3

I was told that an adversary can figure out system uptime by looking at TCP timestamps. But I'm not sure who exactly can see this information. For example, if I set up a hardware Tor gateway so that all network traffic from my computer goes through Tor, and browse SE website normally using the computer, will my ISP know my system's uptime? Will SE website know? What about the local network administrator?

tcpconnect
  • 31
  • 1
  • Operating systems can change their implementation of tcp timestamps to avoid the extraction of the uptime . For linux see my answer https://security.stackexchange.com/a/224696/90485 – Massimo Jan 23 '20 at 09:46

1 Answers1

1

TCP timestamps are only visible at the endpoints of the specific TCP connection and on every hop in between. If you are setting up a "hardware" Tor gateway (i.e. some software running on some gateway system) the TCP connection from your systems ends at this gateway. Who can then view the TCP timestamps depends on where this gateway is located. But if it is located inside your local network your ISP will not be able to see the TCP timestamps from your system. He might be able to see the TCP timestamps from your Tor gateway though.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • 1
    Even if you run Tor on your own computer, the endpoint does not see the TCP timestamps of your own system. The TCP connection from your computer ends at the guard node. – forest Apr 29 '18 at 10:52