffic is simply blocked. This includes all incoming traffic (not Tor) and outgoing traffic that is not TCP or DNS. In addition, Tallow blocks all the domains listed in the hosts.deny file. This includes domains such as the Windows update, the Windows Phone home page and some common ad servers, to help avoid wasting Tor bandwidth. It is possible to edit and customize your hosts.deny file as you see fit.
Note that Tallow does not intercept TCP ports 9001 and 9030 that Tor uses. As a side effect, Tallow will not work in any other program that uses these ports.
Tallow was derived from the TorWall prototype (where "tallow" is an anagram of "torwall" minus the 'r').
Tallow works slightly differently and aims to redirect all traffic instead of just HTTP port 80. Also, unlike the prototype, Tallow does not use Privoxy or alter the content of any TCP flow in any way