Re: TCP Timestamping and Remotely gathering uptime information

[Darren Reed <avalon () COOMBS ANU EDU AU>]

In some mail from Bill_Royds () pch gc ca, sie said:
> Actually, the logic is "This has been up for 300 days. It probably is not
> being maintained so it likely has that unpatched exploit avaialable".

I thought about this before I posted that email but decided against any
inclusion of it.  Why ?

There are systems running around the world, today, that *need* to run
24x7 and security patches are no reason for a reboot.  That aside, that
a system has been up, since its release, longer than it takes the time
information to wrap, do you *really* know how long it has been up ?

Upgrading of software running on a host has little or nothing to do with
how long it has been running - so long as you're not running M$ - if it's
not something like a library file.   Last I checked, you didn't need to
reboot to patch up sendmail, named or apache :)

Good sysadmin practice should involve regular, scheduled, rebooting of
systems to ensure that over time the "tinkering" which happens on a day
to day basis never gets to a point where things that are meant to be in
the bootup process are left out.  Well, that's my theory anyway :)

A large uptime of a machine may mean it is quite vulnerable, but does it
really tell you it is unmaintained ?  Does a short uptime mean it is really
maintained or does it just tell you it was rebooted not long ago ?

Darren