[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Does NTP leak the host's time?

Asked on security.se:

http://caia.swin.edu.au/talks/CAIA-TALK-080728A.pdf

The presentation based on a research paper on Tor clock skewing attack addresses this (on slide 3) and confirms that this is what happens. As NTP is a TCP based protocol, the same rules apply it for users who don’t bother to disable timestamps on the host.

Another point is, like any network facing application, it there are risks that it can be exploited remotely. I am positive no distros ship with any protection for NTP clients.

Where on the wiki do you want me to post this advice?

Correction, its a UDP based protocol, but seems to be designed to leak this information as per the research paper above.

If you take that paper serious, there is also TCP sequence numbers. You could also interpret they are leaking local time.

Damn it. It’s probably true:

Jacob Appelbaum ‏@ioerror

In the Linux kernel, TCP Sequence numbers embed the system clock and then hash it. Yet another way to leak the system clock to the network.

May I ask, were you inspired by Jacob or something else about finding out about this? Or how come the recent attention on this topic? (A good thing. Interesting.)

Another point is, like any network facing application, it there are risks that it can be exploited remotely.
That's separate topic. But a minor point (minor in documentation, not in magnitude). Can be documented: https://www.whonix.org/wiki/Advanced_Security_Guide#Network_Time_Synchronization
Where on the wiki do you want me to post this advice?
I think it's partially covered already: https://www.whonix.org/wiki/Advanced_Security_Guide#Network_Time_Synchronization
Correction, its a UDP based protocol, but seems to be designed to leak this information as per the research paper above.
I am not so sure it is the right conclusion from that table. Could also be misleading, mean something else.
May I ask, were you inspired by Jacob or something else about finding out about this? Or how come the recent attention on this topic? (A good thing. Interesting.)

I’m the person who brought it to Jacob’s attention ;D

Terrific! I commented on this tweet:

Some interesting stuff, I hope.

Would SkewMask block TCP Sequence numbers system clock leak?
https://people.cs.umass.edu/~elisha/Papers/SkewMask%20-%20final%20version.pdf

Would SkewMask block TCP Sequence numbers system clock leak? https://people.cs.umass.edu/~elisha/Papers/SkewMask%20-%20final%20version.pdf

Unfortunately this paper is only focused on the TCP timestamp problem rather than TCP sequence. The solution proposed is a bandaid that plays games with the clock measurement rather than remove this as a vector completely.

The best way against timestamps is to disable them as previously mentioned. However sequences have to be patched.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]