[LUGOS-SLO] Firefox sends your uptime
Matej Kovacic
matej.kovacic at owca.info
Mon Apr 7 09:06:03 CEST 2008
Pozdrav,
zanima me komentar kakšnega Firefoxovca na sporočilo spodaj, ki pravi,
da ob vzpostavitvi SSL seje Firefox SSL strežniku pošlje uptime odjemalca:
-------- Izvirno sporočilo --------
Zadeva: Firefox sends your uptime
Mozilla Firefox sends your computer's uptime while establishing TLS
(SSL) connection. This could be used to correlate anonymous traffic with
non-anonymous (e.g. LAN traffic) by correlating intercepted uptime
values (or to search the originator of anonymous traffic by correlating
uptime values from TCP timestamps in GNU/Linux and some other operating
systems).
Tested with latest Firefox versions (including Betas) on Windows. Should
also work on GNU/Linux too, but not works on my ArchLinux box due to
some patches...
Details:
RFCs 2246, 4346 describe following structure (part of TLS Client Hello
packet):
struct {
uint32 gmt_unix_time;
opaque random_bytes[28];
} Random;
Firefox sends your uptime in "gmt_unix_time" field (seconds since boot).
Other browsers (IE, Opera) send your current system time in UNIX format.
So, use your Firefox carefully ;)
...
Yes, but running NTP syncs can transform this attack to "end-to-end
confirmation" attack. Attacker can modify NTP packets (they are being
sent over UDP) to hijack your current time (e.g. move it +12 seconds
forward) and then correlate HTTPS traffic from anonymous network (or
HTTP traffic from hidden service by looking at "Date:" field in HTTP
response).
lp, M.
More information about the lugos-slo
mailing list