[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] ntpd problems explanation



Green,

>>Can you please elaborate? I may have missed an earlier discussion, and a quick Google search isn't providing too much help. I found the ticket >>below, which is interesting reading, but I'm not sure what specific peculiarities you're referring to.


One problem I understood which was a mystery was DOS attack which could be explained by ...
The NTP service could allow for multiple sync requests to be made with a forged source IP address, thus sending the unrequested responses back to the source, consuming its resources. An attacker could exploit this vulnerability by sending a specifically crafted packet with a forged source IP address of the target.
[ https://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 ]

and another was around about a year ago but no tinkering with ntp gave relief (as far as I understood).
Sep 02 03:48:32.146 [Warning] Received NETINFO cell with skewed time
> from server at 128.31.0.34:9101.  It seems that our clock is ahead by 9
> hours, 0 minutes, or that theirs is behind. Tor requires an accurate
> clock to work: please check your time and date settings.
The skewing of the ntp time to reveal identity wasn't something I'd heard of so thank you for that ticket link.
https://trac.torproject.org/projects/tor/ticket/8170

Robert

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays