[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #26359 [Core Tor/Tor]: DoS and timed attacks via unencrypted network time protocols

To: undisclosed-recipients: ;
Subject: [tor-bugs] #26359 [Core Tor/Tor]: DoS and timed attacks via unencrypted network time protocols
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 12 Jun 2018 17:44:40 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 12 Jun 2018 13:44:59 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26359: DoS and timed attacks via unencrypted network time protocols
-------------------------------+------------------------------------
     Reporter:  time_attacker  |      Owner:  (none)
         Type:  defect         |     Status:  new
     Priority:  High           |  Milestone:
    Component:  Core Tor/Tor   |    Version:
     Severity:  Major          |   Keywords:  time, NTP, DoS, attack
Actual Points:                 |  Parent ID:
       Points:                 |   Reviewer:
      Sponsor:                 |
-------------------------------+------------------------------------
 If a device relies on NTP (or any other unencrypted network time
 protocol), ISP or other party in the middle can manipulate unencrypted
 packages to set wrong time. Tor relies on correct time, so ISP can deny
 Tor usage any time it wants to. Moreover, attacker controlling the ISP
 (government or hackers compromising ISP's server) can manipulate time on
 tor-using device, assisting attacks that involve wrong time.

 Embedded systems like routers have no real-time clock hardware and need to
 set time via network. PCs are often configured to synchronize time via
 NTP.

 Tor should have other way to set the time it needs. It could set time from
 directory servers and known relays.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26359>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #26359 [Core Tor/Tor]: DoS and timed attacks via unencrypted network time protocols
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #26359 [Core Tor/Tor]: DoS and timed attacks via unencrypted network time protocols
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #26359 [Core Tor/Tor]: DoS and timed attacks via unencrypted network time protocols
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #19979, #22156, #26388
Next by Author: Re: [tor-bugs] #26316 [Core Tor/Tor]: Windows newlines in extrainfo descriptor
Previous by thread: Re: [tor-bugs] #26161 [Core Tor/Tor]: Design and implement a Rust dirauth module
Next by thread: Re: [tor-bugs] #26359 [Core Tor/Tor]: DoS and timed attacks via unencrypted network time protocols
Index(es):
- Author
- Thread