hi,
After looking at RFC1323 below
http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc1323.html#sec-4
the only reasonable option is to use the time old
pseudorandom numbers for TCP sequence numbers in the
TCP IP stack.
Another option would be to synchronize the client with
NTP but that wouldn't work either.Say that the client
clock can be updated ever one millisecond. However the
minimum network delay between the time server and the
client is usually 300ms to 800 ms.During this period a
large number of outboud packets are send from the
client depending on the speed at which the client is
blasting away. There are plenty of packets to analyze
for the attacker to determine the skew.
Sarad.
--- Eugen Leitl <[EMAIL PROTECTED]> wrote:
> - Forwarded message from Eugen Leitl
> <[EMAIL PROTECTED]> -
>
> From: Eugen Leitl <[EMAIL PROTECTED]>
> Date: Fri, 4 Mar 2005 18:28:27 +0100
> To: [EMAIL PROTECTED]
> Subject: [>Htech] Tracking a Specific Machine
> Anywhere On The Net
> User-Agent: Mutt/1.4i
> Reply-To: [EMAIL PROTECTED]
>
>
> Link:
> http://slashdot.org/article.pl?sid=05/03/04/1355253
> Posted by: Zonk, on 2005-03-04 16:45:00
>
>from the not-the-sandra-bullock-movie dept.
>An anonymous reader writes "An article on ZDNet
> Australia tells of a
>new technique developed at CAIDA that involves
> using the individual
>machine's clock skew to [1]fingerprint it
> anywhere on the net."
>Possible uses of the technique include "tracking,
> with some
>probability, a physical device as it connects to
> the Internet from
>different access points, counting the number of
> devices behind a NAT
>even when the devices use constant or random IP
> identifications,
>remotely probing a block of addresses to
> determine if the addresses
>correspond to virtual hosts (for example, as part
> of a virtual
>honeynet), and unanonymising anonymised network
> traces."
>
>
> References
>
>1.
>
http://www.zdnet.com.au/news/security/0,261744,39183346,00.htm
>
> - End forwarded message -
>
> How to track a PC anywhere it connects to the Net
>
> Renai LeMay, ZDNet Australia
> March 04, 2005
> URL:
>
http://www.zdnet.com.au/news/security/0,261744,39183346,00.htm
>
>
__
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
http://birthday.yahoo.com/netrospective/