[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: fingerprinting

To: or-talk@xxxxxxxxxxxxx
Subject: Re: fingerprinting
From: Bernhard Wiedemann <wiedeman@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 8 Mar 2005 10:51:46 +0100 (CET)
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 08 Mar 2005 04:52:38 -0500
In-reply-to: <200503051058.23776.moe@blagblagblag.org>
References: <200503051058.23776.moe@blagblagblag.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Sat, 5 Mar 2005, jeff wrote:

> As many of you have probably seen, some CAIDA folks have come up 
> with a method for fingerprinting machines on the 'net by 
> calculating the box's clock skew.
> 
> Since the express purpose of tor is to allow people to use the 
> Internet anonymously, this could be a direct "attack" on tor.
> 
> Thinking about it a bit, it appears to me that tor is not vuln 
> to this as the "fingerprintee" would only be susceptible during 
> it's first hop to the tor entry server. The middle & exit 
> servers would then change the timestamp to their /own/ 
> timestamp and then send that to the final web server.
> 
> Am I looking at this correctly? Does tor mitigate these 
> fingerprint attacks?
> 
> That said, are their any other suggestions for preventing these 
> types of fingerprinting?
> 
> http://www.caida.org/outreach/papers/2005/fingerprinting/
> http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htm
> http://it.slashdot.org/article.pl?sid=05/03/04/1355253 ok, i'm a 
> bit embarassed to be linking to slashdot... ;)

the abstract states that they can give a _probability_ that two clients 
are the same, if it is "tens of milliseconds away"

when I checked this morning (using privoxy)
http_proxy=http://localhost:8118 time lynx -source http://lsmod.de/

gave 0:01.29 which is 1290 ms. retries showed variation by hundreds ms.
so IMHO this random delay should protect from such timing attacks.

-----BEGIN PGP SIGNATURE-----

iD8DBQFCLXW4STYLOx37oWQRAlj4AKCv5YyWbBINqTKwKdlJKhRjdUTzDQCeM4GA
e+WJ0qWFPMJIaaXZCpvog7s=
=8VfE
-----END PGP SIGNATURE-----

References:
- fingerprinting
  - From: jeff

Prev by Author: Re: squid - privoxy - tor problem
Next by Author: Re: exit node only server
Previous by thread: fingerprinting
Next by thread: Re: PHP exploit from your IP
Index(es):
- Author
- Thread