Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP Timestamping and Remotely gathering uptime information

From: Theo de Raadt <deraadt () CVS OPENBSD ORG>
Date: Mon, 19 Mar 2001 13:18:43 -0700
Darren Reed said:


Why do you think all timestamps should not reveal uptime information ?


Well, not to speak on Bret's behalf per se, but personally, I've seen
plenty of software (the quality of which may be in question) that uses
uptime (or clock-ticks-since-boot, whatever) for a variety of things,
albeit ususally trivial.


Lots of such things exist.  One example is RPC, which used to generate
it's initial XID (which are subsequently incremented per transaction)
from tv.tv_sec ^ tv.tv_usec ^ getpid().  On systems with predictable
boot sequences, predictable pids, and known boot time, it is possible
to figure out the window of XID usage, and spoof replies.

Other such thigns do exist, get discovered, etc etc etc, and fixed on
their own.  However, ... it's nice to fix problems by accident.
Previous By Date Next
Previous By Thread Next

Current thread: