NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: TCP Timestamp Vulnerability

On Thu, Mar 29, 2018 at 10:43 AM, Richard Sass <> wrote:
>         "The remote host implements TCP timestamps, as defined by RFC1323. A
> side effect of this feature is that the uptime of the remote host can be
> sometimes be computed."
> Additional:
> I think the thought behind this is that if a person can determine the uptime
> of a system then this might be additional information that could be used to
> target an attack. For example: if a system has been up for a year then it
> probably hasn't been patched with recent security patches giving the
> attacker another piece of information on how to attack the system. I'm not
> sure if there may be more to it than that.

Is this a similar problem then?

# hping --icmp-ts -c 1
HPING (lo0 icmp mode set, 28 headers + 0 data bytes
len=40 ip= ttl=255 id=0 icmp_seq=0 rtt=0.5 ms
ICMP timestamp: Originate=15774697 Receive=15774697 Transmit=15774697
ICMP timestamp RTT tsrtt=1

--- hping statistic ---
1 packets tramitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.5/0.5/0.5 ms

I'm not aware of a way to prevent this reply without blocking all ICMP
which isn't always a good idea. Maybe npf can do it?


Home | Main Index | Thread Index | Old Index