>BSD-derived kernels start TCP sequence numbers at 1 (at boot
>time) and then increment this number by 64,000 ever half second.
>This number wraps every, umm... 9 hours or so.
>
>IIRC, Linux does something similar. Other monolithic kernels
>probably do similar things, but if you know what the scheme
>is, you can glean uptime information from this information.
>In the case of BSD-derived kernels, you'd obviously have to
>poll every N hours, where N<9.
I haven't given this much thought but, if that's really what
they're basing their guess upon, it sounds like it might be
possible for somebody to get their system (illegitimately)
close to the top of that uptime list by means of a relatively
straightforward kernel hack...
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
