Date: Thu, 24 May 2001 18:15:09 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Peter Wemm <peter@wemm.org> Cc: Greg Lehey <grog@lemis.com>, arch@FreeBSD.ORG Subject: Re: http://uptime.netcraft.com/up/accuracy.html#cycle Message-ID: <20010524181509.A38098@xor.obsecurity.org> In-Reply-To: <20010524070153.6DECA3811@overcee.netplex.com.au>; from peter@wemm.org on Thu, May 24, 2001 at 12:01:53AM -0700 References: <20010524094750.A74859@wantadilla.lemis.com> <20010524070153.6DECA3811@overcee.netplex.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 24, 2001 at 12:01:53AM -0700, Peter Wemm wrote: > I think it means that we need to run a timer on it at a fixed 20hz so that > our uptime values double. ;-) Actually, I dont think that will help beca= use > they check over several days to determine the CC count rate. But we shou= ld > probably use a fixed rate since people do change their HZ values in certa= in > situations. >=20 > netcraft's uptime counter looks at the RFC1323 timestamp option (which we > have off by default now, so it is academic :-( ) and detects the 500ms > update rate or the 10ms update rate for FreeBSD systems. It can use this= to > determine the uptime 'remotely' by fingerprinting the system. >=20 > See: > http://uptime.netcraft.co.uk/up/graph?site=3Dwww.freebsd.org >=20 > Incidently, we should turn TCP_EXTENSIONS (rfc1323) back on by default. > Linux has had it on for a while now and has "cleared the way" for us. It may not be something some people care about, but there have been a number of remote attacks which depend on knowing precisely how long the target machine has been up for. Kris --wRRV7LY7NUeQGEoC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7DbIcWry0BWjoQKURAo07AJ9civyaHQT4hwG7in8Z5+q57mtVPACfWXW4 HLVQ+PK4Odn9y6iXYqxglsg= =4Jzn -----END PGP SIGNATURE----- --wRRV7LY7NUeQGEoC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010524181509.A38098>