Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP Timestamping and Remotely gathering uptime information

From: Darren Reed <avalon () COOMBS ANU EDU AU>
Date: Fri, 16 Mar 2001 04:52:47 +1100
So when do we change things like "uname" such that they no longer report
the system "identity" (OS, OS rev) to anyone but root ?

Why do you think all timestamps should not reveal uptime information ?

What do you think is at risk here ?

Are script kiddies going to say "ooh, he's been up for 500 days and he's
not linux, lets flood him to death" ?

Or is there something more fundamental ?

One potential use of uptime information to an attackers advantage is in
attacking things which use the current time (seconds, microseconds,
whatever) as a seed for some sort of thing when the start up at boot
time.  An server which has a week PRNG or similar might be at risk,
where it otherwise would not, do you think ?

Darren
Previous By Date Next
Previous By Thread Next

Current thread: