Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 Mar 2005 22:12:02 -0800
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        <freebsd-questions@freebsd.org>
Subject:   RE: Clock slew vulnerability in FreeBSD?
Message-ID:  <LOBBIFDAGNMAMLGJJCKNIELEFAAA.tedm@toybox.placo.com>
In-Reply-To: <751280160.20050311034539@wanadoo.fr>
next in thread | previous in thread | raw e-mail | index | archive | help 

Your talking about this:

http://www.caida.org/outreach/papers/2005/fingerprinting/

>From educatedguesswork.org:

"The basic idea is that you use TCP timestamps to estimate how fast or
slow the remote clock is running. This doesn't give you enough
information to uniquely identify the remote machine, but it does give you
a way to assess whether two given machines are the same. Possible uses
include determining when two machines that have the same address are in
fact different machines (e.g., they're behind a NAT) or whether two
machines with different IP address are actually the same machine (e.g., a
honeypot)."

Anthony, I think your a bit mistaken in your description.  This does not
appear to be
much of a security hole.  NAT's are defacto these days on the Internet
and any cracker
is going to assume that there's a good chance he's attacking a NAT.

Ted

> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Anthony
> Atkielski
> Sent: Thursday, March 10, 2005 6:46 PM
> To: freebsd-questions@freebsd.org
> Subject: Clock slew vulnerability in FreeBSD?
>
>
> How vulnerable is FreeBSD to the recently announced technique for
> individually identifying computers by the clock slew apparent in TCP
> packets?  If it is vulnerable to this, will there be any plans to
> address the vulnerability?
>
> --
> Anthony
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNIELEFAAA.tedm>