[tor-relays] [tor-talk] clockskewer attack
Ted Smith
tedks at riseup.net
Wed Oct 3 10:21:19 PDT 2012
>From the script (pastebin link):
> #!/usr/bin/env python2.7
> #
> # clockskewer.py -- skewers http servers in onionland to an ip address
> #
> # This script takes advantage of the fact that no one
> # in onionland configures their http server correctly
> # by having it send datetime stamps in every response
> #
> # calculates the clockskew and then finds a corrilating
> # tor relay with an open http server with the same skew
>
So it actually assumes that the targeted hidden service is running a Tor
relay _and_ an open HTTP server.
(I've cc'd cypherpunks on this so that you don't have to keep forwarding
things around, Eugen.)
On Wed, 2012-10-03 at 17:39 +0200, Eugen Leitl wrote:
> ----- Forwarded message from Ted Smith <tedks at riseup.net> -----
>
> From: Ted Smith <tedks at riseup.net>
> Date: Wed, 03 Oct 2012 11:09:00 -0400
> To: Eugen Leitl <eugen at leitl.org>
> Cc: cypherpunks at al-qaeda.net
> Subject: Re: [tor-talk] clockskewer attack
>
> The "attack" assumes that the targeted hidden service is running a Tor
> relay.
>
> On Wed, 2012-10-03 at 16:52 +0200, Eugen Leitl wrote:
> > ----- Forwarded message from Webmaster <webmaster at felononline.info> -----
> >
> > From: Webmaster <webmaster at felononline.info>
> > Date: Wed, 03 Oct 2012 09:50:02 -0400
> > To: tor-talk at lists.torproject.org,
tor-relays-request at lists.torproject.org
> > Subject: [tor-talk] clockskewer attack
> > User-Agent: Mozilla/5.0 (X11; Linux x86_64;
> > rv:15.0) Gecko/20120912 Thunderbird/15.0.1
> > Reply-To: tor-talk at lists.torproject.org
> >
> > Found some interesting news on reddit. I dont know the tech behind it,
> > but is sounds like playing with Clock allows you to get the IP address of
> > the hidden service
> >
> >
http://www.reddit.com/r/onions/comments/10usgv/clock_skewing_a_clever_unconve
ntional_means_of/
> >
> > http://pastebin.com/PfXUm3VQ
> >
> >
> > Is this something to be worried about?
> > _______________________________________________
> > tor-talk mailing list
> > tor-talk at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> > ----- End forwarded message -----
>
>
> --
> Sent from Ubuntu
>
>
>
> ----- End forwarded message -----
--
Sent from Ubuntu
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
More information about the cypherpunks-legacy
mailing list