[tor-talk] Hidden service security w. Apache/Win32

Fred Toben redguy at tormail.net
Mon Feb 20 19:23:56 UTC 2012


>> Is the time sync spoofing even applicable to hidden services?
>> How can the MS time server tampering with the exit nodes be applicable to
> hidden services?
>
> It has nothing to do directly with Apache or the hidden service.
>
> For correct operation Tor needs the correct time and date. Windows will
> request the time from Microsoft servers, and I am not sure, if this
> request is save (authenticated) - if not, an evil exit node can spoof the
> reply.
>
> And when Tor isn't properly working, also your hidden service is in danger.

I think you misunderstand my setup.

VM 1 serves the Apache installation, and VM 2 runs the Tor hidden service.

Therefore as far I understand Only VM 2 must have its clock correctly set.

VM 1 on the other hand serves the Apache installation, and there is no
reason why the date, time and timezone of respectively VM 1 and VM 2 has
to correspond.

The connection between VM 1 (Apache) and VM 2 (Tor listening on the
internal hidden service port)is socks 5, and there is no outbound internet
connection permitting any timesync or Microsoft service to break out of VM
1.

An attacker attempting to correlate the time of my server (through a HTTP
request) with my Tor machine will only retrieve the date, time, and
timezone of the (virtualized and locked down) Apache  installation.




More information about the tor-talk mailing list