On Sat, Dec 30, 2006 at 09:49:01PM +0800, John Kimble wrote: > If I were to set up a machine with any information worth hiding behind > Tor, I wouldn't have made it accessible other than through Tor's > hidden service. There has been some discussion over the pros and cons of running a Tor router on the same machine as the hidden service. An advantage is that it gives a certain amount of plausible deniability -- connections from you might be your's or someone else's. A downside is that then the server accepts TCP connections and is on a public list of Tor routers, so making the clock skew attack (and others) easier. > Even if such a machine is accessible from the Internet, the risk is > still manageable because timestamps could have come from only a > limited number of places (please supplement if I miss any): (1) > Applications that are deliberately giving up the timestamp, e.g. a web > application, or even NTP server - just don't expose these to the > Internet directly, if your machine contains anything worth hiding > behind Tor; (2) HTTP reply headers - these can be filtered out or > altered; (3) TCP timestamp - these can be disabled either by firewall > rules or in the kernel (in Linux, by setting net/ipv4/tcp_timestamps=0 > in sysctl). Under Linux there are also TCP initial sequence numbers, but much more problematic is that externally visible events occur on low-level timer interrupts. For example, the original clock skew paper[1] showed that just by watching when TCP packets were sent out, the clock skew could be found. Hiding this is very hard, since timer interrupts are a hardware event. Thanks, Steven. [1] http://www.caida.org/publications/papers/2005/fingerprinting/ -- w: http://www.cl.cam.ac.uk/users/sjm217/
Attachment:
pgpFJkowt72v6.pgp
Description: PGP signature