[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Can TCP Sequence Numbers leak System Clock?

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>, "Patrick Schleizer" <patrick-mailinglists@xxxxxxxxxx>
Subject: Re: [tor-talk] Can TCP Sequence Numbers leak System Clock?
From: "Murdoch, Steven" <s.murdoch@xxxxxxxxx>
Date: Tue, 4 Aug 2015 14:44:05 +0000
Accept-language: en-GB, en-US
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=s.murdoch@xxxxxxxxx;
Cc: The Tails public development discussion list <tails-dev@xxxxxxxx>, Whonix-devel <whonix-devel@xxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Aug 2015 11:00:03 -0400
In-reply-to: <55B3BE1F.6000902@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <55B3BE1F.6000902@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:23
Thread-index: AQHQxvntgw46sQMtd0OCf55x9e49u537+jEA
Thread-topic: [tor-talk] Can TCP Sequence Numbers leak System Clock?

On 25 Jul 2015, at 17:49, Patrick Schleizer <patrick-mailinglists@xxxxxxxxxx> wrote:
> On the other hand, I've read the claim "The kernel embeds the system
> time in microseconds in TCP connections.", but I haven't found the code
> in question to confirm, that this is so. Any idea?

The code is here:
  http://lxr.free-electrons.com/source/net/core/secure_seq.c

In particular the seq_scale(u32 seq) function introduces the timestamp.

So if you see two initial sequence numbers for TCP streams between the same source/destination port/IP then you can work out the time difference (in units of 64 ns) according to the clock of the other end point.

Best wishes,
Steven

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: [tor-talk] Tor 0.2.5+ can not connect Freenode hidden service anymore
Next by Author: [tor-talk] (no subject)
Previous by thread: [tor-talk] change to daily digest
Next by thread: Re: [tor-talk] Outage of meek-azure (workaround)
Index(es):
- Author
- Thread