Re: hiding uptime

[Matt Bing <matt () anzen com>]

Ted U said:
> here's patch i submitted to bugtraq.  it modifies openbsd 2.8/7 so that
> the timestamp starts at zero for each connection.  nmap (or other
> methods) will think you have an uptime of 53 ms or something.  nmap
> doesn't report anything.

Something similar was just commited to -current:

/src/sys/netinet/tcp_subr.c

revision 1.40
date: 2001/03/14 19:21:33;  author: mickey;  state: Exp;  lines: +2 -1
provide a random start for tcp timestamps; niels@ ok

$ sudo nmap -O -sS -p 22-25 karloff
[snip]
Uptime 7792.580 days (since Wed Nov 14 19:48:34 1979)

$ uptime 
9:44AM  up 6 mins, 4 users, load averages: 0.16, 0.30, 0.17

--
Matt Bing
Anzen Computing

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).