[Tails-dev] Can TCP Sequence Numbers leak System Clock?

Üzenet törlése

Válasz az üzenetre
Szerző: Patrick Schleizer
Dátum:  
Címzett: tor-talk, szander, s.murdoch
CC: The Tails public development discussion list, Whonix-devel
Tárgy: [Tails-dev] Can TCP Sequence Numbers leak System Clock?
Hi!

Is it possible to derive and/or estimate the system clock by observing
TCP sequence numbers?

Jacob Appelbaum [1]:
> In the Linux kernel, TCP Sequence numbers embed the system clock and

then hash it. Yet another way to leak the system clock to the network.

As I understand the paper 'An Improved Clock-skew Measurement Technique
for Revealing Hidden Services' [2] (6/23 = pdf page 3), it implies that
TCP sequence numbers can leak the system clock.

> Some clocks can be queried remotely:
> Clock: TCP sequence numbers
> Firewall: Cannot be blocked
> Other: Linux specific, very difficult to use


Is this the case or does that paper mean something else?

On the other hand, I've read the claim "The kernel embeds the system
time in microseconds in TCP connections.", but I haven't found the code
in question to confirm, that this is so. Any idea?

Was also recently raised on Tor's issue tracker. [3]

More resources: [4] [5]

Cheers,
Patrick

[1] https://twitter.com/ioerror/status/509159304323416064
[2] http://caia.swin.edu.au/talks/CAIA-TALK-080728A.pdf
[3] https://trac.torproject.org/projects/tor/ticket/16659
[4] http://lxr.free-electrons.com/source/net/ipv4/tcp_ipv4.c
[5]
http://stackoverflow.com/questions/12231623/initial-sequence-number-generation-in-linux-tcp-stack/12232126#12232126