NIST NTP servers

Eric Kuhnke eric.kuhnke at
Thu May 12 00:23:31 UTC 2016

Compared to the scale of the budget of small research projects run by
national intelligence agency sized organizations, you wouldn't have to be
very well funded to run a sizeable proportion of all tor exit nodes with
some degree of plausible deniability...

500 credit cards

500 unique bililng names/addresses and sets of contact info

spread 500 1U servers around the world in as many geographically unique
locations as you can find, with every dedicated hosting/colo company...

average of $150/mo x 500 = $75,000

On Wed, May 11, 2016 at 5:08 PM, <Valdis.Kletnieks at> wrote:

> On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said:
> > * Chris Adams:
> >
> > > First, out of the box, if you use the public pool servers (default
> > > config), you'll typically get 4 random (more or less) servers from the
> > > pool.  There are a bunch, so Joe Random Hacker isn't going to have a
> > > high chance of guessing the servers your system is using.
> >
> > A determined attacker will just run servers in the official pool.
> Such attacks have allegedly been attempted against Tor by certain
> very well funded adversaries.
> Thus my statement that if you're seeing that scale attack on your time
> sources, the fact that your time source is being attacked is the *least*
> of your problems...

More information about the NANOG mailing list