Laird Breyer writes:
On Oct 21 2004, Arnt Gulbrandsen wrote:
I guess I wasn't clear. Sorry. Let me try again.
1. Quoting the time isn't good. If I'm allowed 150 tries and can
bounce some mail off your server to read the bounce messages, I can
guess when you'll process a message.
Ah, I think I understand your point. You could use 150 bounces as
tracers, to compute an estimate of the processing time: e.g. send a
test message designed to bounce, containing the time that the SMTP
transaction was initiated, and later read back the timestamp which
was added. Then do a regression line estimate. Something like that
could probably work, although a proof of concept would be nice.
Give me an address and I can try.
Step 1. I'd send five messages to nosuchuser(_at_)do(_dot_)ma(_dot_)in and wait for the
bounces. For each of them, I'd compute the delay from my sending time
(using my clock) to the receiving MTA's receive time. Next, I'd average
the five values.
Step 2. I'd send the target a hundred messages or so, with a hundred
guesses centered around the average computed in step 1.
Assuming that 80% of mail from me to the target are delivered within the
range [t-50,t+50> seconds, I'd have an 80% chance of success.
A more sophisticated attack would use more initial probes and vary the
number of guesses based on the spread of the probed delays.
Should I bother to do it, or is the description persuasive? ;)
In another post, I mentioned possibly extending the RFC 2822 date-time
stamp to include microseconds. Would that be sufficient protection
against such a timing attack, or would Moore's law render this
useless over time?
Microseconds would help, since it's harder for the attacker to cover the
likely correct answers. But it's only provides three digits. If the ID
is used, the recipient can add unguessable entropy to taste, without
requiring RFC2822 changes.
2. Quoting the "with" ID may provide protection, depending on
whether the ID is guessable.
Yes. From the RFC, this is optional. Do you know any good reasons why the ID
might not be added to a Received line sometimes?
I don't know any good reason. If it matters, MTA authors quickly add one.
Arnt