[19739] in bugtraq
Re: TCP Timestamping and Remotely gathering uptime information
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Tue Mar 20 22:13:29 2001
Message-ID: <200103192018.f2JKIi502180@cvs.openbsd.org>
Date: Mon, 19 Mar 2001 13:18:43 -0700
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: Matt Lewis <barkode-bugtraq@NINJAS.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Fri, 16 Mar 2001 12:04:03 PST."
<3AB271B3.55B6004A@ninjas.org>
> Darren Reed said:
>
> > Why do you think all timestamps should not reveal uptime information ?
>
> Well, not to speak on Bret's behalf per se, but personally, I've seen
> plenty of software (the quality of which may be in question) that uses
> uptime (or clock-ticks-since-boot, whatever) for a variety of things,
> albeit ususally trivial.
Lots of such things exist. One example is RPC, which used to generate
it's initial XID (which are subsequently incremented per transaction)
from tv.tv_sec ^ tv.tv_usec ^ getpid(). On systems with predictable
boot sequences, predictable pids, and known boot time, it is possible
to figure out the window of XID usage, and spoof replies.
Other such thigns do exist, get discovered, etc etc etc, and fixed on
their own. However, ... it's nice to fix problems by accident.
