[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] I've yet to understand <clock skew> attacks on hidden services



*This message was transferred with a trial version of CommuniGate(r) Pro*


On 9/6/2011 11:12 AM, Robert Ransom wrote:
> *This message was transferred with a trial version of CommuniGate(r) Pro*
> On 2011-08-20, hikki@xxxxxxxxxxxxx <hikki@xxxxxxxxxxxxx> wrote:
>> I've read a lot about it, but I'm hoping for a simplified explanation for a
>> simplified guy. ;)
>>
>> If my hidden service server has a clock that is 5 minutes wrong, how can
>> anyone use that to locate me?
> 
> They can only use that to locate your server if they can either
> connect to it directly (not through Tor) or accept a non-Torified
> connection from it, and determine what your server thinks is the
> current time based on information it receives on that connection.
> 
> The obvious ways that your server could leak its current time include
> running a web server and sending e-mail messages.  The less obvious
> ways include opening an outbound TLS connection and running a cron job
> with externally observable effects (e.g. an automatic update
> downloader).
> 
> 
> Robert Ransom
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

EVERYONE should be running NTP, of course, not the relatively few that do.

If you happen to still be on a windows machine, here is a FREE utility
by the folks that make such things as Telco CO master clocks and all the
timing distribution hardware that ensures your digital links run at
exactly the same speed as every one elses. In that world, a T1 or T3 is
considered ASYNC sloppily clocked stuff, so when you carry such services
on your SONET network, there is a lot of bit stuffing and pointer
adjusts to carry the old fashioned sloppy stuff.

These guys also make some military grade timing stuff, of course.

But this PC product is FREE:

 http://www.symmetricom.com/resources/downloads/symmtime/

- no connection to them except as a long term happy customer, though I
wish they still made the DCD-523 distribution shelves, which they
dropped -

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk