NIST NTP servers
eric.kuhnke at gmail.com
Thu May 12 00:23:31 UTC 2016
Compared to the scale of the budget of small research projects run by
national intelligence agency sized organizations, you wouldn't have to be
very well funded to run a sizeable proportion of all tor exit nodes with
some degree of plausible deniability...
500 credit cards
500 unique bililng names/addresses and sets of contact info
spread 500 1U servers around the world in as many geographically unique
locations as you can find, with every dedicated hosting/colo company...
average of $150/mo x 500 = $75,000
On Wed, May 11, 2016 at 5:08 PM, <Valdis.Kletnieks at vt.edu> wrote:
> On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said:
> > * Chris Adams:
> > > First, out of the box, if you use the public pool servers (default
> > > config), you'll typically get 4 random (more or less) servers from the
> > > pool. There are a bunch, so Joe Random Hacker isn't going to have a
> > > high chance of guessing the servers your system is using.
> > A determined attacker will just run servers in the official pool.
> Such attacks have allegedly been attempted against Tor by certain
> very well funded adversaries.
> Thus my statement that if you're seeing that scale attack on your time
> sources, the fact that your time source is being attacked is the *least*
> of your problems...
More information about the NANOG