[19684] in bugtraq
Re: TCP Timestamping and Remotely gathering uptime information
daemon@ATHENA.MIT.EDU (Darren Reed)
Fri Mar 16 15:01:50 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <200103151752.EAA11989@cairo.anu.edu.au>
Date: Fri, 16 Mar 2001 04:52:47 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: bret@REHOST.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200103142243.RAA11917@rehost.com> from "Bret" at Mar 14,
2001 05:43:54 PM
So when do we change things like "uname" such that they no longer report
the system "identity" (OS, OS rev) to anyone but root ?
Why do you think all timestamps should not reveal uptime information ?
What do you think is at risk here ?
Are script kiddies going to say "ooh, he's been up for 500 days and he's
not linux, lets flood him to death" ?
Or is there something more fundamental ?
One potential use of uptime information to an attackers advantage is in
attacking things which use the current time (seconds, microseconds,
whatever) as a seed for some sort of thing when the start up at boot
time. An server which has a week PRNG or similar might be at risk,
where it otherwise would not, do you think ?
Darren
