[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Stopping people finding out uptime?

Hi,

as everyone else seems busy fighting over what should and not should be
protected in regards of information, I think we should try to answer the
initial question:

How does nmap know how long the machine is up? Is the
information sent out in every tcp packet?

	There is a option field in the tcp header. There are lots of
different options you can choose between, (these you can read about in for
example RFC 1323). One of these options are Timestamp. There is no what I
know of "must" how to implement the timestamp option, but to citate Richard
Stevens:

"4.4BSD increments the timestamp clock once every 500 ms and this timestamp
clock is reset to 0 on a reboot"

"The timestamp is a monotonically increasing value. Since the receiver
echoes what it receives, the receiver doesn't care what the timestamp units
are. This option does not require any form of clock synchronization between
the two hosts. RFC 1323 recommends that the timestamp value increment by one
between 1 ms and 1 second."

I suppose that this would explain the behaviour. And everything "echo 0 >>
/proc/sys/net/ipv4/tcp_timestamps" does is to turn that option off in the
kernel.

If this is wrong or not fullfilling as an answer I suppose that someone else
will be very fast in responding to it..:)

Kind regards

Robert Karlsson
UNIX Competence Center Europe
Robert_Karllson@non.agilent.com
-----Original Message-----
From: Charlie Grosvenor [mailto:charlie@cgrosvenor.co.uk]
Sent: Monday, April 15, 2002 12:05 AM
To: 'Andrew Pearce'
Cc: debian-firewall@lists.debian.org
Subject: RE: Stopping people finding out uptime?


That works. How does nmap know how long the machine is up? Is the
information sent out in every tcp packet?

Thankyou

Charlie

-----Original Message-----
From: Andrew Pearce [mailto:andrewpe@mwads.co.uk] 
Sent: 14 April 2002 21:11
To: debian-firewall@lists.debian.org
Subject: RE: Stopping people finding out uptime?

Charlie,

Try "echo 0 >> /proc/sys/net/ipv4/tcp_timestamps"


-----Original Message-----
From: Charlie Grosvenor [mailto:charlie@cgrosvenor.co.uk] 
Sent: 14 April 2002 18:48
To: debian-firewall@lists.debian.org
Subject: Stopping people finding out uptime?


Hi
            If I port scan my machine nmap finds out how long my machine
has been on for, How can I stop people outside my network from finding
this information out?

Thankyou

Charlie

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.346 / Virus Database: 194 - Release Date: 10/04/2002
 


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.323 / Virus Database: 180 - Release Date: 08/02/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.323 / Virus Database: 180 - Release Date: 08/02/2002
 


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: