Date: Mon, 16 Apr 2001 20:45:42 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Julian Elischer <julian@elischer.org> Cc: freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG Subject: Re: non-random IP IDs Message-ID: <20010416204542.A18881@xor.obsecurity.org> In-Reply-To: <3ADBB93B.3C9DC3DE@elischer.org>; from julian@elischer.org on Mon, Apr 16, 2001 at 08:32:11PM -0700 References: <200104161836.EAA03291@caligula.anu.edu.au> <3ADBB93B.3C9DC3DE@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 16, 2001 at 08:32:11PM -0700, Julian Elischer wrote: > there is a site that calculates server uptime from these numbers. > All the leading machines are freeBSD. When you do this it will=20 > no-longer be able to track us :-( As explained by Mike, the uptime fingerprinting doesn't involve IP IDs, but regardless, information leaks of this kind make it easier to exploit various network stack vulnerabilities. Knowing things like whether a host is idle, being able to measure the rate at which it is generating traffic (without observing the traffic directly), knowing its precise uptime, etc may allow you to mount various attacks (e.g. some of the IP stack vulnerabilties discovered in the past rely on knowing or being able to accurately guess this information). Not everyone may care to reduce this information exposure (e.g. it can add processing overhead which you may not want on a heavily-loaded server), but it should at least be made possible. Kris --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE627xmWry0BWjoQKURAjLXAJ9IwWqtk/3MGSwR8tIu1uQy1moJOgCdEinz o4lmxnIM7DyqMkiLWIzXmjM= =R5nQ -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010416204542.A18881>