On Sat, 17 Mar 2001, Darren Reed wrote:
In some mail from [EMAIL PROTECTED], sie said:
Actually, the logic is "This has been up for 300 days. It probably is not
being maintained so it likely has that unpatched exploit avaialable".
I thought about this before I posted that email but
Darren Reed said:
Why do you think all timestamps should not reveal uptime information ?
Well, not to speak on Bret's behalf per se, but personally, I've seen
plenty of software (the quality of which may be in question) that uses
uptime (or clock-ticks-since-boot, whatever) for a variety
linux, with port 53 open, I'd suspect it's probably unpatched.
The trials and tribulations of "friendly" information...
// Chris
[EMAIL PROTECTED]
-Original Message-
From: Darren Reed [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 15, 2001 11:53 AM
To: [EMAIL PROTECTED]
Su
On Fri, 16 Mar 2001, Emre Yildirim wrote:
I might be completely wrong here but what about
sysctl -w net.inet.tcp.rfc1323=0
no, that disables timestamps. rfc1323 support is needed (or will be) for
high speed networks, where the sequence numbers can roll over. then
delayed packets might
Darren Reed said:
Why do you think all timestamps should not reveal uptime information ?
Well, not to speak on Bret's behalf per se, but personally, I've seen
plenty of software (the quality of which may be in question) that uses
uptime (or clock-ticks-since-boot, whatever) for a variety of
-BEGIN PGP SIGNED MESSAGE-
On 15-Mar-2001 Darren Reed wrote:
So when do we change things like "uname" such that they no longer
report
the system "identity" (OS, OS rev) to anyone but root ?
Why do you think all timestamps should not reveal uptime
information ?
What do you think
In some mail from [EMAIL PROTECTED], sie said:
Actually, the logic is "This has been up for 300 days. It probably is not
being maintained so it likely has that unpatched exploit avaialable".
I thought about this before I posted that email but decided against any
inclusion of it. Why ?
There
On Wed, Mar, 2001, Bret wrote:
either by creating a new 'timestamp clock' for
each TCP session (that uses timestamps)
You can't do this .. it breaks the use of such timestamps for things
like TCP Sequence number wrap-around protection on fast networks
(gigabit).
or by starting the timestamp
So when do we change things like "uname" such that they no longer report
the system "identity" (OS, OS rev) to anyone but root ?
Why do you think all timestamps should not reveal uptime information ?
What do you think is at risk here ?
Are script kiddies going to say "ooh, he's been up for 500
On Tue, 13 Mar 2001, Bret wrote:
TCP Timestamping - Obtaining System Uptime Remotely
By Bret McDanel [EMAIL PROTECTED]
March 11, 2001
[ CUT ]
I did my testing under linux, and in order to easily retrieve the remote
Timestamp I had to
10 matches
Mail list logo