On Mon, Apr 16, 2001 at 08:32:11PM -0700, Julian Elischer wrote:
> there is a site that calculates server uptime from these numbers.
> All the leading machines are freeBSD. When you do this it will
> no-longer be able to track us :-(
As explained by Mike, the uptime fingerprinting doesn't involve IP
IDs, but regardless, information leaks of this kind make it easier to
exploit various network stack vulnerabilities.
Knowing things like whether a host is idle, being able to measure the
rate at which it is generating traffic (without observing the traffic
directly), knowing its precise uptime, etc may allow you to mount
various attacks (e.g. some of the IP stack vulnerabilties discovered
in the past rely on knowing or being able to accurately guess this
information). Not everyone may care to reduce this information
exposure (e.g. it can add processing overhead which you may not want
on a heavily-loaded server), but it should at least be made possible.
Kris
PGP signature
