Re: TCP Timestamp Vulnerability

To: netbsd-users%netbsd.org@localhost
Subject: Re: TCP Timestamp Vulnerability
From: christos%astron.com@localhost (Christos Zoulas)
Date: Fri, 30 Mar 2018 00:36:58 +0000 (UTC)

In article <000901d3c785$7e7486a0$7b5d93e0$@seqent.com>,
Richard Sass <richard.sass%seqent.com@localhost> wrote:
>	"The remote host implements TCP timestamps, as defined by RFC1323. A
>side effect of this feature is that the uptime of the remote host can be
>sometimes be computed."
>
>Additional: http://www.securiteam.com/securitynews/5NP0C153PI.html
>
>I think the thought behind this is that if a person can determine the uptime
>of a system then this might be additional information that could be used to
>target an attack. For example: if a system has been up for a year then it
>probably hasn't been patched with recent security patches giving the
>attacker another piece of information on how to attack the system. I'm not
>sure if there may be more to it than that.

Oh no, not this again :-)

https://mail-index.netbsd.org/tech-net/2016/07/20/msg006018.html

And we have not had the uptime issue in ~forever; look at how "tcp_now" is
computed.

christos

References:
- TCP Timestamp Vulnerability
  - From: Richard Sass
- Re: TCP Timestamp Vulnerability
  - From: Manuel Bouyer
- RE: TCP Timestamp Vulnerability
  - From: Richard Sass

Prev by Date: RE: TCP Timestamp Vulnerability
Next by Date: Re: TCP Timestamp Vulnerability
Previous by Thread: Re: TCP Timestamp Vulnerability
Next by Thread: Re: TCP Timestamp Vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index