Nmap Development mailing list archives
Re: How to track a PC anywhere it connects to the Net
From: Martin Mačok <martin.macok () underground cz>
Date: Sun, 6 Mar 2005 18:57:29 +0100
On Fri, Mar 04, 2005 at 03:33:12PM -0500, Bob Fillmore wrote:
This might be an interesting feature for nmap: http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htm
Well, watching the timestamps during the scan and printing out the relative time skew estimate of the target would be helpful but achieving more exact and useful results would last 12h or better 24h which is a very long time. On Sat, Mar 05, 2005 at 10:40:30AM +0100, Andreas Ericsson wrote:
doesn't mention if a proper ntp implementation (not sntp) in any way prevents such identification although it's reasonably safe to assume that it does.
Running NTP (ntpd) that eliminates target's system clock skew would theoretically "break" the method, but in practice, TCP Timestamps are not affected by system clock adjustements via NTP on many systems including Windows XP, Linux and FreeBSD. By the way, there is no requirement that TCP Timestamps must be related to system clock. Have you read the paper? Martin Mačok ICT Security Consultant --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- How to track a PC anywhere it connects to the Net Bob Fillmore (Mar 04)
- Re: How to track a PC anywhere it connects to the Net Andreas Ericsson (Mar 05)
- Re: How to track a PC anywhere it connects to the Net Bob Fillmore (Mar 06)
- Re: How to track a PC anywhere it connects to the Net Martin Mačok (Mar 06)
- Re: How to track a PC anywhere it connects to the Net Andreas Ericsson (Mar 05)