[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP timestamp & advanced fingerprinting

To: Bruce Klein <bruce.klein@xxxxxxxxxxxx>
Subject: Re: TCP timestamp & advanced fingerprinting
From: Erwan Arzur <erwan@xxxxxxxxxxxx>
Date: Tue, 29 Mar 2005 10:47:10 +0200

Bruce Klein wrote:

How does this compare with [Prs2002] Clock Deviation/Skew as a
Forensics/Tracking Tool research done by Tadayoshi Kohno.

http://www.cse.ucsd.edu/users/tkohno/


Bruce Klein
iovation, Inc.


Hello Bruce,

I think the way he took the problem is much simpler than in this paper (and it gathers less informations about the hosts, too). The technique is described in this paper from Bret Mc Danel : http://www.0xdecafbad.com/TCP-Timestamping-Obtaining-System-Uptime-Remotely.html, who was kind enough to point us to it (we need to update the paper to give him the credit he deserves), the paper & tool use the statistical differences between the timestamps to separate services behind a screening router doing NAT, allowing network mapping behind a firewall, not fingerprinting of a single computer.

Erwan

References:
- RE: TCP timestamp & advanced fingerprinting
  - From: Bruce Klein

Prev by Date: RE: DoS of LAN via D-Link switches
Next by Date: directory traversal in FastStone 4in1 Browser 1.2
Previous by thread: RE: TCP timestamp & advanced fingerprinting
Next by thread: ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6
Index(es):
- Date
- Thread