Re: [tor-relays] ntpd problems explanation

Subject: Re: [tor-relays] ntpd problems explanation

Date: Fri, 23 Oct 2015 05:15:54 -0800

Delivery-date: Fri, 23 Oct 2015 09:16:05 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt; d=inbox.com; s=s1; h=mime-version:date:message-id:subject:from:to:content-type; bh=OR7iwiTwBDhT7Wpbd/eeiEdCUsufZdq2ggLXBc3moz4=; b=GhpVBw1BTv7ZuDAbDwtaQJb4sSUxji3kuk3r9vsdcRePIdtkIsiU6sRneLFSL4gsLu5D ZgUEswmHaqRkc0Bp0LQlOIRxmXXL8J+TgZZ2/EG5ri7lmCoTQniG82xVcqQJfEZrCZBPL+ Og7iTFpQW4XTsLHK49cy7expmB+wkqyqM=

Domainkey-signature: q=dns; a=rsa-sha1; c=nofws; d=inbox.com; s=s1; h=mime-version:date:message-id:from:subject:to:content-type; b=uJ83kHClydFfpCDzqOVHTbFnbZuc3iVBUyuq4GoW+6zimZf0UvmjBjl3sMPH+OpzDiDR D9Yeh8Yu5+Xds3kehJnql1pTDOmGnI3XQNyOcHs4G3ttwlKwhGZIcbmnoScE8t2Ao7U/lY XgHxuBIz1GAXFvYPWZs5scM/jYC3larOA=

In-reply-to: <CAAd2PD+YjSpxm5tH7escXoTos7WHRgjSQPGh35vfufPFgJ5PUQ@xxxxxxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <a572b5c7863.0000050dbeatthebastards@xxxxxxxxx>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Green,

>>Can you please elaborate? I may have missed an earlier discussion, and a quick Google search isn't providing too much help. I found the ticket >>below, which is interesting reading, but I'm not sure what specific peculiarities you're referring to.

One problem I understood which was a mystery was DOS attack which could be explained by ...
The NTP service could allow for multiple sync requests to be made with a forged source IP address, thus sending the unrequested responses back to the source, consuming its resources. An attacker could exploit this vulnerability by sending a specifically crafted packet with a forged source IP address of the target.

Sep 02 03:48:32.146 [Warning] Received NETINFO cell with skewed time > from server at 128.31.0.34:9101. It seems that our clock is ahead by 9 > hours, 0 minutes, or that theirs is behind. Tor requires an accurate > clock to work: please check your time and date settings.

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays