Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP Timestamping and Remotely gathering uptime information

From: Ted U <grendel () HEOROT STANFORD EDU>
Date: Thu, 15 Mar 2001 18:51:28 -0800
On Wed, 14 Mar 2001, Bret wrote:


I think that some redesign by kernel developers is in
order on this so that such information is not given out (no matter how
useless it may appear), either by creating a new 'timestamp clock' for
each TCP session (that uses timestamps) or by starting the timestamp clock
off with some random number.


here's a patch for openbsd 2.8/7 that does the first option.  it uses the
main 'clock' but starts off at zero.  works for me on i386.  tcpdump
reveals that it acts as it should, but confuses nmap when it gets 0
several times in a row.  now you can only determine the length a
connection has been open, but you already know that.  interoperates fine
with more 'standard' implementations.

caveats: unsure of what happens when timestamp overflows.  also probably
has some minimal impact on performance.



--
Ted Unangst - grendel () heorot stanford edu - http://heorot.stanford.edu/
"If you don't believe in the existence of evil, you have a lot to learn."

Attachment: rfc1323.patch
Description:

Previous By Date Next
Previous By Thread Next

Current thread: