NMAP correctly guesses uptime

Discuss and suggest new grsecurity features

NMAP correctly guesses uptime

Postby PhilSkuse » Wed Apr 09, 2003 10:07 am

I've just run NMAP(Win) against a server with grsec 1.9.9e and it manages to work out the uptime. Apparently it does this by looking at the TCP timestamp.

I don't really see how a remote attacker could exploit that information, but I was wondering if grsec could have some feature to prevent this.

Perhaps setting the timestamp to a random value at boot time?

It also correctly guessed the OS as "linux 2.4.0 - 2.5.20" - whereas it was unable to guess on a similar server with grsec 1.9.7d. Has something changed or have I misconfigured it?

Phil Skuse.
PhilSkuse
 
Posts: 9
Joined: Thu Nov 07, 2002 5:53 am

Postby PhilSkuse » Wed Apr 09, 2003 10:41 am

To answer my own question:

echo 0 > /proc/sys/net/ipv4/tcp_timestamps

I am surprised that this isn't the default.

Phil Skuse.
PhilSkuse
 
Posts: 9
Joined: Thu Nov 07, 2002 5:53 am


Return to grsecurity development