[tor-bugs] #16659 [- Select a component]: Linux TCP Initial Sequence Numbers may aid correlation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 30 00:44:43 UTC 2015
#16659: Linux TCP Initial Sequence Numbers may aid correlation
--------------------------------------+----------------------
Reporter: source | Owner:
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: - Select a component | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------------------+----------------------
Comment (by source):
At the moment I'm brushing up documentation about Time/Clock based attacks
and I wanted to confirm some things about the mitigation advice I'm giving
for those in high risk situations like running an Onion Service:
https://www.whonix.org/wiki/Time_Attacks
If I understand correctly, when running Tor, a passive network adversary
looking at the Tor connection from outside cannot abuse this vector unless
they are running your guard node. So the advice goes that Torrifying all
connections from a machine will limit potential attackers to a colluding
guard node (until defenses are introduced).
^ Is this right?
I am basing these conclusions on advice from Robert Ransom on defending
against Clock skew attacks:
http://archives.seul.org/or/talk/Sep-2011/msg00060.html
>They can only use that to locate your server if they can either
>connect to it directly (not through Tor) or accept a non-Torified
>connection from it, and determine what your server thinks is the
>current time based on information it receives on that connection.
>
>The obvious ways that your server could leak its current time include
>running a web server and sending e-mail messages. The less obvious
>ways include opening an outbound TLS connection and running a cron job
>with externally observable effects (e.g. an automatic update
>downloader).
and on information about how the measurer confirms their victim in the Hot
or Not paper:
>Measurer:
>Connects directly to the Hidden Server’s public
>IP address, requesting TCP timestamps, ICMP times-
>tamps and TCP sequence numbers
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16659#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list