Bugtraq mailing list archives
Re: TCP Timestamping and Remotely gathering uptime information
From: Ted U <grendel () HEOROT STANFORD EDU>
Date: Thu, 15 Mar 2001 18:51:28 -0800
On Wed, 14 Mar 2001, Bret wrote:
I think that some redesign by kernel developers is in order on this so that such information is not given out (no matter how useless it may appear), either by creating a new 'timestamp clock' for each TCP session (that uses timestamps) or by starting the timestamp clock off with some random number.
here's a patch for openbsd 2.8/7 that does the first option. it uses the main 'clock' but starts off at zero. works for me on i386. tcpdump reveals that it acts as it should, but confuses nmap when it gets 0 several times in a row. now you can only determine the length a connection has been open, but you already know that. interoperates fine with more 'standard' implementations. caveats: unsure of what happens when timestamp overflows. also probably has some minimal impact on performance. -- Ted Unangst - grendel () heorot stanford edu - http://heorot.stanford.edu/ "If you don't believe in the existence of evil, you have a lot to learn."
Attachment:
rfc1323.patch
Description:
Current thread:
- TCP Timestamping and Remotely gathering uptime information Bret (Mar 13)
- Re: TCP Timestamping and Remotely gathering uptime information Fyodor (Mar 14)
- <Possible follow-ups>
- Re: TCP Timestamping and Remotely gathering uptime information Bret (Mar 15)
- Re: TCP Timestamping and Remotely gathering uptime information Ted U (Mar 16)
- Re: TCP Timestamping and Remotely gathering uptime information Darren Reed (Mar 16)
- Re: TCP Timestamping and Remotely gathering uptime information Valdis Kletnieks (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Saint skullY the Dazed (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information arivanov (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Stephen White (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information bert hubert (Mar 20)
- Remote fingerprinting/uptime (was Re: TCP Timestamping ...) Darren Reed (Mar 20)
- Re: Remote fingerprinting/uptime (was Re: TCP Timestamping ...) Jason R Thorpe (Mar 22)
- Re: TCP Timestamping and Remotely gathering uptime information Chris Tobkin (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Ted U (Mar 19)