From owner-freebsd-questions@FreeBSD.ORG Fri Mar 11 06:12:09 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67E3A16A4CE for ; Fri, 11 Mar 2005 06:12:09 +0000 (GMT) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF82043D1D for ; Fri, 11 Mar 2005 06:12:08 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) j2B6CBb71040 for ; Thu, 10 Mar 2005 22:12:16 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: Date: Thu, 10 Mar 2005 22:12:02 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <751280160.20050311034539@wanadoo.fr> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Subject: RE: Clock slew vulnerability in FreeBSD? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2005 06:12:09 -0000 Your talking about this: http://www.caida.org/outreach/papers/2005/fingerprinting/ >From educatedguesswork.org: "The basic idea is that you use TCP timestamps to estimate how fast or slow the remote clock is running. This doesn't give you enough information to uniquely identify the remote machine, but it does give you a way to assess whether two given machines are the same. Possible uses include determining when two machines that have the same address are in fact different machines (e.g., they're behind a NAT) or whether two machines with different IP address are actually the same machine (e.g., a honeypot)." Anthony, I think your a bit mistaken in your description. This does not appear to be much of a security hole. NAT's are defacto these days on the Internet and any cracker is going to assume that there's a good chance he's attacking a NAT. Ted > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Anthony > Atkielski > Sent: Thursday, March 10, 2005 6:46 PM > To: freebsd-questions@freebsd.org > Subject: Clock slew vulnerability in FreeBSD? > > > How vulnerable is FreeBSD to the recently announced technique for > individually identifying computers by the clock slew apparent in TCP > packets? If it is vulnerable to this, will there be any plans to > address the vulnerability? > > -- > Anthony > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >