On Thu, Mar 29, 2018 at 01:43:48PM -0400, Richard Sass wrote:
> "The remote host implements TCP timestamps, as defined by RFC1323. A
> side effect of this feature is that the uptime of the remote host can be
> sometimes be computed."
>
> Additional: http://www.securiteam.com/securitynews/5NP0C153PI.html
>
> I think the thought behind this is that if a person can determine the uptime
> of a system then this might be additional information that could be used to
> target an attack. For example: if a system has been up for a year then it
> probably hasn't been patched with recent security patches giving the
> attacker another piece of information on how to attack the system. I'm not
> sure if there may be more to it than that.
Probably no such big deal, but it could be easy to use a per-connection
relative timespamp ... just use (uptime - time_of_connection)
--
Manuel Bouyer <bou...@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
