Re: non-random IP IDs
From: Kris Kennaway (kris@obsecurity.org)
Date: 04/17/01
- Next message: Kris Kennaway: "Re: URGENT: Serious bug in IPFilter (fwd)"
- Previous message: Mike Silbersack: "Re: non-random IP IDs"
- In reply to: Julian Elischer: "Re: non-random IP IDs"
- Next in thread: Darren Reed: "Re: non-random IP IDs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Apr 2001 20:45:42 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Julian Elischer <julian@elischer.org>
On Mon, Apr 16, 2001 at 08:32:11PM -0700, Julian Elischer wrote:
> there is a site that calculates server uptime from these numbers.
> All the leading machines are freeBSD. When you do this it will
> no-longer be able to track us :-(
As explained by Mike, the uptime fingerprinting doesn't involve IP
IDs, but regardless, information leaks of this kind make it easier to
exploit various network stack vulnerabilities.
Knowing things like whether a host is idle, being able to measure the
rate at which it is generating traffic (without observing the traffic
directly), knowing its precise uptime, etc may allow you to mount
various attacks (e.g. some of the IP stack vulnerabilties discovered
in the past rely on knowing or being able to accurately guess this
information). Not everyone may care to reduce this information
exposure (e.g. it can add processing overhead which you may not want
on a heavily-loaded server), but it should at least be made possible.
Kris
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: Kris Kennaway: "Re: URGENT: Serious bug in IPFilter (fwd)"
- Previous message: Mike Silbersack: "Re: non-random IP IDs"
- In reply to: Julian Elischer: "Re: non-random IP IDs"
- Next in thread: Darren Reed: "Re: non-random IP IDs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
