From the script (pastebin link):
#!/usr/bin/env python2.7 # # clockskewer.py -- skewers http servers in onionland to an ip address # # This script takes advantage of the fact that no one # in onionland configures their http server correctly # by having it send datetime stamps in every response # # calculates the clockskew and then finds a corrilating # tor relay with an open http server with the same skew
So it actually assumes that the targeted hidden service is running a Tor relay _and_ an open HTTP server. (I've cc'd cypherpunks on this so that you don't have to keep forwarding things around, Eugen.) On Wed, 2012-10-03 at 17:39 +0200, Eugen Leitl wrote:
----- Forwarded message from Ted Smith <tedks@riseup.net> -----
From: Ted Smith <tedks@riseup.net> Date: Wed, 03 Oct 2012 11:09:00 -0400 To: Eugen Leitl <eugen@leitl.org> Cc: cypherpunks@al-qaeda.net Subject: Re: [tor-talk] clockskewer attack
The "attack" assumes that the targeted hidden service is running a Tor relay.
On Wed, 2012-10-03 at 16:52 +0200, Eugen Leitl wrote:
----- Forwarded message from Webmaster <webmaster@felononline.info> -----
From: Webmaster <webmaster@felononline.info> Date: Wed, 03 Oct 2012 09:50:02 -0400 To: tor-talk@lists.torproject.org, tor-relays-request@lists.torproject.org Subject: [tor-talk] clockskewer attack User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120912 Thunderbird/15.0.1 Reply-To: tor-talk@lists.torproject.org
Found some interesting news on reddit. I dont know the tech behind it, but is sounds like playing with Clock allows you to get the IP address of the hidden service
http://www.reddit.com/r/onions/comments/10usgv/clock_skewing_a_clever_unconv... ntional_means_of/
Is this something to be worried about? _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message -----
-- Sent from Ubuntu
----- End forwarded message -----
-- Sent from Ubuntu [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]