From owner-freebsd-arch  Thu May 24 18:15:14 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-39.dsl.lsan03.pacbell.net [63.207.60.39])
	by hub.freebsd.org (Postfix) with ESMTP id A1B1837B423
	for <arch@FreeBSD.ORG>; Thu, 24 May 2001 18:15:09 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 3571866B5F; Thu, 24 May 2001 18:15:09 -0700 (PDT)
Date: Thu, 24 May 2001 18:15:09 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Peter Wemm <peter@wemm.org>
Cc: Greg Lehey <grog@lemis.com>, arch@FreeBSD.ORG
Subject: Re: http://uptime.netcraft.com/up/accuracy.html#cycle
Message-ID: <20010524181509.A38098@xor.obsecurity.org>
References: <20010524094750.A74859@wantadilla.lemis.com> <20010524070153.6DECA3811@overcee.netplex.com.au>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="wRRV7LY7NUeQGEoC"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010524070153.6DECA3811@overcee.netplex.com.au>; from peter@wemm.org on Thu, May 24, 2001 at 12:01:53AM -0700
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG


--wRRV7LY7NUeQGEoC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, May 24, 2001 at 12:01:53AM -0700, Peter Wemm wrote:

> I think it means that we need to run a timer on it at a fixed 20hz so that
> our uptime values double. ;-)  Actually, I dont think that will help beca=
use
> they check over several days to determine the CC count rate.  But we shou=
ld
> probably use a fixed rate since people do change their HZ values in certa=
in
> situations.
>=20
> netcraft's uptime counter looks at the RFC1323 timestamp option (which we
> have off by default now, so it is academic :-( ) and detects the 500ms
> update rate or the 10ms update rate for FreeBSD systems.  It can use this=
 to
> determine the uptime 'remotely' by fingerprinting the system.
>=20
> See:
>  http://uptime.netcraft.co.uk/up/graph?site=3Dwww.freebsd.org
>=20
> Incidently, we should turn TCP_EXTENSIONS (rfc1323) back on by default.
> Linux has had it on for a while now and has "cleared the way" for us.

It may not be something some people care about, but there have been a
number of remote attacks which depend on knowing precisely how long
the target machine has been up for.

Kris

--wRRV7LY7NUeQGEoC
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7DbIcWry0BWjoQKURAo07AJ9civyaHQT4hwG7in8Z5+q57mtVPACfWXW4
HLVQ+PK4Odn9y6iXYqxglsg=
=4Jzn
-----END PGP SIGNATURE-----

--wRRV7LY7NUeQGEoC--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message