[tor-talk] [tor-relays] clockskewer attack

Ted Smith tedks at riseup.net
Wed Oct 3 17:21:19 UTC 2012


From the script (pastebin link):


> #!/usr/bin/env python2.7
> #
> # clockskewer.py -- skewers http servers in onionland to an ip address
> #
> # This script takes advantage of the fact that no one
> # in onionland configures their http server correctly
> # by having it send datetime stamps in every response
> # 
> # calculates the clockskew and then finds a corrilating
> # tor relay with an open http server with the same skew
> 
So it actually assumes that the targeted hidden service is running a Tor
relay _and_ an open HTTP server.

(I've cc'd cypherpunks on this so that you don't have to keep forwarding
things around, Eugen.)


On Wed, 2012-10-03 at 17:39 +0200, Eugen Leitl wrote:
> ----- Forwarded message from Ted Smith <tedks at riseup.net> -----
> 
> From: Ted Smith <tedks at riseup.net>
> Date: Wed, 03 Oct 2012 11:09:00 -0400
> To: Eugen Leitl <eugen at leitl.org>
> Cc: cypherpunks at al-qaeda.net
> Subject: Re: [tor-talk] clockskewer attack
> 
> The "attack" assumes that the targeted hidden service is running a Tor
> relay.
> 
> On Wed, 2012-10-03 at 16:52 +0200, Eugen Leitl wrote:
> > ----- Forwarded message from Webmaster <webmaster at felononline.info> -----
> > 
> > From: Webmaster <webmaster at felononline.info>
> > Date: Wed, 03 Oct 2012 09:50:02 -0400
> > To: tor-talk at lists.torproject.org, tor-relays-request at lists.torproject.org
> > Subject: [tor-talk] clockskewer attack
> > User-Agent: Mozilla/5.0 (X11; Linux x86_64;
> > 	rv:15.0) Gecko/20120912 Thunderbird/15.0.1
> > Reply-To: tor-talk at lists.torproject.org
> > 
> > Found some interesting news on reddit.    I dont know the tech behind it, 
> > but is sounds like playing with Clock allows you to get the IP address of 
> > the hidden service
> > 
> > http://www.reddit.com/r/onions/comments/10usgv/clock_skewing_a_clever_unconventional_means_of/
> > 
> > http://pastebin.com/PfXUm3VQ
> > 
> > 
> > Is this something to be worried about?
> > _______________________________________________
> > tor-talk mailing list
> > tor-talk at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> > 
> > ----- End forwarded message -----
> 
> 
> -- 
> Sent from Ubuntu
> 
> 
> 
> ----- End forwarded message -----


-- 
Sent from Ubuntu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20121003/623155a5/attachment.pgp>


More information about the tor-talk mailing list