Bugtraq mailing list archives
Re: TCP Timestamping and Remotely gathering uptime information
From: Darren Reed <avalon () COOMBS ANU EDU AU>
Date: Sat, 17 Mar 2001 14:16:49 +1100
In some mail from Bill_Royds () pch gc ca, sie said:
Actually, the logic is "This has been up for 300 days. It probably is not being maintained so it likely has that unpatched exploit avaialable".
I thought about this before I posted that email but decided against any inclusion of it. Why ? There are systems running around the world, today, that *need* to run 24x7 and security patches are no reason for a reboot. That aside, that a system has been up, since its release, longer than it takes the time information to wrap, do you *really* know how long it has been up ? Upgrading of software running on a host has little or nothing to do with how long it has been running - so long as you're not running M$ - if it's not something like a library file. Last I checked, you didn't need to reboot to patch up sendmail, named or apache :) Good sysadmin practice should involve regular, scheduled, rebooting of systems to ensure that over time the "tinkering" which happens on a day to day basis never gets to a point where things that are meant to be in the bootup process are left out. Well, that's my theory anyway :) A large uptime of a machine may mean it is quite vulnerable, but does it really tell you it is unmaintained ? Does a short uptime mean it is really maintained or does it just tell you it was rebooted not long ago ? Darren
Current thread:
- Re: TCP Timestamping and Remotely gathering uptime information, (continued)
- Re: TCP Timestamping and Remotely gathering uptime information Saint skullY the Dazed (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information arivanov (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Stephen White (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information bert hubert (Mar 20)
- Remote fingerprinting/uptime (was Re: TCP Timestamping ...) Darren Reed (Mar 20)
- Re: Remote fingerprinting/uptime (was Re: TCP Timestamping ...) Jason R Thorpe (Mar 22)
- Re: TCP Timestamping and Remotely gathering uptime information Chris Tobkin (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Ted U (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Matt Lewis (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Theo de Raadt (Mar 20)
- Re: TCP Timestamping and Remotely gathering uptime information Darren Reed (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information van der Kooij, Hugo (Mar 20)