Bugtraq mailing list archives
Re: TCP Timestamping and Remotely gathering uptime information
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Sun, 18 Mar 2001 00:17:09 -0500
On Fri, 16 Mar 2001 04:52:47 +1100, Darren Reed <avalon () COOMBS ANU EDU AU> said:
One potential use of uptime information to an attackers advantage is in attacking things which use the current time (seconds, microseconds, whatever) as a seed for some sort of thing when the start up at boot
The first use *I* thought of was as follows: If you know (via careful extended observation) that a given server reboots every alternate Thursday at 4:30AM (or whenever their test time is), it allows you to lay the groundwork for a spoofing attack or other mischief while the spoofed machine is down for the reboot and unable to complain about the impostor... As a bonus - they probably will skip the reboot unless they had a config change staged. As a result, you *know* what will get blamed for any and all weirdness seen during the reboot - every sysadmin I know will look at a weird message at 4:30AM and think "What did I just change, and how the <bleep> did it cause THAT error?". ;) Valdis Kletnieks Operating Systems Analyst Virginia Tech
Current thread:
- TCP Timestamping and Remotely gathering uptime information Bret (Mar 13)
- Re: TCP Timestamping and Remotely gathering uptime information Fyodor (Mar 14)
- <Possible follow-ups>
- Re: TCP Timestamping and Remotely gathering uptime information Bret (Mar 15)
- Re: TCP Timestamping and Remotely gathering uptime information Ted U (Mar 16)
- Re: TCP Timestamping and Remotely gathering uptime information Darren Reed (Mar 16)
- Re: TCP Timestamping and Remotely gathering uptime information Valdis Kletnieks (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Saint skullY the Dazed (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information arivanov (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Stephen White (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information bert hubert (Mar 20)
- Remote fingerprinting/uptime (was Re: TCP Timestamping ...) Darren Reed (Mar 20)
- Re: Remote fingerprinting/uptime (was Re: TCP Timestamping ...) Jason R Thorpe (Mar 22)
- Re: TCP Timestamping and Remotely gathering uptime information Chris Tobkin (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Ted U (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Matt Lewis (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Theo de Raadt (Mar 20)