Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 May 2001 18:15:09 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Peter Wemm <peter@wemm.org>
Cc:        Greg Lehey <grog@lemis.com>, arch@FreeBSD.ORG
Subject:   Re: http://uptime.netcraft.com/up/accuracy.html#cycle
Message-ID:  <20010524181509.A38098@xor.obsecurity.org>
In-Reply-To: <20010524070153.6DECA3811@overcee.netplex.com.au>; from peter@wemm.org on Thu, May 24, 2001 at 12:01:53AM -0700
References:  <20010524094750.A74859@wantadilla.lemis.com> <20010524070153.6DECA3811@overcee.netplex.com.au>

next in thread | previous in thread | raw e-mail | index | archive | help

--wRRV7LY7NUeQGEoC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, May 24, 2001 at 12:01:53AM -0700, Peter Wemm wrote:

> I think it means that we need to run a timer on it at a fixed 20hz so that
> our uptime values double. ;-)  Actually, I dont think that will help beca=
use
> they check over several days to determine the CC count rate.  But we shou=
ld
> probably use a fixed rate since people do change their HZ values in certa=
in
> situations.
>=20
> netcraft's uptime counter looks at the RFC1323 timestamp option (which we
> have off by default now, so it is academic :-( ) and detects the 500ms
> update rate or the 10ms update rate for FreeBSD systems.  It can use this=
 to
> determine the uptime 'remotely' by fingerprinting the system.
>=20
> See:
>  http://uptime.netcraft.co.uk/up/graph?site=3Dwww.freebsd.org
>=20
> Incidently, we should turn TCP_EXTENSIONS (rfc1323) back on by default.
> Linux has had it on for a while now and has "cleared the way" for us.

It may not be something some people care about, but there have been a
number of remote attacks which depend on knowing precisely how long
the target machine has been up for.

Kris

--wRRV7LY7NUeQGEoC
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7DbIcWry0BWjoQKURAo07AJ9civyaHQT4hwG7in8Z5+q57mtVPACfWXW4
HLVQ+PK4Odn9y6iXYqxglsg=
=4Jzn
-----END PGP SIGNATURE-----

--wRRV7LY7NUeQGEoC--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010524181509.A38098>