[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: fingerprinting

Hash: SHA1

On Sat, 5 Mar 2005, jeff wrote:

> As many of you have probably seen, some CAIDA folks have come up 
> with a method for fingerprinting machines on the 'net by 
> calculating the box's clock skew.
> Since the express purpose of tor is to allow people to use the 
> Internet anonymously, this could be a direct "attack" on tor.
> Thinking about it a bit, it appears to me that tor is not vuln 
> to this as the "fingerprintee" would only be susceptible during 
> it's first hop to the tor entry server. The middle & exit 
> servers would then change the timestamp to their /own/ 
> timestamp and then send that to the final web server.
> Am I looking at this correctly? Does tor mitigate these 
> fingerprint attacks?
> That said, are their any other suggestions for preventing these 
> types of fingerprinting?
> http://www.caida.org/outreach/papers/2005/fingerprinting/
> http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htm
> http://it.slashdot.org/article.pl?sid=05/03/04/1355253 ok, i'm a 
> bit embarassed to be linking to slashdot... ;)

the abstract states that they can give a _probability_ that two clients 
are the same, if it is "tens of milliseconds away"

when I checked this morning (using privoxy)
http_proxy=http://localhost:8118 time lynx -source http://lsmod.de/

gave 0:01.29 which is 1290 ms. retries showed variation by hundreds ms.
so IMHO this random delay should protect from such timing attacks.