[tor-bugs] #16659 [- Select a component]: Linux TCP Initial Sequence Numbers may aid correlation

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 27 13:26:34 UTC 2015


#16659: Linux TCP Initial Sequence Numbers may aid correlation
--------------------------------------+----------------------
     Reporter:  source                |      Owner:
         Type:  defect                |     Status:  reopened
     Priority:  normal                |  Milestone:
    Component:  - Select a component  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+----------------------

Comment (by yawning):

 Replying to [comment:14 nickm]:
 > I'm going to reopen this. I still say that the best point at which to
 try to resist stuff of this kind is at the application level, but
 resisting it better locally too can't be a bad idea.

 Well, there is one thing that we can do, though it'll be a lot of code
 (that I won't write).  Since part of the hash input is the TCP source
 port, we can use our cryptographic random number generator and explicitly
 randomize the source port on Linux (probably optionally).  This should
 mostly mitigate the "attack" in question.

 I still think this is extremely hard to exploit (bordering on "there are
 better things you can do if you are in a position to do so") and a kernel
 issue rather than a Tor issue.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16659#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list