[19683] in bugtraq
Re: TCP Timestamping and Remotely gathering uptime information
daemon@ATHENA.MIT.EDU (Ted U)
Fri Mar 16 15:00:04 2001
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-1021619080-984711088=:21984"
Message-ID: <Pine.BSO.4.31.0103151834320.21984-200000@heorot.stanford.edu>
Date: Thu, 15 Mar 2001 18:51:28 -0800
Reply-To: Ted U <grendel@HEOROT.STANFORD.EDU>
From: Ted U <grendel@HEOROT.STANFORD.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200103142243.RAA11917@rehost.com>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--0-1021619080-984711088=:21984
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 14 Mar 2001, Bret wrote:
> I think that some redesign by kernel developers is in
> order on this so that such information is not given out (no matter how
> useless it may appear), either by creating a new 'timestamp clock' for
> each TCP session (that uses timestamps) or by starting the timestamp clock
> off with some random number.
here's a patch for openbsd 2.8/7 that does the first option. it uses the
main 'clock' but starts off at zero. works for me on i386. tcpdump
reveals that it acts as it should, but confuses nmap when it gets 0
several times in a row. now you can only determine the length a
connection has been open, but you already know that. interoperates fine
with more 'standard' implementations.
caveats: unsure of what happens when timestamp overflows. also probably
has some minimal impact on performance.
--
Ted Unangst - grendel@heorot.stanford.edu - http://heorot.stanford.edu/
"If you don't believe in the existence of evil, you have a lot to learn."
--0-1021619080-984711088=:21984
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="rfc1323.patch"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSO.4.31.0103151851280.21984@heorot.stanford.edu>
Content-Description:
Content-Disposition: attachment; filename="rfc1323.patch"
cmZjMTMyMy5wYXRjaCBieSBUZWQgLSBncmVuZGVsQGhlb3JvdC5zdGFuZm9y
ZC5lZHUNCg0KQ2hhbmdlcyBPcGVuQlNEIFRDUC9JUCBzdGFjayBzbyB0aGF0
IHRoZSBSRkMgMTMyMyB0aW1lc3RhbXAgaXMgc2V0IGF0DQp6ZXJvIGF0IHRo
ZSBzdGFydCBvZiBlYWNoIGNvbm5lY3Rpb24uICBNYWtlcyBpdCBpbXBvc3Np
YmxlIHRvDQpkZXRlcm1pbmUgdXB0aW1lLCBleGNlcHQgYXMgY29uY2VybnMg
dGhhdCBvbmUgY29ubmVjdGlvbi4NCg0KY2QgL3N5cy9uZXRpbmV0DQpwYXRj
aCA8IC8uLi4vcmZjMTMyMy5wYXRjaA0KYW5kIHJlYnVpbGQga2VybmVsDQoN
Cg0KLS0tIHRjcF92YXIuaC5vcmlnCVRodSBNYXIgMTUgMTg6MjY6MzkgMjAw
MQ0KKysrIHRjcF92YXIuaAlUaHUgTWFyIDE1IDE4OjI3OjExIDIwMDENCkBA
IC0xNjEsNiArMTYxLDggQEANCiAJdV9jaGFyCXJjdl9zY2FsZTsJCS8qIHdp
bmRvdyBzY2FsaW5nIGZvciByZWN2IHdpbmRvdyAqLw0KIAl1X2NoYXIJcmVx
dWVzdF9yX3NjYWxlOwkvKiBwZW5kaW5nIHdpbmRvdyBzY2FsaW5nICovDQog
CXVfY2hhcglyZXF1ZXN0ZWRfc19zY2FsZTsNCisJdV9pbnQzMl90IG15dGNw
X25vdzsNCisJdV9pbnQzMl90IG9sZHRjcF9ub3c7DQogCXVfaW50MzJfdCB0
c19yZWNlbnQ7CQkvKiB0aW1lc3RhbXAgZWNobyBkYXRhICovDQogCXVfaW50
MzJfdCB0c19yZWNlbnRfYWdlOwkJLyogd2hlbiBsYXN0IHVwZGF0ZWQgKi8N
CiAJdGNwX3NlcQlsYXN0X2Fja19zZW50Ow0KLS0tIHRjcF9pbnB1dC5jLm9y
aWcJVGh1IE1hciAxNSAxODoyNjoyNCAyMDAxDQorKysgdGNwX2lucHV0LmMJ
VGh1IE1hciAxNSAxODoyNjo1NSAyMDAxDQpAQCAtMTA0LDYgKzEwNCw3IEBA
DQogaW50CXRjcHJleG10dGhyZXNoID0gMzsNCiBzdHJ1Y3QJdGNwaXBoZHIg
dGNwX3NhdmV0aTsNCiBpbnQJdGNwdHZfa2VlcF9pbml0ID0gVENQVFZfS0VF
UF9JTklUOw0KK3VfaW50MzJfdCB0c190ZW1wOw0KIA0KIGV4dGVybiB1X2xv
bmcgc2JfbWF4Ow0KIA0KQEAgLTg4Myw3ICs4ODQsMTAgQEANCiAJCSAqIEZp
eCBmcm9tIEJyYWRlbiwgc2VlIFN0ZXZlbnMgcC4gODcwDQogCQkgKi8NCiAJ
CWlmICh0c19wcmVzZW50ICYmIFNFUV9MRVEodGgtPnRoX3NlcSwgdHAtPmxh
c3RfYWNrX3NlbnQpKSB7DQotCQkJdHAtPnRzX3JlY2VudF9hZ2UgPSB0Y3Bf
bm93Ow0KKwkJCXRzX3RlbXAgPSB0Y3Bfbm93IC0gdHAtPm9sZHRjcF9ub3c7
DQorCQkJdHAtPm9sZHRjcF9ub3cgPSB0Y3Bfbm93Ow0KKwkJCXRwLT5teXRj
cF9ub3cgPSB0c190ZW1wICsgdHAtPm15dGNwX25vdzsNCisJCQl0cC0+dHNf
cmVjZW50X2FnZSA9IHRwLT5teXRjcF9ub3c7DQogCQkJdHAtPnRzX3JlY2Vu
dCA9IHRzX3ZhbDsNCiAJCX0NCiANCkBAIC04OTcsNyArOTAxLDcgQEANCiAJ
CQkJICovDQogCQkJCSsrdGNwc3RhdC50Y3BzX3ByZWRhY2s7DQogCQkJCWlm
ICh0c19wcmVzZW50KQ0KLQkJCQkJdGNwX3htaXRfdGltZXIodHAsIHRjcF9u
b3ctdHNfZWNyKzEpOw0KKwkJCQkJdGNwX3htaXRfdGltZXIodHAsIHRwLT5t
eXRjcF9ub3ctdHNfZWNyKzEpOw0KIAkJCQllbHNlIGlmICh0cC0+dF9ydHQg
JiYNCiAJCQkJCSAgICBTRVFfR1QodGgtPnRoX2FjaywgdHAtPnRfcnRzZXEp
KQ0KIAkJCQkJdGNwX3htaXRfdGltZXIodHAsIHRwLT50X3J0dCk7DQpAQCAt
MTAxNSw3ICsxMDE5LDYgQEANCiAjaWZkZWYgSU5FVDYNCiAJCXJlZ2lzdGVy
IHN0cnVjdCBzb2NrYWRkcl9pbjYgKnNpbjY7DQogI2VuZGlmIC8qIElORVQ2
ICovDQotDQogCQlpZiAodGlmbGFncyAmIFRIX1JTVCkNCiAJCQlnb3RvIGRy
b3A7DQogCQlpZiAodGlmbGFncyAmIFRIX0FDSykNCkBAIC0xMjkxLDcgKzEy
OTQsNyBAQA0KIAkgICAgVFNUTVBfTFQodHNfdmFsLCB0cC0+dHNfcmVjZW50
KSkgew0KIA0KIAkJLyogQ2hlY2sgdG8gc2VlIGlmIHRzX3JlY2VudCBpcyBv
dmVyIDI0IGRheXMgb2xkLiAgKi8NCi0JCWlmICgoaW50KSh0Y3Bfbm93IC0g
dHAtPnRzX3JlY2VudF9hZ2UpID4gVENQX1BBV1NfSURMRSkgew0KKwkJaWYg
KChpbnQpKHRwLT5teXRjcF9ub3cgLSB0cC0+dHNfcmVjZW50X2FnZSkgPiBU
Q1BfUEFXU19JRExFKSB7DQogCQkJLyoNCiAJCQkgKiBJbnZhbGlkYXRlIHRz
X3JlY2VudC4gIElmIHRoaXMgc2VnbWVudCB1cGRhdGVzDQogCQkJICogdHNf
cmVjZW50LCB0aGUgYWdlIHdpbGwgYmUgcmVzZXQgbGF0ZXIgYW5kIHRzX3Jl
Y2VudA0KQEAgLTE0MTIsNyArMTQxNSwxMCBAQA0KIAkgKi8NCiAJaWYgKHRz
X3ByZXNlbnQgJiYgVFNUTVBfR0VRKHRzX3ZhbCwgdHAtPnRzX3JlY2VudCkg
JiYNCiAJICAgIFNFUV9MRVEodGgtPnRoX3NlcSwgdHAtPmxhc3RfYWNrX3Nl
bnQpKSB7DQotCQl0cC0+dHNfcmVjZW50X2FnZSA9IHRjcF9ub3c7DQorCQl0
c190ZW1wID0gdGNwX25vdyAtIHRwLT5vbGR0Y3Bfbm93Ow0KKwkJdHAtPm9s
ZHRjcF9ub3cgPSB0Y3Bfbm93Ow0KKwkJdHAtPm15dGNwX25vdyA9IHRzX3Rl
bXAgKyB0cC0+bXl0Y3Bfbm93Ow0KKwkJdHAtPnRzX3JlY2VudF9hZ2UgPSB0
cC0+bXl0Y3Bfbm93Ow0KIAkJdHAtPnRzX3JlY2VudCA9IHRzX3ZhbDsNCiAJ
fQ0KIA0KQEAgLTE3MzMsNyArMTczOSw3IEBADQogCQkgKiBSZWNvbXB1dGUg
dGhlIGluaXRpYWwgcmV0cmFuc21pdCB0aW1lci4NCiAJCSAqLw0KIAkJaWYg
KHRzX3ByZXNlbnQpDQotCQkJdGNwX3htaXRfdGltZXIodHAsIHRjcF9ub3ct
dHNfZWNyKzEpOw0KKwkJCXRjcF94bWl0X3RpbWVyKHRwLCB0cC0+bXl0Y3Bf
bm93LXRzX2VjcisxKTsNCiAJCWVsc2UgaWYgKHRwLT50X3J0dCAmJiBTRVFf
R1QodGgtPnRoX2FjaywgdHAtPnRfcnRzZXEpKQ0KIAkJCXRjcF94bWl0X3Rp
bWVyKHRwLHRwLT50X3J0dCk7DQogDQpAQCAtMjIxNCw3ICsyMjIwLDkgQEAN
CiAJCQlpZiAodGgtPnRoX2ZsYWdzICYgVEhfU1lOKSB7DQogCQkJCXRwLT50
X2ZsYWdzIHw9IFRGX1JDVkRfVFNUTVA7DQogCQkJCXRwLT50c19yZWNlbnQg
PSAqdHNfdmFsOw0KLQkJCQl0cC0+dHNfcmVjZW50X2FnZSA9IHRjcF9ub3c7
DQorCQkJCXRwLT5teXRjcF9ub3cgPSAwOw0KKwkJCQl0cC0+b2xkdGNwX25v
dyA9IHRjcF9ub3c7DQorCQkJCXRwLT50c19yZWNlbnRfYWdlID0gdHAtPm15
dGNwX25vdzsNCiAJCQl9DQogCQkJYnJlYWs7DQogCQkNCi0tLSB0Y3Bfb3V0
cHV0LmMub3JpZwlUaHUgTWFyIDE1IDE4OjI2OjMyIDIwMDENCisrKyB0Y3Bf
b3V0cHV0LmMJVGh1IE1hciAxNSAxODoyNzowMyAyMDAxDQpAQCAtNTU5LDcg
KzU1OSw3IEBADQogIA0KIAkJLyogRm9ybSB0aW1lc3RhbXAgb3B0aW9uIGFz
IHNob3duIGluIGFwcGVuZGl4IEEgb2YgUkZDIDEzMjMuICovDQogCQkqbHAr
KyA9IGh0b25sKFRDUE9QVF9UU1RBTVBfSERSKTsNCi0JCSpscCsrID0gaHRv
bmwodGNwX25vdyk7DQorCQkqbHArKyA9IGh0b25sKHRwLT5teXRjcF9ub3cp
Ow0KIAkJKmxwICAgPSBodG9ubCh0cC0+dHNfcmVjZW50KTsNCiAJCW9wdGxl
biArPSBUQ1BPTEVOX1RTVEFNUF9BUFBBOw0KIAl9DQo=
--0-1021619080-984711088=:21984--
