On Fri, 16 Mar 2001 04:52:47 +1100, Darren Reed <[EMAIL PROTECTED]> said:
> One potential use of uptime information to an attackers advantage is in
> attacking things which use the current time (seconds, microseconds,
> whatever) as a seed for some sort of thing when the start up at boot
The first use *I* thought of was as follows:
If you know (via careful extended observation) that a given server reboots
every alternate Thursday at 4:30AM (or whenever their test time is), it
allows you to lay the groundwork for a spoofing attack or other mischief
while the spoofed machine is down for the reboot and unable to complain
about the impostor...
As a bonus - they probably will skip the reboot unless they had a config
change staged. As a result, you *know* what will get blamed for any and
all weirdness seen during the reboot - every sysadmin I know will look at
a weird message at 4:30AM and think "What did I just change, and how the
<bleep> did it cause THAT error?". ;)
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
