On Sat, Aug 12, 2006 at 09:31:42AM -0400, John Richard Moser ([EMAIL
PROTECTED]) wrote:
> I'm told now that it uses Jiffies for TCP timestamps. I've had thoughts
> on this:
>
> - I figured a random timestamp with random microsecond skew would be
> nice but this might expose internals of the RNG; amusingly I'm trying
> not to expose internals of the RNG by exposing system time.
>
> - Someone recommended starting at zero. This would work, really,
> there's no attacks based on guessing the TCP timestamp value. This is
> nice since if I want to hax0rz then I might make a connection and see
> how many jiffies there are to get a feel for the system's uptime; this
> tells me how long since you upgraded your kernel, so I have an arsenal
> of vulns I KNOW you haven't fixed ready ;) Starting at 0 doesn't give
> that information.
>
> Comments?
Starting TCP timestamp from zero or any other arbitrary value for each
new connection will not give you any security benefits. There is no
simple way aleph1 or e-eye will get a remote shell or steal your credit
card number if there is a buffer overflow in kernel and they will know
it's release.
So your proposals just are not needed for majority of people, but if you
strongly feel it will help to find a cure for cancer, implement it and
prove it's usefullness to netdev community.
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
