[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Wired article on Tor



On Sat, Dec 30, 2006 at 09:49:01PM +0800, John Kimble wrote:
> If I were to set up a machine with any information worth hiding behind
> Tor, I wouldn't have made it accessible other than through Tor's
> hidden service.

There has been some discussion over the pros and cons of running a Tor
router on the same machine as the hidden service. An advantage is that
it gives a certain amount of plausible deniability -- connections from
you might be your's or someone else's. A downside is that then the
server accepts TCP connections and is on a public list of Tor routers,
so making the clock skew attack (and others) easier.

> Even if such a machine is accessible from the Internet, the risk is
> still manageable because timestamps could have come from only a
> limited number of places (please supplement if I miss any): (1)
> Applications that are deliberately giving up the timestamp, e.g. a web
> application, or even NTP server - just don't expose these to the
> Internet directly, if your machine contains anything worth hiding
> behind Tor; (2) HTTP reply headers - these can be filtered out or
> altered; (3) TCP timestamp - these can be disabled either by firewall
> rules or in the kernel (in Linux, by setting net/ipv4/tcp_timestamps=0
> in sysctl).

Under Linux there are also TCP initial sequence numbers, but much more
problematic is that externally visible events occur on low-level timer
interrupts. For example, the original clock skew paper[1] showed that
just by watching when TCP packets were sent out, the clock skew could
be found. Hiding this is very hard, since timer interrupts are a
hardware event.

Thanks,
Steven.

[1] http://www.caida.org/publications/papers/2005/fingerprinting/

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/

Attachment: pgpFJkowt72v6.pgp
Description: PGP signature