Re: TCP Timestamp Vulnerability

To: Richard Sass <richard.sass%seqent.com@localhost>
Subject: Re: TCP Timestamp Vulnerability
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Thu, 29 Mar 2018 19:54:28 +0200

On Thu, Mar 29, 2018 at 01:43:48PM -0400, Richard Sass wrote:
> 	"The remote host implements TCP timestamps, as defined by RFC1323. A
> side effect of this feature is that the uptime of the remote host can be
> sometimes be computed."
> 
> Additional: http://www.securiteam.com/securitynews/5NP0C153PI.html
> 
> I think the thought behind this is that if a person can determine the uptime
> of a system then this might be additional information that could be used to
> target an attack. For example: if a system has been up for a year then it
> probably hasn't been patched with recent security patches giving the
> attacker another piece of information on how to attack the system. I'm not
> sure if there may be more to it than that.

Probably no such big deal, but it could be easy to use a per-connection
relative timespamp ... just use (uptime - time_of_connection)

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

References:
- TCP Timestamp Vulnerability
  - From: Richard Sass
- Re: TCP Timestamp Vulnerability
  - From: Manuel Bouyer
- RE: TCP Timestamp Vulnerability
  - From: Richard Sass

Prev by Date: Re: stateful npf
Next by Date: RE: TCP Timestamp Vulnerability
Previous by Thread: RE: TCP Timestamp Vulnerability
Next by Thread: Re: TCP Timestamp Vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index