From owner-freebsd-net@FreeBSD.ORG  Sat Mar 12 20:44:35 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8B97216A4CE
	for <freebsd-net@freebsd.org>; Sat, 12 Mar 2005 20:44:35 +0000 (GMT)
Received: from relay01.pair.com (relay01.pair.com [209.68.5.15])
	by mx1.FreeBSD.org (Postfix) with SMTP id BE39943D49
	for <freebsd-net@freebsd.org>; Sat, 12 Mar 2005 20:44:34 +0000 (GMT)
	(envelope-from silby@silby.com)
Received: (qmail 54475 invoked from network); 12 Mar 2005 20:44:33 -0000
Received: from unknown (HELO localhost) (unknown)
  by unknown with SMTP; 12 Mar 2005 20:44:33 -0000
X-pair-Authenticated: 209.68.2.70
Date: Sat, 12 Mar 2005 14:44:32 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: Anthony Atkielski <atkielski.anthony@wanadoo.fr>
In-Reply-To: <771770969.20050311034646@wanadoo.fr>
Message-ID: <20050312144141.P15599@odysseus.silby.com>
References: <771770969.20050311034646@wanadoo.fr>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
cc: freebsd-net@freebsd.org
Subject: Re: Clock slew vulnerability in FreeBSD?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Mar 2005 20:44:35 -0000


On Fri, 11 Mar 2005, Anthony Atkielski wrote:

>
> How vulnerable is FreeBSD to the recently announced technique for
> individually identifying computers by the clock slew apparent in TCP
> packets?  If it is vulnerable to this, will there be any plans to
> address the vulnerability?
>
> -- 
> Anthony

I finally read the paper (instead of just reading the abstract), and I 
must say that it's a lot more interesting than I would have expected it to 
be.

Defeating this technique would be relatively easy to do, but there are a 
lot of other much easier ways to identify FreeBSD machines right now. 
Once those are fixed, then this can be worried about.  (For example, we 
send the same TCP timestamps to all hosts right now; no need to measure 
clock skew!)

Mike "Silby" Silbersack