On 2019/5/13 19:49, Michal Kubecek wrote:
On Mon, May 13, 2019 at 07:38:37PM +0800, Weilong Chen wrote:
On 2019/5/13 15:49, Michal Kubecek wrote:
On Mon, May 13, 2019 at 09:33:13AM +0800, Weilong Chen wrote:
The remote host answers to an ICMP timestamp request.
This allows an attacker to know the time and date on your host.
Why is that a problem? If it is, does it also mean that it is a security
problem to have your time in sync (because then the attacker doesn't
even need ICMP timestamps to know the time and date on your host)?
It's a low risk vulnerability(CVE-1999-0524). TCP has
net.ipv4.tcp_timestamps = 0 to disable it.
That does not really answer my question. Even if "CVE" meant much more
back in 1999 than it does these days, none of the CVE-1999-0524
descriptions I found cares to explain why it's considered a problem that
an attacker knows time on your machine. They just claim it is. If we
assume it is a security problem, then we would have to consider having
correct time a security problem which is something I certainly don't
agree with.
One idea is that there may be applications using current time as a seed
for random number generator - but then such application is the real
problem, not having correct time.
Yes, the target computer responded to an ICMP timestamp request. By
accurately determining the target's clock state, an attacker can more
effectively attack certain time-based pseudorandom number generators
(PRNGs) and the authentication systems that rely on them.
So, the 'time' may become sensitive information. The OS should not leak
it out.
Michal Kubecek
.
