Bugtraq mailing list archives
Remote fingerprinting/uptime (was Re: TCP Timestamping ...)
From: Darren Reed <avalon () COOMBS ANU EDU AU>
Date: Tue, 20 Mar 2001 20:23:52 +1100
I'm not sure the "TCP timestamping allows fingerprinting" holds a lot of water. nmap's capabilities for determining what version of an OS is at the other end are pretty complete. So far as TCP fingerprints go, it's how often it changes (and by how much) that's at issue, not just what it gets seeded to. While nmap fingerprinting may not tell you how long a box has been up, it has capabilities to tell you what version the kernel is regardless of how long it has been up. Changing a system's algorithm for TCP timestamping just introduces yet another mechanism for nmap to use in determining what version of kernel is at the other end. So, does "fixing" the TCP timestamping actually help or make matters worse - i.e. easier for an attacker ? If I know a kernel is going to be OpenBSD pre-2.8 (for example), is that more or less useful than knowing it has been up 60 days ? Just to recap, knowing a host has been up for n days only means you know it can't be an OS/kernel that has been released in those n days and any associated information that goes with that. You know nothing else. If a box has been up 50 days then that doesn't tell you it is 2.0 or 2.2 or 2.3 or 2.4. It just tells you it can't be anything that's been released in less than 50 days. Darren
Current thread:
- TCP Timestamping and Remotely gathering uptime information Bret (Mar 13)
- Re: TCP Timestamping and Remotely gathering uptime information Fyodor (Mar 14)
- <Possible follow-ups>
- Re: TCP Timestamping and Remotely gathering uptime information Bret (Mar 15)
- Re: TCP Timestamping and Remotely gathering uptime information Ted U (Mar 16)
- Re: TCP Timestamping and Remotely gathering uptime information Darren Reed (Mar 16)
- Re: TCP Timestamping and Remotely gathering uptime information Valdis Kletnieks (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Saint skullY the Dazed (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information arivanov (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Stephen White (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information bert hubert (Mar 20)
- Remote fingerprinting/uptime (was Re: TCP Timestamping ...) Darren Reed (Mar 20)
- Re: Remote fingerprinting/uptime (was Re: TCP Timestamping ...) Jason R Thorpe (Mar 22)
- Re: TCP Timestamping and Remotely gathering uptime information Chris Tobkin (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Ted U (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Matt Lewis (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Theo de Raadt (Mar 20)
- Re: TCP Timestamping and Remotely gathering uptime information Darren Reed (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information van der Kooij, Hugo (Mar 20)