lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 29 Mar 2005 10:47:10 +0200
From: Erwan Arzur <erwan@....epita.fr>
To: Bruce Klein <bruce.klein@...ation.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: TCP timestamp & advanced fingerprinting


Bruce Klein wrote:
> How does this compare with [Prs2002] Clock Deviation/Skew as a
> Forensics/Tracking Tool research done by Tadayoshi Kohno.
> 
> http://www.cse.ucsd.edu/users/tkohno/
> 
> 
> Bruce Klein
> iovation, Inc.
> 

Hello Bruce,

I think the way he took the problem is much simpler than in this paper 
(and it gathers less informations about the hosts, too). The technique 
is described in this paper from Bret Mc Danel : 
http://www.0xdecafbad.com/TCP-Timestamping-Obtaining-System-Uptime-Remotely.html, 
who was kind enough to point us to it (we need to update the paper to 
give him the credit he deserves), the paper & tool use the statistical 
differences between the timestamps to separate services behind a 
screening router doing NAT, allowing network mapping behind a firewall, 
not fingerprinting of a single computer.

Erwan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ