* Илья Шипицин chipits...@gmail.com [2013-10-10 13:31]:
I am about to switch icmp timestamps off (security people are afraid
of that setting)
your security people have no clue regarding security.
they probably also block icmp, since it's so dangerous.
--
Henning Brauer, h...@bsws.de,
I am about to switch icmp timestamps off (security people are afraid
of that setting)
your security people have no clue regarding security.
they probably also block icmp, since it's so dangerous.
icmp is only dangerous if you have ip traffic. dangerous ip traffic.
indeed, maybe dig to
* Илья Шипицин chipits...@gmail.com [2013-10-11 04:52]:
I was just curious why that timestamping is enabled by default.
'cause there is no reason to disable it.
why is tcp enabled by default?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de,
On Mon, Oct 21, 2013 at 11:57:42AM +0200, Henning Brauer wrote:
* ?? chipits...@gmail.com [2013-10-11 04:52]:
I was just curious why that timestamping is enabled by default.
'cause there is no reason to disable it.
why is tcp enabled by default?
Because it is used
On Oct 21, 2013, at 2:57, Henning Brauer lists-open...@bsws.de wrote:
* Илья Шипицин chipits...@gmail.com [2013-10-11 04:52]:
I was just curious why that timestamping is enabled by default.
'cause there is no reason to disable it.
why is tcp enabled by default?
Everyone knows that
it is famous your mother if fat openbsd community style. I was not
asking whether it is secret or not. I was curious about common use
scenarios, where icmp timestamping is involved.
Hi,
1. Maybe I'm wrong but I think OpenBSD doesn't have a community like
other praised OSes, so there is no
I apologise that I didn't predict such responces.
I was looking for real life examples, i.e. we use icmp timestamps
widely, because we use timed or a lot of devices like D-Link-NNN use
icmp timestamps.
I was not looking for theoretical possibilities that icmp timestamping gives.
I should mention
2013/10/11 Christian Weisgerber na...@mips.inka.de:
chipits...@gmail.com wrote:
actually, I'm not going to block icmp at all, I was curious why
net.inet.icmp.tstamprepl=1 by default.
So you can run timed, of course.
timed was removed from OpenBSD recently
As others have said, the time is
actually, I'm not going to block icmp at all, I was curious why
net.inet.icmp.tstamprepl=1 by default.
So you can run timed, of course.
timed was removed from OpenBSD recently
As others have said, the time is not a secret.
it is famous your mother if fat openbsd community style.
On Fri, Oct 11, 2013 at 08:44:36AM +0600, ??? wrote:
2013/10/10 Philip Guenther guent...@gmail.com:
On Thu, Oct 10, 2013 at 4:30 AM, ??? chipits...@gmail.com wrote:
I use ntp already.
So everyone can predict what your machine would have sent in response
to an ICMP
2013/10/11 Claudio Jeker cje...@diehard.n-r-g.com:
On Fri, Oct 11, 2013 at 08:44:36AM +0600, ??? wrote:
2013/10/10 Philip Guenther guent...@gmail.com:
On Thu, Oct 10, 2013 at 4:30 AM, ??? chipits...@gmail.com wrote:
I use ntp already.
So everyone can predict what your
chipits...@gmail.com wrote:
actually, I'm not going to block icmp at all, I was curious why
net.inet.icmp.tstamprepl=1 by default.
So you can run timed, of course.
As others have said, the time is not a secret.
--
Christian naddy Weisgerber na...@mips.inka.de
I use ntp already.
I am about to switch icmp timestamps off (security people are afraid
of that setting), just curious what was the purpose of it.
2013/10/10 Theo de Raadt dera...@cvs.openbsd.org:
it turned out that OpenBSD allows icmp timestamping by default:
net.inet.icmp.tstamprepl=1
On Thu, Oct 10, 2013 at 4:30 AM, Илья Шипицин chipits...@gmail.com wrote:
I use ntp already.
So everyone can predict what your machine would have sent in response
to an ICMP timestamp query, meaning that turning it off doesn't hide
anything.
I am about to switch icmp timestamps off (security
I use ntp already.
So everyone can predict what your machine would have sent in response
to an ICMP timestamp query, meaning that turning it off doesn't hide
anything.
Oh my god! It's revealing a public secret!
On 2013-10-10, Philip Guenther guent...@gmail.com wrote:
On Thu, Oct 10, 2013 at 4:30 AM, Илья Шипицин chipits...@gmail.com wrote:
I use ntp already.
So everyone can predict what your machine would have sent in response
to an ICMP timestamp query, meaning that turning it off doesn't hide
On Thu, Oct 10, 2013 at 05:30:39PM +0600, ??? wrote:
| I use ntp already.
| I am about to switch icmp timestamps off (security people are afraid
| of that setting), just curious what was the purpose of it.
Uhm .. why? Is your pf broken somehow?
block in on $interface inet proto icmp
2013/10/10 Philip Guenther guent...@gmail.com:
On Thu, Oct 10, 2013 at 4:30 AM, Илья Шипицин chipits...@gmail.com wrote:
I use ntp already.
So everyone can predict what your machine would have sent in response
to an ICMP timestamp query, meaning that turning it off doesn't hide
anything.
2013/10/11 Paul de Weerd we...@weirdnet.nl:
On Thu, Oct 10, 2013 at 05:30:39PM +0600, ??? wrote:
| I use ntp already.
| I am about to switch icmp timestamps off (security people are afraid
| of that setting), just curious what was the purpose of it.
Uhm .. why? Is your pf broken
Hello!
it turned out that OpenBSD allows icmp timestamping by default:
net.inet.icmp.tstamprepl=1
what was that done for ?
Cheers,
Ilya Shipitsin
On Thu, Oct 10, 2013 at 09:21, Илья Шипицин wrote:
it turned out that OpenBSD allows icmp timestamping by default:
net.inet.icmp.tstamprepl=1
what was that done for ?
well, why not?
if you have some program vulnerable to a the attacker knows the time
attack, i don't think turning off
it turned out that OpenBSD allows icmp timestamping by default:
net.inet.icmp.tstamprepl=1
what was that done for ?
well, why not?
if you have some program vulnerable to a the attacker knows the time
attack, i don't think turning off icmp timestamps will save you. the
attacker
22 matches
Mail list logo