#26359: DoS and timed attacks via unencrypted network time protocols
     Reporter:  time_attacker  |      Owner:  (none)
         Type:  defect         |     Status:  new
     Priority:  High           |  Milestone:
    Component:  Core Tor/Tor   |    Version:
     Severity:  Major          |   Keywords:  time, NTP, DoS, attack
Actual Points:                 |  Parent ID:
       Points:                 |   Reviewer:
      Sponsor:                 |
 If a device relies on NTP (or any other unencrypted network time
 protocol), ISP or other party in the middle can manipulate unencrypted
 packages to set wrong time. Tor relies on correct time, so ISP can deny
 Tor usage any time it wants to. Moreover, attacker controlling the ISP
 (government or hackers compromising ISP's server) can manipulate time on
 tor-using device, assisting attacks that involve wrong time.

 Embedded systems like routers have no real-time clock hardware and need to
 set time via network. PCs are often configured to synchronize time via

 Tor should have other way to set the time it needs. It could set time from
 directory servers and known relays.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26359>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to