Wired article on Tor
Steven Murdoch
tortalk+Steven.Murdoch at cl.cam.ac.uk
Mon Jan 1 13:27:29 UTC 2007
On Sat, Dec 30, 2006 at 09:49:01PM +0800, John Kimble wrote:
> If I were to set up a machine with any information worth hiding behind
> Tor, I wouldn't have made it accessible other than through Tor's
> hidden service.
There has been some discussion over the pros and cons of running a Tor
router on the same machine as the hidden service. An advantage is that
it gives a certain amount of plausible deniability -- connections from
you might be your's or someone else's. A downside is that then the
server accepts TCP connections and is on a public list of Tor routers,
so making the clock skew attack (and others) easier.
> Even if such a machine is accessible from the Internet, the risk is
> still manageable because timestamps could have come from only a
> limited number of places (please supplement if I miss any): (1)
> Applications that are deliberately giving up the timestamp, e.g. a web
> application, or even NTP server - just don't expose these to the
> Internet directly, if your machine contains anything worth hiding
> behind Tor; (2) HTTP reply headers - these can be filtered out or
> altered; (3) TCP timestamp - these can be disabled either by firewall
> rules or in the kernel (in Linux, by setting net/ipv4/tcp_timestamps=0
> in sysctl).
Under Linux there are also TCP initial sequence numbers, but much more
problematic is that externally visible events occur on low-level timer
interrupts. For example, the original clock skew paper[1] showed that
just by watching when TCP packets were sent out, the clock skew could
be found. Hiding this is very hard, since timer interrupts are a
hardware event.
Thanks,
Steven.
[1] http://www.caida.org/publications/papers/2005/fingerprinting/
--
w: http://www.cl.cam.ac.uk/users/sjm217/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070101/4c33a244/attachment.pgp>
More information about the tor-talk
mailing list